firowazo.dll

View previous topic View next topic Go down

firowazo.dll

Post by nsousa on 18th January 2010, 2:37 pm

I have been getting pop ups randomly, so I ran a Symantec AntiVirus Scan. It appears that it found a Trojan in my system32 folder with the file name of firowazo.dll. Symantec is unable to clean, quarantine, or delete the file. I don't know for sure though if this is the exact file that is causing these pop ups. Any advice?

Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:03 AM, on 1/18/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fabrik Ultimate Backup\fabrikhomebackup.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Fabrik Ultimate Backup\fabrikhomestat.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nicole Sousa\Desktop\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {3c07ee26-57ab-4adc-8096-7c49c3ac8971} - C:\WINDOWS\system32\ds1tor.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [mabisimey] Rundll32.exe "c:\windows\system32\tutepega.dll",a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Fabrik Ultimate Backup Status.lnk = C:\Program Files\Fabrik Ultimate Backup\fabrikhomestat.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (file missing)
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3527C5BD-4A46-4362-94B6-12341D087A4B} - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - [You must be registered and logged in to see this link.]
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - [You must be registered and logged in to see this link.]
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - [You must be registered and logged in to see this link.]
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\tutepega.dll c:\windows\system32\firowazo.dll,zazuporo.dll
O20 - Winlogon Notify: ds1tor - ds1tor.dll (file missing)
O21 - SSODL: kiribises - {4178b48b-abb7-4f2c-b5f7-eeb2a2ad0d26} - c:\windows\system32\tutepega.dll
O22 - SharedTaskScheduler: gahurihor - {4178b48b-abb7-4f2c-b5f7-eeb2a2ad0d26} - c:\windows\system32\tutepega.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Fabrik Ultimate Backup Backup Service (fabrikhomebackup) - Fabrik, Inc. - C:\Program Files\Fabrik Ultimate Backup\fabrikhomebackup.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 16230 bytes

nsousa
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-18
OS OS : windows xp
Points Points : 25283
# Likes # Likes : 0

View user profile

Back to top Go down

Re: firowazo.dll

Post by Belahzur on 18th January 2010, 10:34 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {3c07ee26-57ab-4adc-8096-7c49c3ac8971} - C:\WINDOWS\system32\ds1tor.dll (file missing)
    O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (file missing)
    O4 - HKLM\..\Run: [mabisimey] Rundll32.exe "c:\windows\system32\tutepega.dll",a
    O4 - Startup: PowerReg Scheduler V3.exe
    O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (file missing)
    O20 - AppInit_DLLs: c:\windows\system32\tutepega.dll c:\windows\system32\firowazo.dll,zazuporo.dll
    O20 - Winlogon Notify: ds1tor - ds1tor.dll (file missing)
    O21 - SSODL: kiribises - {4178b48b-abb7-4f2c-b5f7-eeb2a2ad0d26} - c:\windows\system32\tutepega.dll
    O22 - SharedTaskScheduler: gahurihor - {4178b48b-abb7-4f2c-b5f7-eeb2a2ad0d26} - c:\windows\system32\tutepega.dll



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

More issues...

Post by nsousa on 22nd January 2010, 4:53 am

Thank you for responding to my post.

I was able to fix those files on HijackThis without a glitch. However, when I attempted to install MBAM, I received this error message at the end of the installation:

Unable to execute file:
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

CreateProcess failed; code 2.
The system cannot find the file specified.

And whenever I attempted to click on the MBAM icon to start the program, I received this error message:

Windows is searching for mbam.exe. To locate the file yourself, click Browse.

nsousa
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-18
OS OS : windows xp
Points Points : 25283
# Likes # Likes : 0

View user profile

Back to top Go down

Re: firowazo.dll

Post by Belahzur on 22nd January 2010, 10:25 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: firowazo.dll

Post by nsousa on 30th January 2010, 5:35 pm

Hello Again,

I attempted to install combo fix, but when I went to go run the installation, I received this error message:

C:\Documents and Settings\Nicole Sousa\My Documents\Combo-Fix.exe is not a valid Win 32 application

I tried both links that you posted, as well as attempting to save the file into different places on my computer.

Just in case this might be a piece of useful information, I've now been getting Symantec Popups informing me that I have multiple trojans with different file names infecting my computer, most of which can only be quarantined or deleted. However they manage to keep reinfecting. The problem is getting worse.

Please Advise, Thanks!

nsousa
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-18
OS OS : windows xp
Points Points : 25283
# Likes # Likes : 0

View user profile

Back to top Go down

Re: firowazo.dll

Post by Belahzur on 30th January 2010, 7:22 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: firowazo.dll

Post by nsousa on 2nd February 2010, 2:19 am

OTL. txt:

