"Your System is Infected" Background Message

View previous topic View next topic Go down

"Your System is Infected" Background Message

Post by vgrimes84 on Sat Jan 09, 2010 9:01 am

Logged on to computer and background color was green with "Your ystem is Infected" background message indicating Spyware infection. I used "Personal Security" and "McAfee" a few times each to clean system. Personal Security and McAfee seems to have found and removed all threats but the Ground message still remains. Went to properties to reset the desktop but unable to select a new background. What else can I do to fix this problem?

vgrimes84
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-01-09
OS OS : Windows XP
Points Points : 25453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by Belahzur on Sat Jan 09, 2010 1:59 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245080
# Likes # Likes : 1

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by vgrimes84 on Tue Jan 12, 2010 9:52 pm

Hello

As directed, here is the log file after running "Hijackthis". Also, I scanned my system using Dr Web which seemed to have removed all threats and removed the "Your System is Infected" message. However, I still cannot change the background.

------ Begin Log File ----------------------------
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 9:32:48 PM, on 1/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\E_S00RP2.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\RCG\WebMouse\1.0\lgotoweb.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
c:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceHost.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\REBATE~1\REBATE~1.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\PersonalSec\psecurity.exe
C:\Program Files\11g USB adapter\Wifiusb.exe
C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - (no file)
O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~1\REBATE~1\RebateI.dll
O2 - BHO: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
O3 - Toolbar: optionsXpress Toolbar - {63CC63C6-1AE1-491C-B96A-812A7950A1EC} - C:\Program Files\optionsXpress\optionsXpress Toolbar\optionsXpressToolbar.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RunTasktray] "c:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" --regkeypath=Software\Hewlett-Packard\HP Easy Printer Care\HPPRun --valuename=InstallTTM
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [webmouse] C:\Program Files\RCG\WebMouse\1.0\lgotoweb.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [KnexStarter] c:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo 925] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 925" /O6 "USB001" /M "Stylus Photo 925"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CSmileys] "C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe"
O4 - HKLM\..\Run: [boyokebud] Rundll32.exe "c:\windows\system32\majumeja.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CSmileys] "C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe"
O4 - HKCU\..\Run: [RebateInformer] C:\PROGRA~1\REBATE~1\REBATE~1.EXE /STARTUP
O4 - HKCU\..\Run: [PersonalSec] C:\Program Files\PersonalSec\psecurity.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CSmileys] "C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Startup: POWERR~1.EXE
O4 - Global Startup: 802.11g USB adapter.lnk = C:\Program Files\11g USB adapter\Wifiusb.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} (ChartFX Internet Financial Client 4.0) - [You must be registered and logged in to see this link.]
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [You must be registered and logged in to see this link.]
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - [You must be registered and logged in to see this link.]
O16 - DPF: {AF9104F7-D6E9-46CC-8FBF-BBE2FB05E3CF} - [You must be registered and logged in to see this link.]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: HPDCS - {BA135F49-A12C-4E26-A2C4-6EA945999072} - c:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
O18 - Protocol: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O18 - Protocol: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~1\REBATE~1\RebateI.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: susujewe.dll c:\windows\system32\majumeja.dll
O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - (no file)
O21 - SSODL: SwUpdate - {009541A0-3B00-1F1C-00F3-040224001C01} - C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll
O21 - SSODL: hagijejaw - {e3e2338a-c5c2-4662-abe3-501de57b823b} - (no file)
O21 - SSODL: jihufifoh - {f563e0c2-349f-469c-a20a-0b47dac1d6d8} - c:\windows\system32\majumeja.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: gahurihor - {f563e0c2-349f-469c-a20a-0b47dac1d6d8} - c:\windows\system32\majumeja.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: EPSON V3 Service2(02) (EPSON_PM_RPCV2_02) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP2.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 18999 bytes

vgrimes84
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-01-09
OS OS : Windows XP
Points Points : 25453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by Belahzur on Wed Jan 13, 2010 11:25 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    F2 - REG:system.ini: Shell=Explorer.exe logon.exe
    O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - (no file)
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - (no file)
    O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~1\REBATE~1\RebateI.dll
    O3 - Toolbar: (no name) - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - (no file)
    O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
    O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O4 - HKLM\..\Run: [CSmileys] "C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe"
    O4 - HKLM\..\Run: [boyokebud] Rundll32.exe "c:\windows\system32\majumeja.dll",a
    O4 - HKCU\..\Run: [CSmileys] "C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe"
    O4 - HKCU\..\Run: [RebateInformer] C:\PROGRA~1\REBATE~1\REBATE~1.EXE /STARTUP
    O4 - HKCU\..\Run: [PersonalSec] C:\Program Files\PersonalSec\psecurity.exe
    O4 - HKUS\S-1-5-18\..\Run: [CSmileys] "C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe" (User 'SYSTEM')
    O4 - Startup: POWERR~1.EXE
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O20 - AppInit_DLLs: susujewe.dll c:\windows\system32\majumeja.dll
    O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - (no file)
    O21 - SSODL: hagijejaw - {e3e2338a-c5c2-4662-abe3-501de57b823b} - (no file)
    O21 - SSODL: jihufifoh - {f563e0c2-349f-469c-a20a-0b47dac1d6d8} - c:\windows\system32\majumeja.dll
    O22 - SharedTaskScheduler: gahurihor - {f563e0c2-349f-469c-a20a-0b47dac1d6d8} - c:\windows\system32\majumeja.dll



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245080
# Likes # Likes : 1

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by vgrimes84 on Wed Jan 13, 2010 9:00 pm

[You must be registered and logged in to see this link.] wrote:Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    F2 - REG:system.ini: Shell=Explorer.exe logon.exe
    O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - (no file)
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - (no file)
    O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~1\REBATE~1\RebateI.dll
    O3 - Toolbar: (no name) - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - (no file)
    O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
    O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O4 - HKLM\..\Run: [CSmileys] "C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe"
    O4 - HKLM\..\Run: [boyokebud] Rundll32.exe "c:\windows\system32\majumeja.dll",a
    O4 - HKCU\..\Run: [CSmileys] "C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe"
    O4 - HKCU\..\Run: [RebateInformer] C:\PROGRA~1\REBATE~1\REBATE~1.EXE /STARTUP
    O4 - HKCU\..\Run: [PersonalSec] C:\Program Files\PersonalSec\psecurity.exe
    O4 - HKUS\S-1-5-18\..\Run: [CSmileys] "C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe" (User 'SYSTEM')
    O4 - Startup: POWERR~1.EXE
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O20 - AppInit_DLLs: susujewe.dll c:\windows\system32\majumeja.dll
    O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - (no file)
    O21 - SSODL: hagijejaw - {e3e2338a-c5c2-4662-abe3-501de57b823b} - (no file)
    O21 - SSODL: jihufifoh - {f563e0c2-349f-469c-a20a-0b47dac1d6d8} - c:\windows\system32\majumeja.dll
    O22 - SharedTaskScheduler: gahurihor - {f563e0c2-349f-469c-a20a-0b47dac1d6d8} - c:\windows\system32\majumeja.dll



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

--------------- Start Reply ---------------------------------------------------------------
Hello,

I was able to complete part one of your instructions above as far as fixing the items found by Hijackthis, However, I've tried 6 times to install mbam with no success, Although, on one occasion, it appeared to have successfully complete the installation and actually ran the mbmb application but once I started the Quick Scan, the mbma program shutdown and when I tried to run it again, I got "Program not found". Also, on a number of the installation attempts, I continually received the following installation error message:

"Unable to execute file: c:\program files\\Malwarebytes' anti-Malware\mbam.exe
Create process failed: Code 2, The System cannot find the file specified"

SO, where do I stand now as far as having eliminated the Malware?

Thanks for your help and patience

vgrimes84
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-01-09
OS OS : Windows XP
Points Points : 25453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by Belahzur on Thu Jan 14, 2010 2:55 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245080
# Likes # Likes : 1

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by vgrimes84 on Tue Jan 19, 2010 3:49 pm

Hello,

Not sure what this thing is doing but it seems to be getting smarter. It seems as though this virus/Trojan knows about hijackthis, Malewarebytes, and combofix because as soon as these programs start executing, it shuts them down. Now, when I click on link1 or link2 above to download the combofix file, I get a "Webpage not found" or "file not found" error. Please advise.

Also, from an outside computer, I downloaded and renamed the combo-fix file onto a Flash drive intentions of executing the combo-fix application from the flash drive. Can Combo-fix be executed from the Flash drive?

vgrimes84
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-01-09
OS OS : Windows XP
Points Points : 25453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by Belahzur on Tue Jan 19, 2010 3:54 pm

We recommend it isn't run from flash drive, carry it over via USB and then transfer onto the Desktop of the infected machine.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245080
# Likes # Likes : 1

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by vgrimes84 on Tue Jan 19, 2010 11:58 pm

Hello,

Tried to move the combo-fix file from flash drive via USB to desktop of the infected computer, however, when I tried to move or copy the combo-fix file, something immediately erases the file from the flash drive. I turned off all virus software (Personal Security and Mcafee) but to no avail, so from what I can tell, this thing is detecting all attempts to eraticate the threat. Frustrated and begining to think this is unsolvable. Please advise.

vgrimes84
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-01-09
OS OS : Windows XP
Points Points : 25453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by Belahzur on Wed Jan 20, 2010 2:07 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245080
# Likes # Likes : 1

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by vgrimes84 on Wed Jan 20, 2010 8:33 pm

Hello,

I was able to execute the OTL.exe file and the contents of the OTL.txt file is below. I will send the content of the extras.txt file in a post following this post.


-----------------------------Begin OTL.txt file contents ---------------------------------------------------------
OTL logfile created on: 1/20/2010 8:20:20 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\victor Grimes\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 442.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 8.25 Gb Free Space | 22.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 145.44 Gb Total Space | 138.54 Gb Free Space | 95.25% Space Free | Partition Type: NTFS
Drive G: | 29.81 Gb Total Space | 29.59 Gb Free Space | 99.24% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-FD40E714EA
Current User Name: victor Grimes
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/20 20:51:44 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\victor Grimes\Desktop\OTL.exe
PRC - [2010/01/15 11:19:50 | 00,648,192 | ---- | M] (Inbox.com, Inc.) -- C:\Program Files\RebateInformer\RebateInf.exe
PRC - [2009/12/08 21:29:44 | 00,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/21 02:42:18 | 00,338,432 | ---- | M] (Crawler.com) -- C:\Program Files\Crawler\Smileys\CSmileysIM.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/18 11:29:22 | 01,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/06/19 17:08:44 | 01,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/04 17:41:28 | 00,177,672 | R--- | M] (Authentium, Inc.) -- C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
PRC - [2007/01/04 16:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/16 21:42:46 | 00,434,176 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006/10/30 17:05:54 | 04,662,776 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2006/10/03 13:04:38 | 00,054,776 | ---- | M] () -- C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
PRC - [2006/09/25 08:12:20 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004/10/04 04:47:04 | 00,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/09/06 21:11:36 | 00,487,424 | ---- | M] (TECOM) -- C:\Program Files\11g USB adapter\Wifiusb.exe
PRC - [2003/08/28 17:01:22 | 00,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
PRC - [2002/07/17 02:03:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2001/09/10 12:08:50 | 00,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE
PRC - [2000/05/16 02:00:00 | 00,060,416 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\E_S00RP2.EXE