OTL logfile created on: 2/1/2010 7:53:28 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\DOCUME~1\NICOLE~1\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 431.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 0.33 Gb Free Space | 0.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICOLE-6718CD37
Current User Name: Nicole Sousa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/01 19:53:04 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicole Sousa\Desktop\OTL.exe
PRC - [2010/01/18 15:12:24 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/25 15:33:12 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/02/09 12:04:48 | 000,045,888 | ---- | M] (Fabrik, Inc.) -- C:\Program Files\Fabrik Ultimate Backup\fabrikhomebackup.exe
PRC - [2008/07/26 06:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 06:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/29 17:56:20 | 000,061,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/11/02 08:51:54 | 000,233,472 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
PRC - [2004/10/04 03:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/10/04 02:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
PRC - [2004/07/18 03:19:34 | 001,258,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2004/07/18 03:18:52 | 000,029,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2004/02/27 18:44:54 | 000,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/02/27 18:44:48 | 000,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2003/05/15 00:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 000,095,744 | -HS- | M] () -- C:\WINDOWS\system32\wayebomi.dll
MOD - [2099/01/01 12:00:00 | 000,093,184 | -HS- | M] () -- C:\WINDOWS\system32\tutepega.dll
MOD - [2099/01/01 12:00:00 | 000,053,248 | -HS- | M] () -- C:\WINDOWS\system32\zazuporo.dll
MOD - [2010/02/01 19:53:04 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicole Sousa\Desktop\OTL.exe
MOD - [2008/07/26 06:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj04.dll
MOD - [2006/08/25 09:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Spaqmmupds)
SRV - [2010/02/01 17:43:10 | 000,037,376 | ---- | M] () [Auto | Stopped] -- C:\Program Files\svchost.exe -- (AdbUpd)
SRV - [2009/05/25 15:33:12 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/02/09 12:04:48 | 000,045,888 | ---- | M] (Fabrik, Inc.) [Auto | Running] -- C:\Program Files\Fabrik Ultimate Backup\fabrikhomebackup.exe -- (fabrikhomebackup)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/07/26 06:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 06:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/04/29 17:56:32 | 005,065,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/04/29 17:56:22 | 000,245,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2008/04/29 17:56:20 | 000,061,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2007/08/16 06:56:16 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2007/08/16 06:56:14 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2007/08/16 06:56:10 | 001,092,080 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/07/24 03:14:08 | 000,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/07/24 03:14:06 | 000,358,896 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/05/02 22:03:23 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/06/14 14:23:58 | 000,323,584 | ---- | M] (Apple Computer, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2004/11/17 21:32:56 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\HPQ\shared\hpqwmi.exe -- (hpqwmi)
SRV - [2004/10/22 01:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/10/04 03:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/04 02:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
SRV - [2004/07/18 03:19:34 | 001,258,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/07/18 03:18:52 | 000,029,912 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2004/06/09 19:28:30 | 000,201,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/03/10 17:18:06 | 000,169,192 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/02/27 18:44:54 | 000,242,808 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/02/27 18:44:52 | 000,087,160 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/02/27 18:44:48 | 000,255,096 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/01/27 03:00:00 | 001,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100127.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/01/27 03:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100127.005\NAVENG.SYS -- (NAVENG)
DRV - [2009/09/09 11:54:28 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\fabrikhome.sys -- (fabrikhomeFilter)
DRV - [2008/07/26 09:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 09:25:46 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 09:22:32 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/26 09:22:20 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/07/26 06:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/29 17:39:04 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2008/04/14 02:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/01/26 21:59:45 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2007/11/13 04:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/05/31 11:39:50 | 000,022,656 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2007/05/23 15:26:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/05/01 01:00:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/03/05 19:01:18 | 000,039,184 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007/03/05 19:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007/03/05 18:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2007/03/05 18:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007/03/05 18:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007/03/05 18:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2007/03/05 18:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2007/03/05 18:51:24 | 000,034,576 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007/01/18 08:24:58 | 000,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2006/11/22 11:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)
DRV - [2006/03/19 16:30:34 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PzWDM.sys -- (PzWDM)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/02/02 00:21:04 | 000,014,408 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2004/11/17 04:30:40 | 000,147,840 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/11/10 09:41:26 | 000,105,831 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/11/02 03:27:20 | 000,773,565 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2004/10/06 02:29:50 | 000,129,280 | R--- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2004/09/20 02:41:00 | 003,210,496 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2004/09/01 11:17:46 | 000,259,648 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2004/08/24 05:20:08 | 001,268,204 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/04 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 06:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/08/03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/28 04:35:24 | 000,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/06/09 19:28:10 | 000,263,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/06/09 19:28:08 | 000,016,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/04/26 03:49:56 | 000,381,056 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/04/14 06:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/03/02 21:46:46 | 000,082,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/02/07 17:43:56 | 000,301,200 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/02/07 17:43:56 | 000,037,008 | R--- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2003/12/25 16:48:14 | 000,010,752 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/06/06 10:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2002/09/20 04:53:34 | 000,235,100 | R--- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.20.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.14907

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/18 15:12:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/18 15:12:47 | 000,000,000 | ---D | M]

[2008/06/21 11:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole Sousa\Application Data\Mozilla\Extensions
[2010/02/01 18:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole Sousa\Application Data\Mozilla\Firefox\Profiles\poelquch.default\extensions
[2009/01/03 01:22:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Nicole Sousa\Application Data\Mozilla\Firefox\Profiles\poelquch.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/22 15:08:47 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Documents and Settings\Nicole Sousa\Application Data\Mozilla\Firefox\Profiles\poelquch.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2008/09/26 13:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole Sousa\Application Data\Mozilla\Firefox\Profiles\poelquch.default\extensions\moveplayer@movenetworks.com
[2010/02/01 18:57:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/01 18:48:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (ADC PlugIn) - {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02} - C:\Program Files\adc32.dll (ASC - AntiSpyware)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [Home Theater SchSvr] C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe (InterVideo Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [mabisimey] C:\WINDOWS\System32\tutepega.DLL ()
O4 - HKLM..\Run: [mmtask] c:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (TODO: )
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (MUSICMATCH, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [WINREMOTE] C:\Program Files\InterVideo\Common\Bin\WinRemote.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Fabrik Ultimate Backup Status.lnk = C:\Program Files\Fabrik Ultimate Backup\fabrikhomestat.exe (Fabrik, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe (ArcSoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3527C5BD-4A46-4362-94B6-12341D087A4B} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} [You must be registered and logged in to see this link.] (Facebook Photo Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 4)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} [You must be registered and logged in to see this link.] (AxisMediaControlEmb Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [You must be registered and logged in to see this link.] (PopCapLoader Object)
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\windows\system32\tutepega.dll c:\windows\system32\wayebomi.dll) - C:\WINDOWS\System32\tutepega.dll ()
O20 - AppInit_DLLs: (zazuporo.dll) - C:\WINDOWS\System32\zazuporo.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O21 - SSODL: lepewihol - {0e3a8783-974b-4111-8b9c-e3810ba5356c} - C:\WINDOWS\system32\wayebomi.dll ()
O21 - SSODL: vuzilivag - {7f50bd7e-8863-48c2-90c3-2c77dd0a20d0} - C:\WINDOWS\system32\tutepega.dll ()
O21 - SSODL: worubilif - {1dfa076a-546e-4a1f-bcd4-f9fafbf80cb4} - C:\WINDOWS\system32\wayebomi.dll ()
O21 - SSODL: yerisoviv - {171d4207-74d9-4574-afed-9da9f1144a95} - C:\WINDOWS\system32\wayebomi.dll ()
O21 - SSODL: zotuvuvot - {30eb09f2-44d8-40ee-a863-aa7bfb07df2f} - C:\WINDOWS\system32\wayebomi.dll ()
O22 - SharedTaskScheduler: {0e3a8783-974b-4111-8b9c-e3810ba5356c} - mujuzedij - C:\WINDOWS\system32\wayebomi.dll ()
O22 - SharedTaskScheduler: {171d4207-74d9-4574-afed-9da9f1144a95} - mujuzedij - C:\WINDOWS\system32\wayebomi.dll ()
O22 - SharedTaskScheduler: {1dfa076a-546e-4a1f-bcd4-f9fafbf80cb4} - jugezatag - C:\WINDOWS\system32\wayebomi.dll ()
O22 - SharedTaskScheduler: {30eb09f2-44d8-40ee-a863-aa7bfb07df2f} - jugezatag - C:\WINDOWS\system32\wayebomi.dll ()
O22 - SharedTaskScheduler: {7f50bd7e-8863-48c2-90c3-2c77dd0a20d0} - kupuhivus - C:\WINDOWS\system32\tutepega.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Nicole Sousa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nicole Sousa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/29 11:28:56 | 000,000,050 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{cbf33b96-d811-11dc-adfa-0012f018f59b}\Shell - "" = AutoRun
O33 - MountPoints2\{cbf33b96-d811-11dc-adfa-0012f018f59b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cbf33b96-d811-11dc-adfa-0012f018f59b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{dc87d756-6ef6-11de-8aee-806d6172696f}\Shell\AutoRun\command - "" = E:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{dc87d756-6ef6-11de-8aee-806d6172696f}\Shell\slacker\command - "" = E:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{fc244dec-8e6a-11dc-adcf-0012f018f59b}\Shell - "" = AutoRun
O33 - MountPoints2\{fc244dec-8e6a-11dc-adcf-0012f018f59b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fc244dec-8e6a-11dc-adcf-0012f018f59b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- C:\Program Files\alggui.exe "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2010/02/01 19:53:03 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nicole Sousa\Desktop\OTL.exe
[2010/02/01 17:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\schtml
[2010/02/01 17:43:18 | 000,958,464 | ---- | C] (ASC - AntiSpyware) -- C:\Program Files\adc32.dll
[2010/02/01 17:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Your PC Protector
[2010/01/23 22:24:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/21 22:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicole Sousa\Desktop\backups