========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\system32\poyeyeni.dll
MOD - [2010/01/20 20:51:44 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\victor Grimes\Desktop\OTL.exe
MOD - [2010/01/11 11:40:29 | 00,117,248 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll
MOD - [2006/10/26 21:21:44 | 00,006,144 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\idle.dll
MOD - [2006/10/26 20:00:08 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Yahoo!\Messenger\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/18 11:29:22 | 01,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/04/22 21:27:00 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/06/19 17:08:44 | 01,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/04/30 10:24:46 | 00,098,296 | ---- | M] (Radialpoint Inc.) [On_Demand | Stopped] -- C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe -- (RPSUpdaterR)
SRV - [2007/04/04 17:41:28 | 00,177,672 | R--- | M] (Authentium, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe -- (dvpapi)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/20 20:05:00 | 00,520,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2006/12/16 21:42:46 | 00,434,176 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/01/21 22:32:12 | 00,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/11/02 16:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/10/04 04:47:04 | 00,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2003/08/28 17:01:22 | 00,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/07/17 02:03:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
SRV - [2001/09/10 12:08:50 | 00,032,256 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv)
SRV - [2000/05/16 02:00:00 | 00,060,416 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\WINDOWS\system32\E_S00RP2.EXE -- (EPSON_PM_RPCV2_02) EPSON V3 Service2(02)


========== Driver Services (SafeList) ==========

DRV - [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 11:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/09 00:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/06/19 17:07:50 | 00,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/03/29 16:36:28 | 00,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/04/04 17:15:02 | 00,839,880 | ---- | M] (Authentium, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Css-Dvp.sys -- (CSS DVP)
DRV - [2007/01/18 16:28:02 | 00,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/12/16 21:50:28 | 01,918,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/10/18 02:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/10/18 02:00:00 | 00,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/18 02:00:00 | 00,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/10/16 22:15:20 | 00,137,344 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\litsgt.sys -- (litsgt)
DRV - [2006/10/16 22:15:20 | 00,012,032 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tansgt.sys -- (tansgt)
DRV - [2006/09/27 16:12:30 | 00,010,664 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gan_adapter.sys -- (hamachi_oem)
DRV - [2006/07/05 13:10:23 | 00,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2006/07/05 13:10:23 | 00,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2005/05/13 20:31:34 | 00,051,392 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ATNT40K.SYS -- (ATNT40K)
DRV - [2005/01/26 10:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2005/01/21 22:31:50 | 00,267,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/01/21 22:31:48 | 00,026,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/01/21 22:31:46 | 00,035,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2005/01/21 22:31:44 | 00,172,216 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2005/01/21 22:31:44 | 00,046,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2005/01/21 22:31:40 | 00,011,544 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2004/12/24 11:07:48 | 00,016,800 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hppaufd0.sys -- (dot4ufd)
DRV - [2004/12/20 18:58:18 | 00,110,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/08/12 08:26:42 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/06/03 03:50:07 | 00,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32)
DRV - [2004/05/20 13:58:54 | 00,379,456 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (PRISM_A02)
DRV - [2004/05/06 19:14:28 | 00,711,005 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2004/04/29 21:55:42 | 00,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/04/13 17:37:56 | 00,285,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/04/13 17:37:30 | 00,023,680 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2004/04/13 17:32:50 | 00,140,416 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/04/13 17:29:44 | 00,198,528 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2004/04/13 17:29:22 | 00,023,680 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2004/04/13 17:23:58 | 00,117,248 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2004/04/09 15:41:30 | 00,612,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2002/12/17 05:41:10 | 00,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2002/12/17 05:41:10 | 00,026,120 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2002/05/02 12:52:22 | 00,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2002/04/01 16:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2001/09/10 12:09:46 | 00,057,392 | ---- | M] (Macrovision) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CDANT.SYS -- (C-Dilla)
DRV - [2001/08/22 11:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2000/04/07 18:36:14 | 00,112,272 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dvc323.sys -- (DCamUSBKodak)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "Inbox Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://verizon.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.19
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.44
FF - prefs.js..extensions.enabledItems: {d650973c-0444-4ac7-9d00-19e3613c83b9}:3.4
FF - prefs.js..keyword.URL: "http://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80110&language=en&qkw="


FF - HKLM\software\mozilla\Firefox\extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2009/11/29 15:24:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/11 20:47:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/11 20:47:35 | 00,000,000 | ---D | M]