[2010/01/19 02:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/19 02:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicole Sousa\Application Data\Malwarebytes
[2010/01/19 01:42:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicole Sousa\My Documents\Downloads
[2010/01/18 08:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicole Sousa\My Documents\hijackthis logs
[2010/01/18 08:31:50 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Nicole Sousa\Desktop\winlogon.scr
[2008/08/27 22:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2008/01/06 18:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/07/12 01:01:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/12/02 10:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/11/24 14:54:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\Documents and Settings\Nicole Sousa\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Nicole Sousa\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Nicole Sousa\Desktop\*.tmp files -> C:\Documents and Settings\Nicole Sousa\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,095,744 | -HS- | M] () -- C:\WINDOWS\System32\wayebomi.dll
[2099/01/01 12:00:00 | 000,093,184 | -HS- | M] () -- C:\WINDOWS\System32\tutepega.dll
[2099/01/01 12:00:00 | 000,061,440 | -HS- | M] () -- C:\WINDOWS\System32\tasurizo.dll
[2099/01/01 12:00:00 | 000,053,248 | -HS- | M] () -- C:\WINDOWS\System32\zazuporo.dll
[2099/01/01 12:00:00 | 000,053,248 | -HS- | M] () -- C:\WINDOWS\System32\wepejapu.dll
[2099/01/01 12:00:00 | 000,053,248 | -HS- | M] () -- C:\WINDOWS\System32\lodayija.dll
[2099/01/01 12:00:00 | 000,053,248 | -HS- | M] () -- C:\WINDOWS\System32\kunokeja.dll
[2099/01/01 12:00:00 | 000,053,248 | -HS- | M] () -- C:\WINDOWS\System32\fiyamepe.dll
[2099/01/01 12:00:00 | 000,049,664 | -HS- | M] () -- C:\WINDOWS\System32\ropenoya.dll
[2099/01/01 12:00:00 | 000,049,664 | -HS- | M] () -- C:\WINDOWS\System32\pasufizi.dll
[2099/01/01 12:00:00 | 000,048,128 | -HS- | M] () -- C:\WINDOWS\System32\sosubova.dll
[2099/01/01 12:00:00 | 000,047,104 | -HS- | M] () -- C:\WINDOWS\System32\jutugife.dll
[2099/01/01 12:00:00 | 000,042,496 | -HS- | M] () -- C:\WINDOWS\System32\paweharo.dll
[2010/02/01 20:00:04 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\lehifili
[2010/02/01 20:00:01 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\kosrecsr.job
[2010/02/01 19:53:04 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicole Sousa\Desktop\OTL.exe
[2010/02/01 18:45:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/01 18:45:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/01 18:45:33 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/01 18:44:32 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Nicole Sousa\NTUSER.DAT
[2010/02/01 18:44:31 | 000,000,056 | ---- | M] () -- C:\Program Files\wp4.dat
[2010/02/01 18:44:31 | 000,000,004 | ---- | M] () -- C:\Program Files\wp3.dat
[2010/02/01 18:44:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Nicole Sousa\ntuser.ini
[2010/02/01 17:54:11 | 000,000,036 | ---- | M] () -- C:\Program Files\skynet.dat
[2010/02/01 17:43:18 | 000,958,464 | ---- | M] (ASC - AntiSpyware) -- C:\Program Files\adc32.dll
[2010/02/01 17:43:18 | 000,043,520 | ---- | M] () -- C:\Program Files\alggui.exe
[2010/02/01 17:43:15 | 000,000,009 | ---- | M] () -- C:\Program Files\nuar.old
[2010/02/01 17:43:10 | 000,037,376 | ---- | M] () -- C:\Program Files\svchost.exe
[2010/02/01 17:41:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/25 17:13:00 | 000,893,952 | ---- | M] () -- C:\Documents and Settings\Nicole Sousa\Desktop\Training_Manual.doc
[2010/01/25 17:06:13 | 000,290,336 | ---- | M] () -- C:\Documents and Settings\Nicole Sousa\Desktop\Travel Voucher Colt.pdf
[2010/01/23 22:24:45 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Fabrik Ultimate Backup Status.lnk
[2010/01/23 22:22:38 | 000,003,582 | ---- | M] () -- C:\WINDOWS\fabrikhome.blk
[2010/01/23 22:22:37 | 000,000,870 | ---- | M] () -- C:\WINDOWS\fabrikhome.flt
[2010/01/19 02:17:51 | 002,662,932 | -H-- | M] () -- C:\Documents and Settings\Nicole Sousa\Local Settings\Application Data\IconCache.db
[2010/01/18 08:31:52 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Nicole Sousa\Desktop\winlogon.scr
[2010/01/11 00:38:06 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/01/06 08:56:00 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Nicole Sousa\Desktop\Microsoft Office Word 2003.lnk
[2010/01/06 02:07:51 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Nicole Sousa\Desktop\PCPs in Tulsa.doc
[2010/01/06 02:07:51 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Nicole Sousa\Desktop\~$Ps in Tulsa.doc
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\Documents and Settings\Nicole Sousa\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Nicole Sousa\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Nicole Sousa\Desktop\*.tmp files -> C:\Documents and Settings\Nicole Sousa\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,095,744 | -HS- | C] () -- C:\WINDOWS\System32\wayebomi.dll
[2099/01/01 12:00:00 | 000,093,184 | -HS- | C] () -- C:\WINDOWS\System32\tutepega.dll
[2099/01/01 12:00:00 | 000,061,440 | -HS- | C] () -- C:\WINDOWS\System32\tasurizo.dll
[2099/01/01 12:00:00 | 000,053,248 | -HS- | C] () -- C:\WINDOWS\System32\zazuporo.dll