[2008/10/25 21:51:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\victor Grimes\Application Data\Mozilla\Extensions
[2010/01/12 20:22:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\victor Grimes\Application Data\Mozilla\Firefox\Profiles\7s9j5yyc.default\extensions
[2009/01/16 22:41:22 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\victor Grimes\Application Data\Mozilla\Firefox\Profiles\7s9j5yyc.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
[2009/01/15 21:13:38 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\victor Grimes\Application Data\Mozilla\Firefox\Profiles\7s9j5yyc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/10/25 21:52:28 | 00,000,000 | ---D | M] (Whitehart) -- C:\Documents and Settings\victor Grimes\Application Data\Mozilla\Firefox\Profiles\7s9j5yyc.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}
[2009/11/29 15:23:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\victor Grimes\Application Data\Mozilla\Firefox\Profiles\7s9j5yyc.default\extensions\inboxcomtoolbar@inbox.com
[2009/11/30 13:01:53 | 00,002,168 | ---- | M] () -- C:\Documents and Settings\victor Grimes\Application Data\Mozilla\Firefox\Profiles\7s9j5yyc.default\searchplugins\inbox-search.xml
[2010/01/15 22:43:56 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/21 12:24:16 | 00,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2006/04/26 22:51:32 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {63CC63C6-1AE1-491C-B96A-812A7950A1EC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll File not found
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3:HKU - HKCU\..\Toolbar\WebBrowser: (optionsXpress Toolbar) - {63CC63C6-1AE1-491C-B96A-812A7950A1EC} - C:\Program Files\optionsXpress\optionsXpress Toolbar\optionsXpressToolbar.dll (optionsXpress)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [boyokebud] C:\WINDOWS\System32\poyeyeni.DLL ()
O4 - HKLM..\Run: [CSmileys] C:\Program Files\Crawler\Smileys\CSmileysIM.exe (Crawler.com)
O4 - HKLM..\Run: [EPSON Stylus Photo 925] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe (BillP Studios)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KnexStarter] c:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceService.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\Verizon\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RunTasktray] File not found
O4 - HKLM..\Run: [SM1BG] C:\WINDOWS\SM1bg.exe (Cypress Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [type32] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [webmouse] C:\Program Files\RCG\WebMouse\1.0\lgotoweb.exe (DCOM)
O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [CSmileys] C:\Program Files\Crawler\Smileys\CSmileysIM.exe (Crawler.com)
O4 - HKCU..\Run: [RebateInformer] C:\Program Files\RebateInformer\RebateInf.exe (Inbox.com, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\802.11g USB adapter.lnk = C:\Program Files\11g USB adapter\Wifiusb.exe (TECOM)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} [You must be registered and logged in to see this link.] (ChartFX Internet Control)
O16 - DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} [You must be registered and logged in to see this link.] (ChartFX Internet Financial Client 4.0)
O16 - DPF: {4A01A151-E350-4839-A2B8-03DC39D6C8E5} [You must be registered and logged in to see this link.] (YPCXWizard Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} [You must be registered and logged in to see this link.] (Windows Live Safety Center Base Module)
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} [You must be registered and logged in to see this link.] (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {AF9104F7-D6E9-46CC-8FBF-BBE2FB05E3CF} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [You must be registered and logged in to see this link.] (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [You must be registered and logged in to see this link.] (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\HPDCS {ba135f49-a12c-4e26-a2c4-6ea945999072} - c:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppfile {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppsam {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppzip {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll File not found
O18 - Protocol\Handler\rebinfo {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - AppInit_DLLs: (safimusi.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\poyeyeni.dll) - C:\WINDOWS\system32\poyeyeni.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (logon.exe) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O21 - SSODL: bezuzujem - {a2fb426c-ffe3-42b1-885a-e9c20de9de0b} - C:\WINDOWS\system32\poyeyeni.dll ()
O21 - SSODL: SwUpdate - {009541A0-3B00-1F1C-00F3-040224001C01} - C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dllFiles\RebateInformer\RebateI.dll File not found
O22 - SharedTaskScheduler: {a2fb426c-ffe3-42b1-885a-e9c20de9de0b} - mujuzedij - C:\WINDOWS\system32\poyeyeni.dll ()
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\victor Grimes\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/12 15:12:16 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/20 20:20:09 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\victor Grimes\Desktop\OTL.exe
[2010/01/15 22:46:19 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/01/15 22:46:05 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/01/15 22:45:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/15 22:45:12 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/01/15 22:43:49 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/15 22:43:49 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/15 22:43:49 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/15 22:43:49 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/15 22:14:33 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/15 22:14:30 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/14 06:22:19 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/01/13 21:37:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/13 20:36:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\victor Grimes\Application Data\Malwarebytes
[2010/01/13 20:35:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/13 20:34:03 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\victor Grimes\Desktop\mbam-setup.exe
[2010/01/12 21:30:17 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/11 11:40:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2010/01/10 18:11:22 | 00,000,000 | ---D | C] -- C:\Anthony Morrison Audio
[2010/01/10 03:09:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\victor Grimes\Desktop\Unused Desktop Shortcuts
[2010/01/09 09:18:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\victor Grimes\DoctorWeb
[2010/01/08 20:49:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PersonalSecUninstall
[2010/01/08 20:48:36 | 00,000,000 | ---D | C] -- C:\Program Files\PersonalSec
[2010/01/08 20:39:58 | 00,000,000 | ---D | C] -- C:\Program Files\Angle Interactive
[2010/01/07 19:43:08 | 00,000,000 | ---D | C] -- C:\Boss Documents
[2010/01/07 19:39:29 | 00,000,000 | ---D | C] -- C:\2009 Taxes
[2008/06/17 21:30:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/09/20 17:45:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/07/05 18:21:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2007/07/05 18:21:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2007/03/19 14:54:10 | 03,198,976 | ---- | C] (Leader Technologies/ViewSonic) -- C:\Program Files\ViewSonicregistration.exe
[2005/11/04 21:21:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[2005/05/02 16:23:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2005/01/05 23:31:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2005/01/05 23:26:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/01/05 23:26:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/01/02 18:46:46 | 00,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[2005/01/02 03:13:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2004/12/12 15:12:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\victor Grimes\My Documents\*.tmp files -> C:\Documents and Settings\victor Grimes\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 00,092,672 | -HS- | M] () -- C:\WINDOWS\System32\jozuwitu.dll
[2099/01/01 12:00:00 | 00,092,160 | -HS- | M] () -- C:\WINDOWS\System32\falolofu.dll
[2099/01/01 12:00:00 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\poyeyeni.dll
[2099/01/01 12:00:00 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\dazuyelu.dll
[2099/01/01 12:00:00 | 00,061,440 | -HS- | M] () -- C:\WINDOWS\System32\vemogefi.dll
[2099/01/01 12:00:00 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\yedafesu.dll
[2099/01/01 12:00:00 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\kalepopo.dll
[2099/01/01 12:00:00 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\jivabefu.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\bebamaka.dll
[2099/01/01 12:00:00 | 00,038,912 | -HS- | M] () -- C:\WINDOWS\System32\togojaze.dll
[2099/01/01 12:00:00 | 00,038,912 | -HS- | M] () -- C:\WINDOWS\System32\gezotibu.dll
[2099/01/01 12:00:00 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\zamarare.dll
[2099/01/01 12:00:00 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\yugutoyi.dll
[2099/01/01 12:00:00 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\wegusisi.dll
[2099/01/01 12:00:00 | 00,037,888 | -HS- | M] () -- C:\WINDOWS\System32\nudegeno.dll
[2099/01/01 12:00:00 | 00,000,001 | -HS- | M] () -- C:\WINDOWS\System32\yorekosa.dll
[2010/01/20 20:51:44 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\victor Grimes\Desktop\OTL.exe
[2010/01/20 20:14:36 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\vetudidu
[2010/01/20 20:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\dnyxhirk.job
[2010/01/20 19:46:12 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/01/20 17:59:20 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{291FE2D0-A40B-4235-A059-7541C533BD40}.job
[2010/01/20 11:24:00 | 00,000,576 | ---- | M] () -- C:\WINDOWS\tasks\HP Proactive Support Diagnostic.job
[2010/01/20 10:54:00 | 00,000,568 | ---- | M] () -- C:\WINDOWS\tasks\HP Proactive Support Update.job
[2010/01/20 10:44:05 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\victor Grimes\My Documents\DOROMEDS.doc
[2010/01/20 10:34:11 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/01/20 10:33:18 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/20 00:28:47 | 06,553,600 | ---- | M] () -- C:\Documents and Settings\victor Grimes\ntuser.dat
[2010/01/20 00:28:47 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\victor Grimes\ntuser.ini
[2010/01/19 23:00:02 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\zytnnbqo.job
[2010/01/19 22:58:11 | 00,026,357 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/01/19 22:57:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/19 22:56:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/19 22:33:46 | 00,310,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/15 22:18:51 | 00,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/15 01:07:11 | 00,000,356 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/01/14 06:24:55 | 00,010,914 | ---- | M] () -- C:\Documents and Settings\victor Grimes\My Documents\Online Justification.docx
[2010/01/13 21:28:53 | 00,002,457 | ---- | M] () -- C:\Documents and Settings\victor Grimes\Desktop\HiJackThis.lnk
[2010/01/13 20:40:25 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\victor Grimes\Desktop\mbam-setup.exe
[2010/01/13 20:17:23 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\victor Grimes\My Documents\HijackThis 01-13-2010.doc
[2010/01/10 21:54:02 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\victor Grimes\My Documents\Personal.doc
[2010/01/10 21:46:00 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\victor Grimes\Desktop\Microsoft Office Word 2003.lnk
[2010/01/10 03:35:22 | 00,015,309 | ---- | M] () -- C:\Documents and Settings\victor Grimes\Desktop\logs.zip
[2010/01/10 01:43:23 | 00,002,931 | ---- | M] () -- C:\WINDOWS\System32\warning.html
[2010/01/09 14:11:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/09 09:47:02 | 00,002,940 | ---- | M] () -- C:\Documents and Settings\victor Grimes\My Documents\Antivirus removal process.rtf
[2010/01/08 20:49:10 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\victor Grimes\Desktop\Personal Security.lnk
[2010/01/08 06:02:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
[2010/01/08 05:42:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2010/01/08 05:22:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2010/01/08 05:02:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2010/01/08 04:42:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2010/01/08 04:22:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2010/01/08 04:02:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2010/01/08 03:42:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2010/01/08 03:22:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2010/01/08 03:02:23 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2010/01/08 02:42:23 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2010/01/08 02:22:23 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010/01/08 02:02:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/01/08 01:42:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2010/01/07 21:39:45 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\victor Grimes\My Documents\MickiMeds.doc
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/01 01:00:09 | 00,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\victor Grimes\My Documents\*.tmp files -> C:\Documents and Settings\victor Grimes\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\jozuwitu.dll
[2099/01/01 12:00:00 | 00,092,160 | -HS- | C] () -- C:\WINDOWS\System32\falolofu.dll
[2099/01/01 12:00:00 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\poyeyeni.dll
[2099/01/01 12:00:00 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\dazuyelu.dll
[2099/01/01 12:00:00 | 00,061,440 | -HS- | C] () -- C:\WINDOWS\System32\vemogefi.dll
[2099/01/01 12:00:00 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\yedafesu.dll
[2099/01/01 12:00:00 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\kalepopo.dll
[2099/01/01 12:00:00 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\jivabefu.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\bebamaka.dll
[2099/01/01 12:00:00 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\togojaze.dll
[2099/01/01 12:00:00 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\gezotibu.dll
[2099/01/01 12:00:00 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\zamarare.dll
[2099/01/01 12:00:00 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\yugutoyi.dll
[2099/01/01 12:00:00 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\wegusisi.dll
[2099/01/01 12:00:00 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\nudegeno.dll
[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\vetudidu
[2099/01/01 12:00:00 | 00,000,001 | -HS- | C] () -- C:\WINDOWS\System32\yorekosa.dll
[2010/01/20 10:44:05 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\victor Grimes\My Documents\DOROMEDS.doc
[2010/01/20 10:34:59 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\dnyxhirk.job
[2010/01/15 22:14:37 | 00,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/14 06:24:54 | 00,010,914 | ---- | C] () -- C:\Documents and Settings\victor Grimes\My Documents\Online Justification.docx
[2010/01/13 20:17:23 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\victor Grimes\My Documents\HijackThis 01-13-2010.doc
[2010/01/12 21:26:42 | 00,002,457 | ---- | C] () -- C:\Documents and Settings\victor Grimes\Desktop\HiJackThis.lnk
[2010/01/10 03:35:22 | 00,015,309 | ---- | C] () -- C:\Documents and Settings\victor Grimes\Desktop\logs.zip
[2010/01/09 20:22:28 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\zytnnbqo.job
[2010/01/09 09:47:01 | 00,002,940 | ---- | C] () -- C:\Documents and Settings\victor Grimes\My Documents\Antivirus removal process.rtf
[2010/01/08 20:49:10 | 00,000,795 | ---- | C] () -- C:\Documents and Settings\victor Grimes\Desktop\Personal Security.lnk
[2010/01/08 06:02:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
[2010/01/08 05:42:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2010/01/08 05:22:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2010/01/08 05:02:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2010/01/08 04:42:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2010/01/08 04:22:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2010/01/08 04:02:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2010/01/08 03:42:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2010/01/08 03:22:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2010/01/08 03:02:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2010/01/08 02:42:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2010/01/08 02:22:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2010/01/08 02:02:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/01/08 01:42:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2010/01/08 01:41:54 | 00,002,931 | ---- | C] () -- C:\WINDOWS\System32\warning.html
[2008/06/19 17:08:52 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/06/19 17:08:44 | 00,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/02/20 21:57:06 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\winshi32.dll
[2008/02/15 23:24:33 | 00,000,027 | ---- | C] () -- C:\WINDOWS\System32\winsvg32.dll
[2007/12/07 10:31:02 | 00,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/06/10 20:06:50 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\windar32.dll
[2007/05/13 18:21:20 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/03/19 14:35:28 | 00,000,086 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2006/12/07 23:43:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\WCp64log.dll
[2006/12/06 01:21:56 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/12/05 23:15:54 | 00,000,011 | ---- | C] () -- C:\WINDOWS\hpclj3600g.ini
[2006/12/05 23:12:50 | 00,000,011 | ---- | C] () -- C:\WINDOWS\hpclj3600m.ini
[2006/11/28 22:39:43 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/11/27 23:31:43 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/11/09 18:35:50 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\HPDevEnm.dll
[2006/10/16 22:15:20 | 00,137,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\litsgt.sys
[2006/10/16 22:15:20 | 00,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\tansgt.sys
[2006/10/16 22:11:50 | 00,000,068 | ---- | C] () -- C:\WINDOWS\eyeQ Screen Saver.ini
[2006/10/06 14:35:26 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\nicmgr.dll
[2006/05/04 19:02:18 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\G32_RKEY.DLL
[2006/02/12 22:38:01 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/30 02:27:07 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2005/12/30 02:21:42 | 00,000,045 | ---- | C] () -- C:\WINDOWS\EPSP925.ini
[2005/11/04 21:20:57 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/04 21:20:57 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/10/21 21:42:12 | 00,000,028 | ---- | C] () -- C:\WINDOWS\System32\winssq32.dll
[2005/09/15 18:50:34 | 00,339,388 | ---- | C] () -- C:\Documents and Settings\victor Grimes\Local Settings\Application Data\imageCache7.db
[2005/09/03 23:21:19 | 00,000,073 | ---- | C] () -- C:\WINDOWS\MINDMA~1.INI
[2005/07/05 20:08:55 | 00,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2005/07/05 18:58:35 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\victor Grimes\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/05/24 21:28:48 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\Hlinkprx.dll
[2005/05/13 20:31:34 | 00,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2005/05/02 17:21:53 | 00,000,176 | ---- | C] () -- C:\WINDOWS\DataWizard.INI
[2005/03/21 16:03:47 | 00,323,652 | ---- | C] () -- C:\WINDOWS\System32\dbcapi.dll
[2005/03/21 16:03:47 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\proxydll.dll
[2005/03/21 16:03:47 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2005/03/21 16:03:47 | 00,003,008 | ---- | C] () -- C:\WINDOWS\winros.ini
[2005/03/21 16:03:47 | 00,000,144 | ---- | C] () -- C:\WINDOWS\reader.Ini
[2005/03/21 16:03:47 | 00,000,071 | ---- | C] () -- C:\WINDOWS\WinSig.Ini
[2005/03/12 23:29:50 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2005/01/08 22:32:05 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2004/12/12 16:08:35 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/06/12 11:00:56 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2003/06/04 15:10:48 | 00,000,332 | ---- | C] () -- C:\WINDOWS\ActiveSkin.ini
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 21:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F436B22D
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:061FEEDF
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E2DA064
< End of report >

------------------- End of OTL.txt file contents -----------------------------------------------------------------

vgrimes84
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-01-09
OS OS : Windows XP
Points Points : 25453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by vgrimes84 on Wed Jan 20, 2010 8:37 pm

Hello,

Below is the contents of the extras.txt.file contents.


----------------------- Begin extras.txt file contents ---------------------------------------------------------