[2099/01/01 12:00:00 | 000,053,248 | -HS- | C] () -- C:\WINDOWS\System32\wepejapu.dll
[2099/01/01 12:00:00 | 000,053,248 | -HS- | C] () -- C:\WINDOWS\System32\lodayija.dll
[2099/01/01 12:00:00 | 000,053,248 | -HS- | C] () -- C:\WINDOWS\System32\kunokeja.dll
[2099/01/01 12:00:00 | 000,053,248 | -HS- | C] () -- C:\WINDOWS\System32\fiyamepe.dll
[2099/01/01 12:00:00 | 000,049,664 | -HS- | C] () -- C:\WINDOWS\System32\ropenoya.dll
[2099/01/01 12:00:00 | 000,049,664 | -HS- | C] () -- C:\WINDOWS\System32\pasufizi.dll
[2099/01/01 12:00:00 | 000,048,128 | -HS- | C] () -- C:\WINDOWS\System32\sosubova.dll
[2099/01/01 12:00:00 | 000,047,104 | -HS- | C] () -- C:\WINDOWS\System32\jutugife.dll
[2099/01/01 12:00:00 | 000,042,496 | -HS- | C] () -- C:\WINDOWS\System32\paweharo.dll
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\lehifili
[2010/02/01 17:43:18 | 000,043,520 | ---- | C] () -- C:\Program Files\alggui.exe
[2010/02/01 17:43:15 | 000,000,009 | ---- | C] () -- C:\Program Files\nuar.old
[2010/02/01 17:43:10 | 000,037,376 | ---- | C] () -- C:\Program Files\svchost.exe
[2010/02/01 17:43:10 | 000,000,056 | ---- | C] () -- C:\Program Files\wp4.dat
[2010/02/01 17:43:10 | 000,000,036 | ---- | C] () -- C:\Program Files\skynet.dat
[2010/02/01 17:43:10 | 000,000,004 | ---- | C] () -- C:\Program Files\wp3.dat
[2010/02/01 17:42:25 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\kosrecsr.job
[2010/01/25 17:12:32 | 000,893,952 | ---- | C] () -- C:\Documents and Settings\Nicole Sousa\Desktop\Training_Manual.doc
[2010/01/25 17:06:13 | 000,290,336 | ---- | C] () -- C:\Documents and Settings\Nicole Sousa\Desktop\Travel Voucher Colt.pdf
[2010/01/06 02:07:51 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Nicole Sousa\Desktop\PCPs in Tulsa.doc
[2010/01/06 02:07:51 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Nicole Sousa\Desktop\~$Ps in Tulsa.doc
[2009/12/05 12:02:07 | 002,268,672 | ---- | C] () -- C:\Documents and Settings\Nicole Sousa\Local Settings\Application Data\cooliris-win-iefull-release-1.11.5.29501.en-US.msi
[2009/09/05 21:12:55 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/07/01 14:33:05 | 002,118,144 | ---- | C] () -- C:\Documents and Settings\Nicole Sousa\Local Settings\Application Data\cooliris-win-ie-release-1.11.0.26762.en-US.msi
[2009/06/05 16:43:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2009/04/24 18:56:03 | 002,545,152 | ---- | C] () -- C:\Documents and Settings\Nicole Sousa\Local Settings\Application Data\cooliris-win-ie-release-1.10.0.24532.en-US.msi
[2009/01/01 19:22:28 | 002,351,616 | ---- | C] () -- C:\Documents and Settings\Nicole Sousa\Local Settings\Application Data\cooliris-win-ie-release-1.9.1.17582.msi
[2008/11/29 01:25:55 | 002,327,552 | ---- | C] () -- C:\Documents and Settings\Nicole Sousa\Local Settings\Application Data\cooliris-win-ie-release-1.9.0.16396.msi
[2008/11/02 21:37:02 | 002,869,760 | ---- | C] () -- C:\Documents and Settings\Nicole Sousa\Local Settings\Application Data\cooliris-win-iemin-release-1.8.5.14750.msi
[2008/10/05 18:07:34 | 002,849,792 | ---- | C] () -- C:\Documents and Settings\Nicole Sousa\Local Settings\Application Data\cooliris-win-iemin-release-1.8.3.14080.msi
[2008/09/27 14:38:30 | 002,326,016 | ---- | C] () -- C:\Documents and Settings\Nicole Sousa\Local Settings\Application Data\cooliris-win-iemin-release-1.8.2.4689.msi
[2008/09/24 23:24:45 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Nicole Sousa\Local Settings\Application Data\rx_image.Cache
[2008/09/24 23:24:44 | 000,004,216 | ---- | C] () -- C:\Documents and Settings\Nicole Sousa\Local Settings\Application Data\rx_audio.Cache
[2008/07/26 06:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/06/16 12:27:22 | 001,699,328 | ---- | C] () -- C:\Documents and Settings\Nicole Sousa\Local Settings\Application Data\piclens-win-iefull-release-1.7.0.3458.msi
[2008/06/13 09:52:17 | 001,579,008 | ---- | C] () -- C:\Documents and Settings\Nicole Sousa\Local Settings\Application Data\piclens-win-iemin-release-1.6.4.3021.msi
[2007/12/01 04:12:49 | 000,000,161 | ---- | C] () -- C:\WINDOWS\System32\vclwiz8.dll
[2007/11/23 22:17:33 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/23 22:06:36 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/03/05 11:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/03/01 21:02:43 | 000,001,367 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/17 18:26:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/11/29 23:14:23 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2005/11/29 19:14:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/29 16:17:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/29 11:51:15 | 000,081,408 | ---- | C] () -- C:\Documents and Settings\Nicole Sousa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/29 11:27:19 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/29 11:24:53 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/29 11:24:53 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/29 11:24:52 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/29 11:24:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/29 11:24:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/29 11:24:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/10/27 02:30:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/01/13 12:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