OTL Extras logfile created on: 1/20/2010 8:20:20 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\victor Grimes\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 442.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 8.25 Gb Free Space | 22.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 145.44 Gb Total Space | 138.54 Gb Free Space | 95.25% Space Free | Partition Type: NTFS
Drive G: | 29.81 Gb Total Space | 29.59 Gb Free Space | 99.24% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-FD40E714EA
Current User Name: victor Grimes
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [+ Add to separate archive(s)] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-add2archive" "%1" (Giorgio Tani)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"c:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" = c:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun -- (Hewlett-Packard Company)
"C:\WINDOWS\Temp\alg.exe" = C:\WINDOWS\Temp\alg.exe:*:Enabled:Application Layer Gateway Service -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\eSignal\winros.exe" = C:\Program Files\eSignal\winros.exe:*:Enabled:eSignal Data Manager -- (eSignal)
"C:\Program Files\SmartFTP\SmartFTP.exe" = C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP Client -- (SmartFTP GmbH)
"C:\Program Files\ProfitSource\ProfitSource.exe" = C:\Program Files\ProfitSource\ProfitSource.exe:*:Enabled:ProfitSource -- (The HUBB Organisation Ltd)
"D:\Drivers\E_reg\EPSONREG.exe" = D:\Drivers\E_reg\EPSONREG.exe:*:Enabled:Epson Registration -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"c:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" = c:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun -- (Hewlett-Packard Company)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire -- (FrostWire Group)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\McAfee\VirusScan\mcsysmon.exe" = C:\Program Files\McAfee\VirusScan\mcsysmon.exe:*:Enabled:mcsysmon -- (McAfee, Inc.)
"C:\Program Files\iPod\bin\iPodService.exe" = C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService -- (Apple Inc.)
"C:\WINDOWS\Temp\alg.exe" = C:\WINDOWS\Temp\alg.exe:*:Enabled:Application Layer Gateway Service -- File not found
"C:\WINDOWS\system32\logon.scr" = C:\WINDOWS\system32\logon.scr:*:Enabled:logon -- (Microsoft Corporation)
"C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe" = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe:*:Enabled:ARLaunch -- ()
"C:\Program Files\11g USB adapter\Wifiusb.exe" = C:\Program Files\11g USB adapter\Wifiusb.exe:*:Enabled:Wifiusb -- (TECOM)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{020CF65F-700F-4E55-AFB7-97024584A2B3}" = Events Communication Components
"{024D7254-4262-4498-AC70-C5C413564D2B}" = Database Design Samples
"{0298C720-87DF-11D3-8831-00500457F9ED}" = Software Design Samples
"{03E27B31-28C0-11D3-8F72-00C04F8DD7E3}" = Clip Art and Symbols
"{03E27B32-28C0-11D3-8F72-00C04F8DD7E3}" = Callouts and Connectors
"{03E27B33-28C0-11D3-8F72-00C04F8DD7E3}" = Borders and Backgrounds
"{03E79E22-1DF6-11D3-A2FC-006008A88CA8}" = Sample Drawings
"{03EA3D6E-D92B-11D0-892B-00A0C91827B3}" = DM Client
"{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{11C762F9-95EA-486A-A8E7-683A50C231C1}" = SmartFTP Client
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{15D5B241-07BC-45D2-9D85-4CF906079E16}" = Program Files Professional
"{16FD907B-FA72-4F3C-B959-E076C8238F80}" = Napster Label Creator
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}" = Authentium AntiVirus SDK - 2
"{1AEB7BA0-53C8-4F0A-0000-00D0B7CE9FA8}" = Software Design
"{1B1997F3-46CA-11D3-8660-00C04F8DBAD9}" = Microsoft Office Integration
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{26DC3A40-3ECC-11D3-A300-006008A88CA8}" = CAD Drawing Display
"{273E1BA0-0415-11D3-A2E3-006008A88CA8}" = Block Diagrams
"{2B8697EA-453E-11D3-8CE1-00C04F72C04D}" = Help for Visio 2000 (HTML Help)
"{2DBB37E1-3B9A-11D3-A318-006008A88CA8}" = Project Schedules
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{2F7FE893-8E57-46F2-9556-C1E3F0FA1EC7}" = Formulator 4.1
"{309FB294-387C-4DB4-B1DA-60E7432ECF94}" = Database Design Help
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{325C4969-4808-4A87-9547-F58620C444CA}" = Advanced Network Diagramming
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE3E9E9-F889-48D8-A1EC-F8D6282BE7F4}" = Verizon PC Security Checkup
"{41915A51-6F92-4F0E-87C4-8178785B96CC}" = HP Printer Settings Tools
"{41FB67AA-7DE5-4608-84DE-EBFFF4931B70}" = ATI Catalyst Control Center
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1" = RebateInformer
"{5062141B-52D6-4DF2-A6A6-2200202B495C}" = Internet Diagrams
"{5081528F-5DD5-49BA-8213-9A6A13502497}" = Sentinel System Driver 5.41.1 (32-bit)
"{5430FF10-2B31-11D3-8F75-00C04F8DD7E3}" = Block Diagrams Help
"{5430FF11-2B31-11D3-8F75-00C04F8DD7E3}" = Flowcharts Help
"{5430FF12-2B31-11D3-8F75-00C04F8DD7E3}" = Forms and Charts Help
"{5430FF13-2B31-11D3-8F75-00C04F8DD7E3}" = Maps Help
"{5430FF14-2B31-11D3-8F75-00C04F8DD7E3}" = Network Diagrams Help
"{5430FF15-2B31-11D3-8F75-00C04F8DD7E3}" = Office Layout Help
"{5430FF16-2B31-11D3-8F75-00C04F8DD7E3}" = Organization Charts Help
"{5430FF17-2B31-11D3-8F75-00C04F8DD7E3}" = Project Schedules Help
"{5430FF19-2B31-11D3-8F75-00C04F8DD7E3}" = Block Diagrams Samples
"{5430FF1A-2B31-11D3-8F75-00C04F8DD7E3}" = Flowcharts Samples
"{5430FF1B-2B31-11D3-8F75-00C04F8DD7E3}" = Forms and Charts Samples
"{5430FF1C-2B31-11D3-8F75-00C04F8DD7E3}" = Maps Samples
"{5430FF1D-2B31-11D3-8F75-00C04F8DD7E3}" = Network Diagrams Samples
"{5430FF20-2B31-11D3-8F75-00C04F8DD7E3}" = Project Schedules Samples
"{5430FF21-2B31-11D3-8F75-00C04F8DD7E3}" = Program Files Help
"{5430FF22-2B31-11D3-8F75-00C04F8DD7E3}" = Shape Explorer Help
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 2.7
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{5DA0672F-B0E6-4014-B044-BBAD2906BDC2}" = Release Notes Professional
"{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}" = Radialpoint Security Services
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63EF6DD2-F1F1-11D2-9F29-006008A88EC8}" = Program Files
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ED512A3-0F95-499E-AC8E-6354DBB33BB9}" = Financial Freedom Planner
"{6FFDFDB6-A660-41A3-997A-EB061C5F6C60}" = HP Marketing Assistant
"{702BB930-8BED-11D3-8831-00500457F9ED}" = Directory Services Samples
"{7169B8E4-2632-46B1-AA5F-167CB5FE5029}" = Symantec Network Drivers Update
"{735D7AC9-BC7B-4491-9D06-7F4642849E7C}" = P.I.M. II Plug-In
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779A19AC-A302-425D-B295-F12116C2D731}" = DGOControls
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DFA170-1854-11D3-8F5D-00C04F8DD7E3}" = Custom Properties Editor
"{79DFA172-1854-11D3-8F5D-00C04F8DD7E3}" = Shape Explorer
"{79DFA173-1854-11D3-8F5D-00C04F8DD7E3}" = Stencil Report Wizard
"{79DFA174-1854-11D3-8F5D-00C04F8DD7E3}" = Page Layout Wizard
"{79DFA175-1854-11D3-8F5D-00C04F8DD7E3}" = Print ShapeSheet
"{79DFA176-1854-11D3-8F5D-00C04F8DD7E3}" = Property Reporting Wizard
"{79DFA177-1854-11D3-8F5D-00C04F8DD7E3}" = Save as HTML
"{79DFA178-1854-11D3-8F5D-00C04F8DD7E3}" = SmartShape Wizard
"{79DFA179-1854-11D3-8F5D-00C04F8DD7E3}" = Database Wizard
"{79DFA17B-1854-11D3-8F5D-00C04F8DD7E3}" = Graphics Filters
"{7D3DB7D6-494B-11D3-9F62-006008A88EC8}" = Visio Core Files
"{7DD40F12-25DC-11D3-9F43-006008A88EC8}" = Visio
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7FFF37C7-94A1-4CC0-B9FE-907F7542999D}" = Power E*TRADE Pro
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110500840}" = Mahjong Towers Eternity
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113666647}" = Luxor 3
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{922859B1-4A9C-11D3-8662-00C04F8DBAD9}" = Release Notes
"{933DA141-0EEB-11D3-A2EC-006008A88CA8}" = Organization Charts
"{933DA142-0EEB-11D3-A2EC-006008A88CA8}" = Forms and Charts
"{933DA144-0EEB-11D3-A2EC-006008A88CA8}" = Flowcharts
"{933DA145-0EEB-11D3-A2EC-006008A88CA8}" = Network Diagrams
"{933DA146-0EEB-11D3-A2EC-006008A88CA8}" = Maps
"{933DA147-0EEB-11D3-A2EC-006008A88CA8}" = Office Layout
"{9912782E-F9E7-4D82-B009-8DA1BD918A31}" = optionsXpress Toolbar
"{9B4FBF34-96D5-4AFB-9DF4-704E02BA4500}" = Database Design
"{9CCE527D-356F-41A8-9718-77A68AC065FB}" = PlayLinc
"{A1E98303-102A-46FB-A2D0-3838C3F64DF2}" = Core Communication Components
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A531814A-27A5-4048-9BD6-7EE924E261CC}" = 802.11g USB adapter
"{A64D224E-E06A-43D2-A919-8BE108F47305}_is1" = Crawler Smileys
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A7091E1D-36A4-47F1-A739-173CC341414F}" = Cisco Systems VPN Client 5.0.03.0560
"{A71DF0B6-54A0-4562-96AE-85684A79D3E2}" = Training Manager for Internet Explorer
"{A8F6A187-4DD5-4798-8490-D4F770DDFCDF}" = DVC323 Windows 2000 Drivers
"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 6
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.8
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2006
"{B06EC9B5-4736-4993-B513-E060A8B1F6F9}" = Software Design Help
"{B33CD700-6738-11D4-87FE-0080C6F974A2}" = eyeQ
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{BAC869E2-3A0C-11D3-A315-006008A88CA8}" = Callouts and Connectors Help
"{BAC869E6-3A0C-11D3-A315-006008A88CA8}" = Clip Art and Symbols Help
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BCF67D2B-02E3-4376-8D03-2980EE522083}" = Internet Diagrams Help
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0A8F64F-36C8-489F-B813-90D60B541D1E}" = Device Data Communication Components
"{C0BADF00-90BC-11D3-8831-00500457F9ED}" = UML Specification
"{C1CE2ED0-238B-11D3-8F70-00C04F8DD7E3}" = Developing Visio Solutions
"{C2A5CE58-3A13-11D3-A315-006008A88CA8}" = Borders and Backgrounds Help
"{C5205EE1-2B3E-11D3-8F75-00C04F8DD7E3}" = Developing Visio Solutions Help
"{C5205EE2-2B3E-11D3-8F75-00C04F8DD7E3}" = Database Wizard Samples
"{C5205EE3-2B3E-11D3-8F75-00C04F8DD7E3}" = CAD Drawing Display Samples
"{C6A75800-03D3-4AC7-9563-A17B654F83B9}" = Carleton H. Sheets Real Estate ToolKit version 7.1.4
"{C869F4FF-E5FF-4FBB-9A31-33C23605E170}" = PPSDKRedistributables
"{CA29A4A2-E3D7-41B7-B0F6-95C5413BDEEC}" = MindManager X5 Viewer
"{CB4544EA-C189-41FE-9E3A-76591DDB852B}" = Roxio Easy Media Creator 7
"{CCAE3CA0-9231-11D3-8831-00500457F9ED}" = Internet Diagrams Samples
"{CD648428-0166-462B-9470-E45BEF174FD0}" = Directory Services Help
"{CDC43360-8331-11D3-8831-00500457F9ED}" = Program Files Professional Help
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0832BB9-947C-424E-8B35-8F70B1BEC0C0}" = Advanced Network Diagramming Help
"{D3AA6C82-2A7E-11D3-8F74-00C04F8DD7E3}" = Add-ons
"{D5842AC3-59C7-4DDD-BB33-54FE544DB3DA}" = Operating System Communication Components
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DBFA7530-0CBF-11D3-8CC0-00C04F72C04D}" = Microsoft Visio 2000
"{DC6CCDF0-E68C-4BB5-9D61-EC2ECD3EFEC0}" = HP Easy Printer Care
"{E142615E-5ED8-4511-9BF0-0284BFA25766}" = ArcSoft PhotoImpression
"{E44BD710-B71A-11d3-9F79-006008A88EC8}" = VBA
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E816359F-8760-4E50-9F3A-F40272600906}" = McCormick Paints ColorVisualizer - Virtual Painting Software
"{E8814A8F-3B06-11D3-8CD7-00C04F72C04D}" = Microsoft Visual Studio Service Pack 3
"{ECB904FE-CB4D-40A4-A884-E278410F0CE1}" = HP Printer Usage Report
"{EED52BB5-3A22-42F2-9B76-BB743F6739B7}" = HP Color LaserJet 3600
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4455371-251E-11D3-8F71-00C04F8DD7E3}" = Online Documentation
"{F4455372-251E-11D3-8F71-00C04F8DD7E3}" = Solutions
"{F541CA9B-727A-462E-B066-CDF49B5D2C10}" = Directory Services
"{FA200718-07C0-4362-A5F3-CCB453FCADE0}" = Napster MP3 Encoder
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB6AC9FD-B3E0-4F6A-AB46-10CCE2E49AC0}" = HP Proactive Services
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger" = AOL Instant Messenger
"ArcSoft Software Suite" = ArcSoft Software Suite
"ATI Display Driver" = ATI Display Driver
"ccwin4.0" = Calendar Creator for Windows V4.00
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CToolbar_UNINSTALL" = Crawler Toolbar
"Draw 4 App" = Draw 4 App
"EPSON Printer and Utilities" = EPSON Printer Software
"eSignal Wizard" = eSignal Wizard
"FrostWire" = FrostWire 4.13.1.2 BETA
"HP Color LaserJet 3600" = HP Color LaserJet 3600
"HP Easy Printer Care" = HP Easy Printer Care
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Ink Monitor" = Ink Monitor
"InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{A531814A-27A5-4048-9BD6-7EE924E261CC}" = 802.11g USB adapter
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"InstallShield_{C6A75800-03D3-4AC7-9563-A17B654F83B9}" = Carleton H. Sheets Real Estate ToolKit version 7.1.4
"Java Web Start" = Java Web Start
"JRE 1.3.0_02" = Java 2 Runtime Environment Standard Edition v1.3.0_02
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"LMS" = C-Dilla Licence Management System
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"MSC" = McAfee SecurityCenter
"MSN Music Assistant" = MSN Music Assistant
"MyWebSearch bar Uninstall" = My Web Search (My Fun Cards)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OptionGear" = OptionGear
"PartyPoker" = PartyPoker
"ProfitSource" = ProfitSource
"Punch! Home Design - AS4000" = Punch! Home Design - AS4000
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.3.21
"RCG WebMouse" = RCG WebMouse 1.0
"RP Scan and Clean {3EE3E9E9-F889-48D8-A1EC-F8D6282BE7F4}" = Verizon PC Security Checkup
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"Starware337" = Starware 4.4.2.0
"ValueGain 1.0" = ValueGain 1.0
"Verizon FiOS Activation_is1" = Verizon FiOS Activation
"Verizon Online Help and Support" = Verizon Online Help and Support
"Verizon Yahoo! Applications" = Verizon Yahoo! Applications
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"InstallShield_{6FFDFDB6-A660-41A3-997A-EB061C5F6C60}" = HP Marketing Assistant
"PersonalSec" = Personal Security
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/20/2010 12:47:51 AM | Computer Name = USER-FD40E714EA | Source = Application Error | ID = 1000
Description = Faulting application motivesb.exe, version 5.8.22.6405, faulting module
unknown, version 0.0.0.0, fault address 0x20018b40.