nsousa
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-18
OS OS : windows xp
Points Points : 25283
# Likes # Likes : 0

View user profile

Back to top Go down

Re: firowazo.dll

Post by nsousa on 2nd February 2010, 2:20 am

Extras.txt:

OTL Extras logfile created on: 2/1/2010 7:53:28 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\DOCUME~1\NICOLE~1\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 431.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 0.33 Gb Free Space | 0.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICOLE-6718CD37
Current User Name: Nicole Sousa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.exe [@ = exefile] -- C:\Program Files\alggui.exe ()
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- C:\Program Files\alggui.exe "%1" %* ()
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1133303468\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1133303468\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1133303468\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1133303468\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\myTunes Redux\mDNSResponder.exe" = C:\Program Files\myTunes Redux\mDNSResponder.exe:*:Disabled:mDNSResponder -- File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo -- File not found
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Infogrames Interactive\Scrabble Complete\ScrabbleComplete.exe" = C:\Program Files\Infogrames Interactive\Scrabble Complete\ScrabbleComplete.exe:*:Enabled:Scrabble Complete -- (Infogrames Interactive)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation.)
"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe" = C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module -- (Sonic Solutions)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0D048BE8-AE02-4CB5-A428-616B9848E4A7}" = BlackBerry Desktop Software 4.3
"{1A91D1FA-B9B3-4556-9878-5C61059A19B2}" = InterVideo DVD
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2b02f822-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Pro Edition 2004
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37E31FCE-A048-4D8C-B167-31891BCF6585}" = muvee autoProducer 3.5 - SE
"{3A48B49B-38D9-87E2-1696-6AF3B8B0B07F}" = Fabrik Ultimate Backup
"{3AA7FDD6-E358-453D-BC77-22E3CF81DA83}" = Super Glinx!
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant
"{43B402B3-0027-0002-3757-3015BD2DE2CD}" = Home Theater
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{48AFBB60-8CF5-4605-BB04-704DD8702B80}" = VZAccess Manager for RIM
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54BCE5D8-4375-3F14-B116-43B77DEB2DBA}" = PicLens for Internet Explorer
"{54C0D94A-F467-4ABC-9D02-6E58748668D4}" = iTunes
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
"{82AA5D60-D11A-3EAB-A777-9007DF4721CE}" = PicLens for Internet Explorer
"{848AC794-8B81-440A-81AE-6474337DB527}" = Symantec AntiVirus
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{89AD2814-AFA2-46AF-AE53-C27196D9FBE6}" = InterVideo TV
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A14F7508-B784-40B8-B11A-E0E2EEB7229F}" = Adobe Premiere Pro 1.5
"{A301896D-9F55-4492-B518-30EAC4C723E1}" = Super Collapse!
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AAA4CCCE-78DB-47B0-A651-68270D838BD4}" = Music
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AF98AF15-161E-42EC-9008-1CCF9BB83961}" = Bluesoleil3.2.1.2 Release 070314
"{B36649A3-D0DD-4706-B042-F5B384529C7A}" = Scrabble Complete
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.00 D5
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D71AC256-FA83-45EA-9F14-1B20BB5105C9}" = TIxx21/x515
"{E6A9B4BB-666A-42BF-9AE4-D906C6FD2D6A}" = MioMore Desktop 2
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EF6F70D0-C242-4047-946B-98EA8208481A}" = ArcSoft TotalMedia Backup & Record
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F7514465-E5F3-48E9-A952-327DAEF33DE6}" = InterVideo Home Theater
"{FE4BD9BD-4A26-4F39-B12C-19336204B102}" = EndNote X Volume License Edition
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"ACDLabs in C__ACDFREE10_" = ACD/Labs Software in C:\ACDFREE10\
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AIM_6" = AIM 6
"AOL Instant Messenger" = AOL Instant Messenger
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"Bejeweled Deluxe 1.87" = Bejeweled Deluxe 1.87
"BlackBerry_{0D048BE8-AE02-4CB5-A428-616B9848E4A7}" = BlackBerry Desktop Software 4.3
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Driver
"CCleaner" = CCleaner (remove only)
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{54C0D94A-F467-4ABC-9D02-6E58748668D4}" = iTunes
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"InstallShield_{D71AC256-FA83-45EA-9F14-1B20BB5105C9}" = Texas Instruments PCIxx21/x515 drivers.
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"legacyqcam_11.10" = Logitech Legacy USB Camera Driver Package
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"MahJongg Master 6" = MahJongg Master 6
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PUBLISHERR" = Microsoft Office Publisher 2007 Trial
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.9
"Vuze" = Vuze
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Weather Services" = Weather Services
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/23/2010 4:31:57 AM | Computer Name = NICOLE-6718CD37 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Packed.Generic.217 in File: C:\System Volume
Information\_restore{CF7BDC76-0375-47AD-B446-62B268F61845}\RP1125\A0162163.dll by:
Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 1/24/2010 1:36:16 AM | Computer Name = NICOLE-6718CD37 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.Vundo in File: C:\System Volume Information\_restore{CF7BDC76-0375-47AD-B446-62B268F61845}\RP1127\A0162242.dll
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 1/29/2010 7:27:14 PM | Computer Name = NICOLE-6718CD37 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.Vundo in File: C:\System Volume Information\_restore{CF7BDC76-0375-47AD-B446-62B268F61845}\RP1127\A0162243.dll
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 1/29/2010 7:49:47 PM | Computer Name = NICOLE-6718CD37 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.Vundo in File: C:\System Volume Information\_restore{CF7BDC76-0375-47AD-B446-62B268F61845}\RP1127\A0162244.dll
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 2/1/2010 8:12:06 PM | Computer Name = NICOLE-6718CD37 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: C:\DOCUME~1\NICOLE~1\LOCALS~1\Temp\jar_cache7801556327740990446.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 2/1/2010 8:12:06 PM | Computer Name = NICOLE-6718CD37 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: C:\Documents and Settings\Nicole
Sousa\Local Settings\Temp\jar_cache8091683402500646820.tmp by: Auto-Protect scan.
Action: Clean failed : Quarantine failed : Access denied. Action Description:
The file was left unchanged.