Error - 1/20/2010 12:47:54 AM | Computer Name = USER-FD40E714EA | Source = Application Error | ID = 1001
Description = Fault bucket 1668128617.

Error - 1/20/2010 9:07:10 PM | Computer Name = USER-FD40E714EA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2010 9:07:13 PM | Computer Name = USER-FD40E714EA | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 1/20/2010 9:08:40 PM | Computer Name = USER-FD40E714EA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2010 9:08:42 PM | Computer Name = USER-FD40E714EA | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 1/20/2010 9:12:03 PM | Computer Name = USER-FD40E714EA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2010 9:12:08 PM | Computer Name = USER-FD40E714EA | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 1/20/2010 9:19:06 PM | Computer Name = USER-FD40E714EA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2010 9:19:09 PM | Computer Name = USER-FD40E714EA | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

[ System Events ]
Error - 1/20/2010 6:52:41 PM | Computer Name = USER-FD40E714EA | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.

Error - 1/20/2010 6:53:12 PM | Computer Name = USER-FD40E714EA | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.

Error - 1/20/2010 6:53:44 PM | Computer Name = USER-FD40E714EA | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.

Error - 1/20/2010 6:54:15 PM | Computer Name = USER-FD40E714EA | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.

Error - 1/20/2010 6:54:46 PM | Computer Name = USER-FD40E714EA | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.

Error - 1/20/2010 6:55:17 PM | Computer Name = USER-FD40E714EA | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.

Error - 1/20/2010 6:55:48 PM | Computer Name = USER-FD40E714EA | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.

Error - 1/20/2010 6:56:19 PM | Computer Name = USER-FD40E714EA | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.

Error - 1/20/2010 6:56:50 PM | Computer Name = USER-FD40E714EA | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.

Error - 1/20/2010 6:57:21 PM | Computer Name = USER-FD40E714EA | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.


< End of report >


--------------------------- End extras.txt file contents -------------------------------------------------------

vgrimes84
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-01-09
OS OS : Windows XP
Points Points : 25453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by vgrimes84 on Wed Jan 20, 2010 8:38 pm

Hello,

Below is the contents of the extras.txt.file contents.


----------------------- Begin extras.txt file contents ---------------------------------------------------------