Error - 2/1/2010 8:12:06 PM | Computer Name = NICOLE-6718CD37 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: C:\DOCUME~1\NICOLE~1\LOCALS~1\Temp\jar_cache8091683402500646820.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 2/1/2010 8:12:08 PM | Computer Name = NICOLE-6718CD37 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: C:\DOCUME~1\NICOLE~1\LOCALS~1\Temp\jar_cache1875178553213041208.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 2/1/2010 8:12:08 PM | Computer Name = NICOLE-6718CD37 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: C:\Documents and Settings\Nicole
Sousa\Local Settings\Temp\jar_cache8405253464373773195.tmp by: Auto-Protect scan.
Action: Clean failed : Quarantine failed : Access denied. Action Description:
The file was left unchanged.

Error - 2/1/2010 8:12:08 PM | Computer Name = NICOLE-6718CD37 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: C:\DOCUME~1\NICOLE~1\LOCALS~1\Temp\jar_cache8405253464373773195.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

[ Application Events ]
Error - 1/23/2010 4:31:57 AM | Computer Name = NICOLE-6718CD37 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Packed.Generic.217 in File: C:\System Volume
Information\_restore{CF7BDC76-0375-47AD-B446-62B268F61845}\RP1125\A0162163.dll by:
Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 1/24/2010 1:36:16 AM | Computer Name = NICOLE-6718CD37 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.Vundo in File: C:\System Volume Information\_restore{CF7BDC76-0375-47AD-B446-62B268F61845}\RP1127\A0162242.dll
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 1/29/2010 7:27:14 PM | Computer Name = NICOLE-6718CD37 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.Vundo in File: C:\System Volume Information\_restore{CF7BDC76-0375-47AD-B446-62B268F61845}\RP1127\A0162243.dll
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 1/29/2010 7:49:47 PM | Computer Name = NICOLE-6718CD37 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.Vundo in File: C:\System Volume Information\_restore{CF7BDC76-0375-47AD-B446-62B268F61845}\RP1127\A0162244.dll
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 2/1/2010 8:12:06 PM | Computer Name = NICOLE-6718CD37 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: C:\DOCUME~1\NICOLE~1\LOCALS~1\Temp\jar_cache7801556327740990446.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 2/1/2010 8:12:06 PM | Computer Name = NICOLE-6718CD37 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: C:\Documents and Settings\Nicole
Sousa\Local Settings\Temp\jar_cache8091683402500646820.tmp by: Auto-Protect scan.
Action: Clean failed : Quarantine failed : Access denied. Action Description:
The file was left unchanged.

Error - 2/1/2010 8:12:06 PM | Computer Name = NICOLE-6718CD37 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: C:\DOCUME~1\NICOLE~1\LOCALS~1\Temp\jar_cache8091683402500646820.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 2/1/2010 8:12:08 PM | Computer Name = NICOLE-6718CD37 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: C:\DOCUME~1\NICOLE~1\LOCALS~1\Temp\jar_cache1875178553213041208.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 2/1/2010 8:12:08 PM | Computer Name = NICOLE-6718CD37 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: C:\Documents and Settings\Nicole
Sousa\Local Settings\Temp\jar_cache8405253464373773195.tmp by: Auto-Protect scan.
Action: Clean failed : Quarantine failed : Access denied. Action Description:
The file was left unchanged.

Error - 2/1/2010 8:12:08 PM | Computer Name = NICOLE-6718CD37 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: C:\DOCUME~1\NICOLE~1\LOCALS~1\Temp\jar_cache8405253464373773195.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

[ System Events ]
Error - 1/30/2010 9:16:54 AM | Computer Name = NICOLE-6718CD37 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0012F018F59B. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 1/30/2010 9:38:29 AM | Computer Name = NICOLE-6718CD37 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0012F018F59B. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 1/30/2010 9:44:34 AM | Computer Name = NICOLE-6718CD37 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0012F018F59B. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 1/30/2010 9:45:44 AM | Computer Name = NICOLE-6718CD37 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0012F018F59B. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 1/30/2010 9:45:54 AM | Computer Name = NICOLE-6718CD37 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0012F018F59B. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 1/30/2010 9:48:44 AM | Computer Name = NICOLE-6718CD37 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0012F018F59B. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 1/30/2010 1:14:38 PM | Computer Name = NICOLE-6718CD37 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 1/30/2010 1:28:21 PM | Computer Name = NICOLE-6718CD37 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2/1/2010 8:46:20 PM | Computer Name = NICOLE-6718CD37 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Adobe Update Service
service to connect.