OTL Extras logfile created on: 1/20/2010 8:20:20 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\victor Grimes\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 442.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 8.25 Gb Free Space | 22.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 145.44 Gb Total Space | 138.54 Gb Free Space | 95.25% Space Free | Partition Type: NTFS
Drive G: | 29.81 Gb Total Space | 29.59 Gb Free Space | 99.24% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-FD40E714EA
Current User Name: victor Grimes
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [+ Add to separate archive(s)] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-add2archive" "%1" (Giorgio Tani)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"c:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" = c:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun -- (Hewlett-Packard Company)
"C:\WINDOWS\Temp\alg.exe" = C:\WINDOWS\Temp\alg.exe:*:Enabled:Application Layer Gateway Service -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\eSignal\winros.exe" = C:\Program Files\eSignal\winros.exe:*:Enabled:eSignal Data Manager -- (eSignal)
"C:\Program Files\SmartFTP\SmartFTP.exe" = C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP Client -- (SmartFTP GmbH)
"C:\Program Files\ProfitSource\ProfitSource.exe" = C:\Program Files\ProfitSource\ProfitSource.exe:*:Enabled:ProfitSource -- (The HUBB Organisation Ltd)
"D:\Drivers\E_reg\EPSONREG.exe" = D:\Drivers\E_reg\EPSONREG.exe:*:Enabled:Epson Registration -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"c:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" = c:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun -- (Hewlett-Packard Company)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire -- (FrostWire Group)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\McAfee\VirusScan\mcsysmon.exe" = C:\Program Files\McAfee\VirusScan\mcsysmon.exe:*:Enabled:mcsysmon -- (McAfee, Inc.)
"C:\Program Files\iPod\bin\iPodService.exe" = C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService -- (Apple Inc.)
"C:\WINDOWS\Temp\alg.exe" = C:\WINDOWS\Temp\alg.exe:*:Enabled:Application Layer Gateway Service -- File not found
"C:\WINDOWS\system32\logon.scr" = C:\WINDOWS\system32\logon.scr:*:Enabled:logon -- (Microsoft Corporation)
"C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe" = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe:*:Enabled:ARLaunch -- ()
"C:\Program Files\11g USB adapter\Wifiusb.exe" = C:\Program Files\11g USB adapter\Wifiusb.exe:*:Enabled:Wifiusb -- (TECOM)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{020CF65F-700F-4E55-AFB7-97024584A2B3}" = Events Communication Components
"{024D7254-4262-4498-AC70-C5C413564D2B}" = Database Design Samples
"{0298C720-87DF-11D3-8831-00500457F9ED}" = Software Design Samples
"{03E27B31-28C0-11D3-8F72-00C04F8DD7E3}" = Clip Art and Symbols
"{03E27B32-28C0-11D3-8F72-00C04F8DD7E3}" = Callouts and Connectors
"{03E27B33-28C0-11D3-8F72-00C04F8DD7E3}" = Borders and Backgrounds
"{03E79E22-1DF6-11D3-A2FC-006008A88CA8}" = Sample Drawings
"{03EA3D6E-D92B-11D0-892B-00A0C91827B3}" = DM Client
"{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{11C762F9-95EA-486A-A8E7-683A50C231C1}" = SmartFTP Client
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{15D5B241-07BC-45D2-9D85-4CF906079E16}" = Program Files Professional
"{16FD907B-FA72-4F3C-B959-E076C8238F80}" = Napster Label Creator
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}" = Authentium AntiVirus SDK - 2
"{1AEB7BA0-53C8-4F0A-0000-00D0B7CE9FA8}" = Software Design
"{1B1997F3-46CA-11D3-8660-00C04F8DBAD9}" = Microsoft Office Integration
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{26DC3A40-3ECC-11D3-A300-006008A88CA8}" = CAD Drawing Display
"{273E1BA0-0415-11D3-A2E3-006008A88CA8}" = Block Diagrams
"{2B8697EA-453E-11D3-8CE1-00C04F72C04D}" = Help for Visio 2000 (HTML Help)
"{2DBB37E1-3B9A-11D3-A318-006008A88CA8}" = Project Schedules
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{2F7FE893-8E57-46F2-9556-C1E3F0FA1EC7}" = Formulator 4.1
"{309FB294-387C-4DB4-B1DA-60E7432ECF94}" = Database Design Help
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{325C4969-4808-4A87-9547-F58620C444CA}" = Advanced Network Diagramming
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE3E9E9-F889-48D8-A1EC-F8D6282BE7F4}" = Verizon PC Security Checkup
"{41915A51-6F92-4F0E-87C4-8178785B96CC}" = HP Printer Settings Tools
"{41FB67AA-7DE5-4608-84DE-EBFFF4931B70}" = ATI Catalyst Control Center
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1" = RebateInformer
"{5062141B-52D6-4DF2-A6A6-2200202B495C}" = Internet Diagrams
"{5081528F-5DD5-49BA-8213-9A6A13502497}" = Sentinel System Driver 5.41.1 (32-bit)
"{5430FF10-2B31-11D3-8F75-00C04F8DD7E3}" = Block Diagrams Help
"{5430FF11-2B31-11D3-8F75-00C04F8DD7E3}" = Flowcharts Help
"{5430FF12-2B31-11D3-8F75-00C04F8DD7E3}" = Forms and Charts Help
"{5430FF13-2B31-11D3-8F75-00C04F8DD7E3}" = Maps Help
"{5430FF14-2B31-11D3-8F75-00C04F8DD7E3}" = Network Diagrams Help
"{5430FF15-2B31-11D3-8F75-00C04F8DD7E3}" = Office Layout Help
"{5430FF16-2B31-11D3-8F75-00C04F8DD7E3}" = Organization Charts Help
"{5430FF17-2B31-11D3-8F75-00C04F8DD7E3}" = Project Schedules Help
"{5430FF19-2B31-11D3-8F75-00C04F8DD7E3}" = Block Diagrams Samples
"{5430FF1A-2B31-11D3-8F75-00C04F8DD7E3}" = Flowcharts Samples
"{5430FF1B-2B31-11D3-8F75-00C04F8DD7E3}" = Forms and Charts Samples
"{5430FF1C-2B31-11D3-8F75-00C04F8DD7E3}" = Maps Samples
"{5430FF1D-2B31-11D3-8F75-00C04F8DD7E3}" = Network Diagrams Samples
"{5430FF20-2B31-11D3-8F75-00C04F8DD7E3}" = Project Schedules Samples
"{5430FF21-2B31-11D3-8F75-00C04F8DD7E3}" = Program Files Help
"{5430FF22-2B31-11D3-8F75-00C04F8DD7E3}" = Shape Explorer Help
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 2.7
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{5DA0672F-B0E6-4014-B044-BBAD2906BDC2}" = Release Notes Professional
"{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}" = Radialpoint Security Services
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63EF6DD2-F1F1-11D2-9F29-006008A88EC8}" = Program Files
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ED512A3-0F95-499E-AC8E-6354DBB33BB9}" = Financial Freedom Planner
"{6FFDFDB6-A660-41A3-997A-EB061C5F6C60}" = HP Marketing Assistant
"{702BB930-8BED-11D3-8831-00500457F9ED}" = Directory Services Samples
"{7169B8E4-2632-46B1-AA5F-167CB5FE5029}" = Symantec Network Drivers Update
"{735D7AC9-BC7B-4491-9D06-7F4642849E7C}" = P.I.M. II Plug-In
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779A19AC-A302-425D-B295-F12116C2D731}" = DGOControls
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DFA170-1854-11D3-8F5D-00C04F8DD7E3}" = Custom Properties Editor
"{79DFA172-1854-11D3-8F5D-00C04F8DD7E3}" = Shape Explorer
"{79DFA173-1854-11D3-8F5D-00C04F8DD7E3}" = Stencil Report Wizard
"{79DFA174-1854-11D3-8F5D-00C04F8DD7E3}" = Page Layout Wizard
"{79DFA175-1854-11D3-8F5D-00C04F8DD7E3}" = Print ShapeSheet
"{79DFA176-1854-11D3-8F5D-00C04F8DD7E3}" = Property Reporting Wizard
"{79DFA177-1854-11D3-8F5D-00C04F8DD7E3}" = Save as HTML
"{79DFA178-1854-11D3-8F5D-00C04F8DD7E3}" = SmartShape Wizard
"{79DFA179-1854-11D3-8F5D-00C04F8DD7E3}" = Database Wizard
"{79DFA17B-1854-11D3-8F5D-00C04F8DD7E3}" = Graphics Filters
"{7D3DB7D6-494B-11D3-9F62-006008A88EC8}" = Visio Core Files
"{7DD40F12-25DC-11D3-9F43-006008A88EC8}" = Visio
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7FFF37C7-94A1-4CC0-B9FE-907F7542999D}" = Power E*TRADE Pro
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110500840}" = Mahjong Towers Eternity
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113666647}" = Luxor 3
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{922859B1-4A9C-11D3-8662-00C04F8DBAD9}" = Release Notes
"{933DA141-0EEB-11D3-A2EC-006008A88CA8}" = Organization Charts
"{933DA142-0EEB-11D3-A2EC-006008A88CA8}" = Forms and Charts
"{933DA144-0EEB-11D3-A2EC-006008A88CA8}" = Flowcharts
"{933DA145-0EEB-11D3-A2EC-006008A88CA8}" = Network Diagrams
"{933DA146-0EEB-11D3-A2EC-006008A88CA8}" = Maps
"{933DA147-0EEB-11D3-A2EC-006008A88CA8}" = Office Layout
"{9912782E-F9E7-4D82-B009-8DA1BD918A31}" = optionsXpress Toolbar
"{9B4FBF34-96D5-4AFB-9DF4-704E02BA4500}" = Database Design
"{9CCE527D-356F-41A8-9718-77A68AC065FB}" = PlayLinc
"{A1E98303-102A-46FB-A2D0-3838C3F64DF2}" = Core Communication Components
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A531814A-27A5-4048-9BD6-7EE924E261CC}" = 802.11g USB adapter
"{A64D224E-E06A-43D2-A919-8BE108F47305}_is1" = Crawler Smileys
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A7091E1D-36A4-47F1-A739-173CC341414F}" = Cisco Systems VPN Client 5.0.03.0560
"{A71DF0B6-54A0-4562-96AE-85684A79D3E2}" = Training Manager for Internet Explorer
"{A8F6A187-4DD5-4798-8490-D4F770DDFCDF}" = DVC323 Windows 2000 Drivers
"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 6
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.8
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2006
"{B06EC9B5-4736-4993-B513-E060A8B1F6F9}" = Software Design Help
"{B33CD700-6738-11D4-87FE-0080C6F974A2}" = eyeQ
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{BAC869E2-3A0C-11D3-A315-006008A88CA8}" = Callouts and Connectors Help
"{BAC869E6-3A0C-11D3-A315-006008A88CA8}" = Clip Art and Symbols Help
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BCF67D2B-02E3-4376-8D03-2980EE522083}" = Internet Diagrams Help
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0A8F64F-36C8-489F-B813-90D60B541D1E}" = Device Data Communication Components
"{C0BADF00-90BC-11D3-8831-00500457F9ED}" = UML Specification
"{C1CE2ED0-238B-11D3-8F70-00C04F8DD7E3}" = Developing Visio Solutions
"{C2A5CE58-3A13-11D3-A315-006008A88CA8}" = Borders and Backgrounds Help
"{C5205EE1-2B3E-11D3-8F75-00C04F8DD7E3}" = Developing Visio Solutions Help
"{C5205EE2-2B3E-11D3-8F75-00C04F8DD7E3}" = Database Wizard Samples
"{C5205EE3-2B3E-11D3-8F75-00C04F8DD7E3}" = CAD Drawing Display Samples
"{C6A75800-03D3-4AC7-9563-A17B654F83B9}" = Carleton H. Sheets Real Estate ToolKit version 7.1.4
"{C869F4FF-E5FF-4FBB-9A31-33C23605E170}" = PPSDKRedistributables
"{CA29A4A2-E3D7-41B7-B0F6-95C5413BDEEC}" = MindManager X5 Viewer
"{CB4544EA-C189-41FE-9E3A-76591DDB852B}" = Roxio Easy Media Creator 7
"{CCAE3CA0-9231-11D3-8831-00500457F9ED}" = Internet Diagrams Samples
"{CD648428-0166-462B-9470-E45BEF174FD0}" = Directory Services Help
"{CDC43360-8331-11D3-8831-00500457F9ED}" = Program Files Professional Help
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0832BB9-947C-424E-8B35-8F70B1BEC0C0}" = Advanced Network Diagramming Help
"{D3AA6C82-2A7E-11D3-8F74-00C04F8DD7E3}" = Add-ons
"{D5842AC3-59C7-4DDD-BB33-54FE544DB3DA}" = Operating System Communication Components
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DBFA7530-0CBF-11D3-8CC0-00C04F72C04D}" = Microsoft Visio 2000
"{DC6CCDF0-E68C-4BB5-9D61-EC2ECD3EFEC0}" = HP Easy Printer Care
"{E142615E-5ED8-4511-9BF0-0284BFA25766}" = ArcSoft PhotoImpression
"{E44BD710-B71A-11d3-9F79-006008A88EC8}" = VBA
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E816359F-8760-4E50-9F3A-F40272600906}" = McCormick Paints ColorVisualizer - Virtual Painting Software
"{E8814A8F-3B06-11D3-8CD7-00C04F72C04D}" = Microsoft Visual Studio Service Pack 3
"{ECB904FE-CB4D-40A4-A884-E278410F0CE1}" = HP Printer Usage Report
"{EED52BB5-3A22-42F2-9B76-BB743F6739B7}" = HP Color LaserJet 3600
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4455371-251E-11D3-8F71-00C04F8DD7E3}" = Online Documentation
"{F4455372-251E-11D3-8F71-00C04F8DD7E3}" = Solutions
"{F541CA9B-727A-462E-B066-CDF49B5D2C10}" = Directory Services
"{FA200718-07C0-4362-A5F3-CCB453FCADE0}" = Napster MP3 Encoder
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB6AC9FD-B3E0-4F6A-AB46-10CCE2E49AC0}" = HP Proactive Services
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger" = AOL Instant Messenger
"ArcSoft Software Suite" = ArcSoft Software Suite
"ATI Display Driver" = ATI Display Driver
"ccwin4.0" = Calendar Creator for Windows V4.00
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CToolbar_UNINSTALL" = Crawler Toolbar
"Draw 4 App" = Draw 4 App
"EPSON Printer and Utilities" = EPSON Printer Software
"eSignal Wizard" = eSignal Wizard
"FrostWire" = FrostWire 4.13.1.2 BETA
"HP Color LaserJet 3600" = HP Color LaserJet 3600
"HP Easy Printer Care" = HP Easy Printer Care
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Ink Monitor" = Ink Monitor
"InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{A531814A-27A5-4048-9BD6-7EE924E261CC}" = 802.11g USB adapter
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"InstallShield_{C6A75800-03D3-4AC7-9563-A17B654F83B9}" = Carleton H. Sheets Real Estate ToolKit version 7.1.4
"Java Web Start" = Java Web Start
"JRE 1.3.0_02" = Java 2 Runtime Environment Standard Edition v1.3.0_02
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"LMS" = C-Dilla Licence Management System
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"MSC" = McAfee SecurityCenter
"MSN Music Assistant" = MSN Music Assistant
"MyWebSearch bar Uninstall" = My Web Search (My Fun Cards)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OptionGear" = OptionGear
"PartyPoker" = PartyPoker
"ProfitSource" = ProfitSource
"Punch! Home Design - AS4000" = Punch! Home Design - AS4000
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.3.21
"RCG WebMouse" = RCG WebMouse 1.0
"RP Scan and Clean {3EE3E9E9-F889-48D8-A1EC-F8D6282BE7F4}" = Verizon PC Security Checkup
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"Starware337" = Starware 4.4.2.0
"ValueGain 1.0" = ValueGain 1.0
"Verizon FiOS Activation_is1" = Verizon FiOS Activation
"Verizon Online Help and Support" = Verizon Online Help and Support
"Verizon Yahoo! Applications" = Verizon Yahoo! Applications
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"InstallShield_{6FFDFDB6-A660-41A3-997A-EB061C5F6C60}" = HP Marketing Assistant
"PersonalSec" = Personal Security
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/20/2010 12:47:51 AM | Computer Name = USER-FD40E714EA | Source = Application Error | ID = 1000
Description = Faulting application motivesb.exe, version 5.8.22.6405, faulting module
unknown, version 0.0.0.0, fault address 0x20018b40.

Error - 1/20/2010 12:47:54 AM | Computer Name = USER-FD40E714EA | Source = Application Error | ID = 1001
Description = Fault bucket 1668128617.

Error - 1/20/2010 9:07:10 PM | Computer Name = USER-FD40E714EA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2010 9:07:13 PM | Computer Name = USER-FD40E714EA | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 1/20/2010 9:08:40 PM | Computer Name = USER-FD40E714EA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2010 9:08:42 PM | Computer Name = USER-FD40E714EA | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 1/20/2010 9:12:03 PM | Computer Name = USER-FD40E714EA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2010 9:12:08 PM | Computer Name = USER-FD40E714EA | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 1/20/2010 9:19:06 PM | Computer Name = USER-FD40E714EA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2010 9:19:09 PM | Computer Name = USER-FD40E714EA | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

[ System Events ]
Error - 1/20/2010 6:52:41 PM | Computer Name = USER-FD40E714EA | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.

Error - 1/20/2010 6:53:12 PM | Computer Name = USER-FD40E714EA | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.

Error - 1/20/2010 6:53:44 PM | Computer Name = USER-FD40E714EA | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.

Error - 1/20/2010 6:54:15 PM | Computer Name = USER-FD40E714EA | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.

Error - 1/20/2010 6:54:46 PM | Computer Name = USER-FD40E714EA | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.

Error - 1/20/2010 6:55:17 PM | Computer Name = USER-FD40E714EA | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.

Error - 1/20/2010 6:55:48 PM | Computer Name = USER-FD40E714EA | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.

Error - 1/20/2010 6:56:19 PM | Computer Name = USER-FD40E714EA | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.

Error - 1/20/2010 6:56:50 PM | Computer Name = USER-FD40E714EA | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.

Error - 1/20/2010 6:57:21 PM | Computer Name = USER-FD40E714EA | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.


< End of report >


--------------------------- End extras.txt file contents -------------------------------------------------------

vgrimes84
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-01-09
OS OS : Windows XP
Points Points : 25453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by Belahzur on Thu Jan 21, 2010 6:44 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245080
# Likes # Likes : 1

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by vgrimes84 on Thu Jan 21, 2010 10:32 pm

Hello,

I'm still unable to access the site or copy the combofix file onto the infected computer. Again, this particular virus/trojan seems to recognize the various malware applications. I was able to download and run OTL and posted the logs in my last post.

Thanks

vgrimes84
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-01-09
OS OS : Windows XP
Points Points : 25453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by Belahzur on Fri Jan 22, 2010 5:22 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    PRC - [2010/01/15 11:19:50 | 00,648,192 | ---- | M] (Inbox.com, Inc.) -- C:\Program Files\RebateInformer\RebateInf.exe
    O3 - HKLM\..\Toolbar: (no name) - {63CC63C6-1AE1-491C-B96A-812A7950A1EC} - No CLSID value found.
    O4 - HKLM..\Run: [boyokebud] C:\WINDOWS\System32\poyeyeni.DLL ()
    O4 - HKLM..\Run: [CSmileys] C:\Program Files\Crawler\Smileys\CSmileysIM.exe (Crawler.com)
    O4 - HKCU..\Run: [CSmileys] C:\Program Files\Crawler\Smileys\CSmileysIM.exe (Crawler.com)
    O4 - HKCU..\Run: [RebateInformer] C:\Program Files\RebateInformer\RebateInf.exe (Inbox.com, Inc.)
    O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O20 - AppInit_DLLs: (safimusi.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\poyeyeni.dll) - C:\WINDOWS\system32\poyeyeni.dll ()
    O20 - HKLM Winlogon: Shell - (logon.exe) - File not found
    O21 - SSODL: bezuzujem - {a2fb426c-ffe3-42b1-885a-e9c20de9de0b} - C:\WINDOWS\system32\poyeyeni.dll ()
    O22 - SharedTaskScheduler: {a2fb426c-ffe3-42b1-885a-e9c20de9de0b} - mujuzedij - C:\WINDOWS\system32\poyeyeni.dll ()
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
    [2099/01/01 12:00:00 | 00,092,672 | -HS- | M] () -- C:\WINDOWS\System32\jozuwitu.dll
    [2099/01/01 12:00:00 | 00,092,160 | -HS- | M] () -- C:\WINDOWS\System32\falolofu.dll
    [2099/01/01 12:00:00 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\poyeyeni.dll
    [2099/01/01 12:00:00 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\dazuyelu.dll
    [2099/01/01 12:00:00 | 00,061,440 | -HS- | M] () -- C:\WINDOWS\System32\vemogefi.dll
    [2099/01/01 12:00:00 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\yedafesu.dll
    [2099/01/01 12:00:00 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\kalepopo.dll
    [2099/01/01 12:00:00 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\jivabefu.dll
    [2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\bebamaka.dll
    [2099/01/01 12:00:00 | 00,038,912 | -HS- | M] () -- C:\WINDOWS\System32\togojaze.dll
    [2099/01/01 12:00:00 | 00,038,912 | -HS- | M] () -- C:\WINDOWS\System32\gezotibu.dll
    [2099/01/01 12:00:00 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\zamarare.dll
    [2099/01/01 12:00:00 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\yugutoyi.dll
    [2099/01/01 12:00:00 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\wegusisi.dll
    [2099/01/01 12:00:00 | 00,037,888 | -HS- | M] () -- C:\WINDOWS\System32\nudegeno.dll
    [2099/01/01 12:00:00 | 00,000,001 | -HS- | M] () -- C:\WINDOWS\System32\yorekosa.dll
    [2010/01/20 20:14:36 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\vetudidu
    [2010/01/20 20:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\dnyxhirk.job
    [2010/01/19 23:00:02 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\zytnnbqo.job
    [2010/01/08 06:02:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
    [2010/01/08 05:42:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
    [2010/01/08 05:22:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
    [2010/01/08 05:02:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
    [2010/01/08 04:42:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
    [2010/01/08 04:22:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
    [2010/01/08 04:02:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
    [2010/01/08 03:42:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
    [2010/01/08 03:22:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
    [2010/01/08 03:02:23 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
    [2010/01/08 02:42:23 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
    [2010/01/08 02:22:23 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
    [2010/01/08 02:02:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
    [2010/01/08 01:42:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245080
# Likes # Likes : 1

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by vgrimes84 on Fri Jan 22, 2010 8:21 pm

Hello,

Below is the result of the OLT run Fix log.


-------------------------- Begin Log File Contents --------------------------------------------------------------

========== OTL ==========
No active process named RebateInf.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{63CC63C6-1AE1-491C-B96A-812A7950A1EC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63CC63C6-1AE1-491C-B96A-812A7950A1EC}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{63CC63C6-1AE1-491C-B96A-812A7950A1EC}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\boyokebud not found.
File C:\WINDOWS\System32\poyeyeni.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CSmileys deleted successfully.
C:\Program Files\Crawler\Smileys\CSmileysIM.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\CSmileys deleted successfully.
File C:\Program Files\Crawler\Smileys\CSmileysIM.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RebateInformer deleted successfully.
C:\Program Files\RebateInformer\RebateInf.exe moved successfully.
C:\Program Files\Crawler\Toolbar\ctbr.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tbr\ deleted successfully.
Invalid CLSID key: C:\Program Files\Crawler\Toolbar\ctbr.dll
File C:\Program Files\Crawler\Toolbar\ctbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:safimusi.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\poyeyeni.dll deleted successfully.
File C:\WINDOWS\system32\poyeyeni.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:logon.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\bezuzujem not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2fb426c-ffe3-42b1-885a-e9c20de9de0b}\ not found.
File C:\WINDOWS\system32\poyeyeni.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{a2fb426c-ffe3-42b1-885a-e9c20de9de0b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2fb426c-ffe3-42b1-885a-e9c20de9de0b}\ not found.
File C:\WINDOWS\system32\poyeyeni.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
C:\WINDOWS\system32\jozuwitu.dll moved successfully.
File C:\WINDOWS\System32\falolofu.dll not found.
File C:\WINDOWS\System32\poyeyeni.dll not found.
File C:\WINDOWS\System32\dazuyelu.dll not found.
File C:\WINDOWS\System32\vemogefi.dll not found.
File C:\WINDOWS\System32\yedafesu.dll not found.
File C:\WINDOWS\System32\kalepopo.dll not found.
File C:\WINDOWS\System32\jivabefu.dll not found.
C:\WINDOWS\system32\bebamaka.dll moved successfully.
C:\WINDOWS\system32\togojaze.dll moved successfully.
C:\WINDOWS\system32\gezotibu.dll moved successfully.
File C:\WINDOWS\System32\zamarare.dll not found.
File C:\WINDOWS\System32\yugutoyi.dll not found.
File C:\WINDOWS\System32\wegusisi.dll not found.
File C:\WINDOWS\System32\nudegeno.dll not found.
C:\WINDOWS\system32\yorekosa.dll moved successfully.
C:\WINDOWS\system32\vetudidu moved successfully.
File C:\WINDOWS\tasks\dnyxhirk.job not found.
C:\WINDOWS\tasks\zytnnbqo.job moved successfully.
C:\WINDOWS\system32\16827.exe moved successfully.
C:\WINDOWS\system32\23281.exe moved successfully.
C:\WINDOWS\system32\28145.exe moved successfully.
C:\WINDOWS\system32\5705.exe moved successfully.
C:\WINDOWS\system32\24464.exe moved successfully.
C:\WINDOWS\system32\26962.exe moved successfully.
C:\WINDOWS\system32\29358.exe moved successfully.
C:\WINDOWS\system32\11478.exe moved successfully.
C:\WINDOWS\system32\15724.exe moved successfully.
C:\WINDOWS\system32\19169.exe moved successfully.
C:\WINDOWS\system32\26500.exe moved successfully.
C:\WINDOWS\system32\6334.exe moved successfully.
C:\WINDOWS\system32\18467.exe moved successfully.
C:\WINDOWS\system32\41.exe moved successfully.

OTL by OldTimer - Version 3.1.25.2 log created on 01222010_201527

-------------------- End Log File Contents -----------------------------------------------------------------------

vgrimes84
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-01-09
OS OS : Windows XP
Points Points : 25453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by Belahzur on Fri Jan 22, 2010 8:46 pm

Can you run Combofix now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245080
# Likes # Likes : 1

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by vgrimes84 on Fri Jan 22, 2010 9:34 pm

Hello,

I was able to run combo-fix and it's running now. What do I do after Combo-Fix runs?


Thanks

vgrimes84
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-01-09
OS OS : Windows XP
Points Points : 25453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by vgrimes84 on Sat Jan 23, 2010 10:03 am

Hello,

Horray, Horray, Horray!!!! I was finally able to run Combo-Fix and everything seems back to normal. Aosl, I truely appreciate all your patience and support in helping me eradicate my system of this virus/trojan. You are fantastic!!!

vgrimes84
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-01-09
OS OS : Windows XP
Points Points : 25453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by Belahzur on Sat Jan 23, 2010 2:31 pm

Please post the Combofix log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245080
# Likes # Likes : 1

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by vgrimes84 on Sun Jan 24, 2010 11:42 am

Hello,

Sorry, I forgat to include the Combo-Fix log file contents. Here is log file contents form Combo-Fix.