Error - 2/1/2010 8:46:20 PM | Computer Name = NICOLE-6718CD37 | Source = Service Control Manager | ID = 7000
Description = The Adobe Update Service service failed to start due to the following
error: %%1053


< End of report >

nsousa
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-18
OS OS : windows xp
Points Points : 25283
# Likes # Likes : 0

View user profile

Back to top Go down

Re: firowazo.dll

Post by Belahzur on 2nd February 2010, 7:31 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    SRV - File not found [Disabled | Stopped] -- -- (Spaqmmupds)
    SRV - [2010/02/01 17:43:10 | 000,037,376 | ---- | M] () [Auto | Stopped] -- C:\Program Files\svchost.exe -- (AdbUpd)
    O2 - BHO: (ADC PlugIn) - {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02} - C:\Program Files\adc32.dll (ASC - AntiSpyware)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [mabisimey] C:\WINDOWS\System32\tutepega.DLL ()
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [You must be registered and logged in to see this link.] (PopCapLoader Object)
    O20 - AppInit_DLLs: (c:\windows\system32\tutepega.dll c:\windows\system32\wayebomi.dll) - C:\WINDOWS\System32\tutepega.dll ()
    O20 - AppInit_DLLs: (zazuporo.dll) - C:\WINDOWS\System32\zazuporo.dll ()
    O21 - SSODL: lepewihol - {0e3a8783-974b-4111-8b9c-e3810ba5356c} - C:\WINDOWS\system32\wayebomi.dll ()
    O21 - SSODL: vuzilivag - {7f50bd7e-8863-48c2-90c3-2c77dd0a20d0} - C:\WINDOWS\system32\tutepega.dll ()
    O21 - SSODL: worubilif - {1dfa076a-546e-4a1f-bcd4-f9fafbf80cb4} - C:\WINDOWS\system32\wayebomi.dll ()
    O21 - SSODL: yerisoviv - {171d4207-74d9-4574-afed-9da9f1144a95} - C:\WINDOWS\system32\wayebomi.dll ()
    O21 - SSODL: zotuvuvot - {30eb09f2-44d8-40ee-a863-aa7bfb07df2f} - C:\WINDOWS\system32\wayebomi.dll ()
    O22 - SharedTaskScheduler: {0e3a8783-974b-4111-8b9c-e3810ba5356c} - mujuzedij - C:\WINDOWS\system32\wayebomi.dll ()
    O22 - SharedTaskScheduler: {171d4207-74d9-4574-afed-9da9f1144a95} - mujuzedij - C:\WINDOWS\system32\wayebomi.dll ()
    O22 - SharedTaskScheduler: {1dfa076a-546e-4a1f-bcd4-f9fafbf80cb4} - jugezatag - C:\WINDOWS\system32\wayebomi.dll ()
    O22 - SharedTaskScheduler: {30eb09f2-44d8-40ee-a863-aa7bfb07df2f} - jugezatag - C:\WINDOWS\system32\wayebomi.dll ()
    O22 - SharedTaskScheduler: {7f50bd7e-8863-48c2-90c3-2c77dd0a20d0} - kupuhivus - C:\WINDOWS\system32\tutepega.dll ()
    O33 - MountPoints2\{cbf33b96-d811-11dc-adfa-0012f018f59b}\Shell - "" = AutoRun
    O33 - MountPoints2\{cbf33b96-d811-11dc-adfa-0012f018f59b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{cbf33b96-d811-11dc-adfa-0012f018f59b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{dc87d756-6ef6-11de-8aee-806d6172696f}\Shell\AutoRun\command - "" = E:\slacker.synclauncher.exe -- File not found
    O33 - MountPoints2\{dc87d756-6ef6-11de-8aee-806d6172696f}\Shell\slacker\command - "" = E:\slacker.synclauncher.exe -- File not found
    O33 - MountPoints2\{fc244dec-8e6a-11dc-adcf-0012f018f59b}\Shell - "" = AutoRun
    O33 - MountPoints2\{fc244dec-8e6a-11dc-adcf-0012f018f59b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{fc244dec-8e6a-11dc-adcf-0012f018f59b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not foun
    [2010/02/01 17:43:18 | 000,958,464 | ---- | C] (ASC - AntiSpyware) -- C:\Program Files\adc32.dll
    [2010/02/01 17:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Your PC Protector
    [2099/01/01 12:00:00 | 000,095,744 | -HS- | M] () -- C:\WINDOWS\System32\wayebomi.dll
    [2099/01/01 12:00:00 | 000,093,184 | -HS- | M] () -- C:\WINDOWS\System32\tutepega.dll
    [2099/01/01 12:00:00 | 000,061,440 | -HS- | M] () -- C:\WINDOWS\System32\tasurizo.dll
    [2099/01/01 12:00:00 | 000,053,248 | -HS- | M] () -- C:\WINDOWS\System32\zazuporo.dll
    [2099/01/01 12:00:00 | 000,053,248 | -HS- | M] () -- C:\WINDOWS\System32\wepejapu.dll
    [2099/01/01 12:00:00 | 000,053,248 | -HS- | M] () -- C:\WINDOWS\System32\lodayija.dll
    [2099/01/01 12:00:00 | 000,053,248 | -HS- | M] () -- C:\WINDOWS\System32\kunokeja.dll
    [2099/01/01 12:00:00 | 000,053,248 | -HS- | M] () -- C:\WINDOWS\System32\fiyamepe.dll
    [2099/01/01 12:00:00 | 000,049,664 | -HS- | M] () -- C:\WINDOWS\System32\ropenoya.dll
    [2099/01/01 12:00:00 | 000,049,664 | -HS- | M] () -- C:\WINDOWS\System32\pasufizi.dll
    [2099/01/01 12:00:00 | 000,048,128 | -HS- | M] () -- C:\WINDOWS\System32\sosubova.dll
    [2099/01/01 12:00:00 | 000,047,104 | -HS- | M] () -- C:\WINDOWS\System32\jutugife.dll
    [2099/01/01 12:00:00 | 000,042,