---------------------------------------------------- Begin Log File Contents ----------------------------------------------

ComboFix 10-01-21.08 - victor Grimes 01/22/2010 22:08:24.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.418 [GMT -5:00]
Running from: C:\Documents and Settings\victor Grimes\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\Flags.dtd
C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\Local.dtd
C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll
C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\UA.dtd
C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\UAcpt.dtd
C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\Ui.dtd
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiRSS.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiRSS.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiSearch.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiSearch.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware337\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware337\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware337\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware337\U12C5A721.exe
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\Games\GamesOptions.xml
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\Games\GamesOptions.xml.backup
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\Games\images\active\Games0.bmp
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\Manager\ManagerOptions.xml
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\Movies\images\active\Movies0.bmp
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\Movies\MoviesOptions.xml
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\Recipes\RecipesOptions.xml
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\Recipes\RecipesOptions.xml.backup
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml.backup
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\Reference\ReferenceOptions.xml
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\Weather\AlertArchive.xml
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\Weather\WeatherOptions.xml
C:\Documents and Settings\Dorothy PalmerGrimes\Application Data\Starware337\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\victor Grimes\Application Data\Starware337\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\victor Grimes\Application Data\Starware337\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\victor Grimes\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\victor Grimes\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\victor Grimes\Application Data\Starware337\Games\GamesOptions.xml
C:\Documents and Settings\victor Grimes\Application Data\Starware337\Games\GamesOptions.xml.backup
C:\Documents and Settings\victor Grimes\Application Data\Starware337\Games\images\active\Games0.bmp
C:\Documents and Settings\victor Grimes\Application Data\Starware337\Layouts\ToolbarLayout.xml
C:\Documents and Settings\victor Grimes\Application Data\Starware337\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\victor Grimes\Application Data\Starware337\Manager\ManagerOptions.xml
C:\Documents and Settings\victor Grimes\Application Data\Starware337\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\victor Grimes\Application Data\Starware337\Movies\images\active\Movies0.bmp
C:\Documents and Settings\victor Grimes\Application Data\Starware337\Movies\MoviesOptions.xml
C:\Documents and Settings\victor Grimes\Application Data\Starware337\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\victor Grimes\Application Data\Starware337\Recipes\RecipesOptions.xml
C:\Documents and Settings\victor Grimes\Application Data\Starware337\Recipes\RecipesOptions.xml.backup
C:\Documents and Settings\victor Grimes\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml
C:\Documents and Settings\victor Grimes\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml.backup
C:\Documents and Settings\victor Grimes\Application Data\Starware337\Reference\ReferenceOptions.xml
C:\Documents and Settings\victor Grimes\Application Data\Starware337\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\victor Grimes\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\victor Grimes\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\victor Grimes\Application Data\Starware337\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\victor Grimes\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\victor Grimes\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\victor Grimes\Application Data\Starware337\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\victor Grimes\Application Data\Starware337\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\victor Grimes\Application Data\Starware337\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\victor Grimes\Application Data\Starware337\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\victor Grimes\Application Data\Starware337\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\victor Grimes\Application Data\Starware337\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\victor Grimes\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\victor Grimes\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\victor Grimes\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\victor Grimes\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\victor Grimes\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\victor Grimes\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\victor Grimes\Application Data\Starware337\Weather\AlertArchive.xml
C:\Documents and Settings\victor Grimes\Application Data\Starware337\Weather\WeatherOptions.xml
C:\Documents and Settings\victor Grimes\Application Data\Starware337\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\victor Grimes\Favorites\Online Security Test.url
C:\Program Files\CSec\cs.exe.tmp1
C:\Program Files\FunWebProducts\ScreenSaver\Images\187735B6.urr
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\137D0545
C:\Program Files\MyWebSearch\bar\Cache\137D0719.bin
C:\Program Files\MyWebSearch\bar\Cache\137D1300.bin
C:\Program Files\MyWebSearch\bar\Cache\137D140A.bin
C:\Program Files\MyWebSearch\bar\Cache\137D14B6.bin
C:\Program Files\MyWebSearch\bar\Cache\137E89B2.bin
C:\Program Files\MyWebSearch\bar\Cache\137EE4B3.bin
C:\Program Files\MyWebSearch\bar\Cache\137EE57E.bin
C:\Program Files\MyWebSearch\bar\Cache\137EE61A.bin
C:\Program Files\MyWebSearch\bar\Cache\1587BAFD
C:\Program Files\MyWebSearch\bar\Cache\1B2A3076.bin
C:\Program Files\MyWebSearch\bar\Cache\1B2A323B.bin
C:\Program Files\MyWebSearch\bar\Cache\1B2A3354.bin
C:\Program Files\MyWebSearch\bar\Cache\1B2A33C1.bin
C:\Program Files\MyWebSearch\bar\Cache\42514601
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\Starware337\brand.bmp
C:\Program Files\Starware337\icons\star_16.ico
C:\Program Files\Starware337\Starware337Config.xml
C:\Program Files\Starware337\Starware337Uninstall.exe
C:\WINDOWS\system32\hinovali.dll
C:\WINDOWS\system32\kipariwo.dll
C:\WINDOWS\system32\ruhopama.dll
C:\WINDOWS\system32\warning.html
C:\WINDOWS\system32\WCp64log.dll
C:\WINDOWS\Tasks\byvwsgfa.job

.
((((((((((((((((((((((((( Files Created from 2009-12-23 to 2010-01-23 )))))))))))))))))))))))))))))))
.

2010-01-23 01:15:27 . 2010-01-23 01:15:27 -------- d-----w- C:\_OTL
2010-01-22 03:44:41 . 2009-11-21 15:51:04 471552 -c----w- C:\WINDOWS\system32\dllcache\aclayers.dll
2010-01-16 03:46:19 . 2010-01-16 03:46:19 -------- d-----w- C:\Program Files\Microsoft
2010-01-16 03:46:05 . 2010-01-16 03:46:11 -------- d-----w- C:\Program Files\MSN Toolbar
2010-01-16 03:45:12 . 2010-01-16 03:46:17 -------- d-----w- C:\Program Files\MSN Toolbar Installer
2010-01-16 03:41:38 . 2010-01-16 03:41:38 152576 ----a-w- C:\Documents and Settings\victor Grimes\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-16 03:14:33 . 2010-01-07 21:07:14 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-01-16 03:14:30 . 2010-01-07 21:07:04 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-01-14 11:22:19 . 2010-01-14 11:22:19 -------- d-----w- C:\Program Files\MSECache
2010-01-14 02:37:39 . 2010-01-16 03:18:53 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-14 01:36:19 . 2010-01-14 01:36:19 -------- d-----w- C:\Documents and Settings\victor Grimes\Application Data\Malwarebytes
2010-01-14 01:35:55 . 2010-01-14 01:35:55 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-13 15:43:21 . 2008-04-13 16:39:23 142592 ----a-w- C:\WINDOWS\system32\drivers\aec.sys
2010-01-13 15:32:13 . 2010-01-13 15:32:13 -------- d-sh--w- C:\Documents and Settings\Dorothy PalmerGrimes\IETldCache
2010-01-13 02:30:17 . 2010-01-13 02:30:17 388096 ----a-r- C:\Documents and Settings\victor Grimes\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-13 02:30:17 . 2010-01-13 02:30:17 -------- d-----w- C:\Program Files\TrendMicro
2010-01-10 23:11:22 . 2010-01-10 23:29:11 -------- d-----w- C:\Anthony Morrison Audio
2010-01-09 14:18:59 . 2010-01-09 20:08:41 -------- d-----w- C:\Documents and Settings\victor Grimes\DoctorWeb
2010-01-09 01:49:10 . 2010-01-09 01:49:10 -------- d-----w- C:\Program Files\Common Files\PersonalSecUninstall
2010-01-09 01:39:58 . 2010-01-09 12:21:09 -------- d-----w- C:\Program Files\Angle Interactive
2010-01-08 00:43:08 . 2010-01-08 00:45:04 -------- d-----w- C:\Boss Documents
2010-01-08 00:39:29 . 2010-01-08 00:42:46 -------- d-----w- C:\2009 Taxes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 01:46:23 . 2009-11-29 20:25:05 -------- d-----w- C:\Program Files\RebateInformer
2010-01-22 22:29:21 . 2009-11-06 02:19:02 -------- d-----w- C:\Program Files\Microsoft Silverlight
2010-01-22 03:39:44 . 2005-01-02 05:42:33 82872 -c--a-w- C:\Documents and Settings\victor Grimes\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 03:43:29 . 2006-04-20 02:07:39 -------- d-----w- C:\Program Files\Java
2010-01-16 03:41:34 . 2009-11-13 01:17:31 79488 ----a-w- C:\Documents and Settings\victor Grimes\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-21 19:14:05 . 2004-08-12 13:33:31 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-11-29 20:25:38 . 2009-11-29 20:25:37 -------- d-----w- C:\Documents and Settings\victor Grimes\Application Data\RebateInformer
2009-11-29 20:25:38 . 2009-11-29 20:23:53 -------- d-----w- C:\Documents and Settings\victor Grimes\Application Data\Inbox Toolbar
2009-11-29 20:24:41 . 2009-11-29 20:24:20 -------- d-----w- C:\Program Files\Crawler
2009-11-29 20:23:54 . 2009-11-29 20:23:52 -------- d-----w- C:\Program Files\Inbox Toolbar
2009-11-21 15:51:04 . 2004-08-12 13:17:17 471552 ----a-w- C:\WINDOWS\AppPatch\aclayers.dll
2003-08-27 19:19:18 . 2005-01-02 23:46:46 36963 -c--a-r- C:\Program Files\Common Files\SM1updtr.dll
1956-09-09 16:26:23 . 2007-03-19 19:54:10 3198976 ----a-w- C:\Program Files\ViewSonicregistration.exe
1601-01-01 00:03:28 . 1601-01-01 00:03:28 60928 --sha-w- C:\WINDOWS\system32\tomimago.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 02:57:58 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 00:12:28 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunTasktray"="c:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe --regkeypath=Software\Hewlett-Packard\HP Easy Printer Care\HPPRun --valuename=InstallTTM" [X]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 21:19:46 129536]
"webmouse"="C:\Program Files\RCG\WebMouse\1.0\lgotoweb.exe" [2000-09-01 09:26:00 344576]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe" [2006-02-01 23:33:38 1880064]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 08:51:27 172032]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 19:20:00 94208]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-04-13 22:36:44 1470464]
"Motive SmartBridge"="C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 16:33:02 438359]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2009-10-29 11:54:44 1218008]
"KnexStarter"="c:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe" [2006-12-12 20:22:50 73728]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 08:50:07 204800]
"Ink Monitor"="C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe" [2002-08-05 08:37:14 258116]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-05-06 23:52:10 155648]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 03:11:42 49152]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-05-06 23:48:06 118784]
"EPSON Stylus Photo 925"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 03:05:00 74752]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 13:12:20 90112]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 04:46:24 57344]
"Google Quick Search Box"="C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-23 02:27:17 68592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-09-05 05:54:42 417792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-09-21 20:36:12 305440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-10-11 09:17:36 149280]
"MSN Toolbar"="C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 02:29:44 240992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 16:52:14 218232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
802.11g USB adapter.lnk - C:\Program Files\11g USB adapter\Wifiusb.exe [2004-9-6 487424]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
VPN Client.lnk - C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2008-10-10 6144]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-10-3 54776]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e


----------------------------------------------------- End Log File Contents -------------------------------------------------

vgrimes84
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-01-09
OS OS : Windows XP
Points Points : 25453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by Belahzur on Sun Jan 24, 2010 12:32 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    C:\Program Files\RebateInformer
    C:\Documents and Settings\victor Grimes\Application Data\RebateInformer
    C:\Program Files\Crawler
    C:\WINDOWS\system32\tomimago.dll


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245080
# Likes # Likes : 1

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by vgrimes84 on Thu Jan 28, 2010 12:02 pm

Hello,

I did run OTM.exe and it did move the files above, however, as I was copying the result into my repy post to you, my computer for some reason rebutted and I lost the results. I then reran OTM,EXE and here are the results from the second execution of OTM.

============================ Begin Results =====================================================
========== FILES ==========
File/Folder C:\Program Files\RebateInformer not found.
File/Folder C:\Documents and Settings\victor Grimes\Application Data\RebateInformer not found.
File/Folder C:\Program Files\Crawler not found.
File/Folder C:\WINDOWS\system32\tomimago.dll not found.

OTM by OldTimer - Version 3.1.7.0 log created on 01282010_120117



==========================End Results =============================================================

vgrimes84
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-01-09
OS OS : Windows XP
Points Points : 25453
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by Belahzur on Thu Jan 28, 2010 12:29 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245080
# Likes # Likes : 1

View user profile

Back to top Go down

Re: "Your System is Infected" Background Message

Post by vgrimes84 on Thu Jan 28, 2010 8:14 pm

Hello,


I got a "Windows could not find Combofix file"

otherwise, my system is running with no issues and seems to be running much faster than before. I much appreciate your assisrance in getting my computer back to what it should be.

vgrimes84
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-01-09
OS OS : Windows XP
Points Points : 25453
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum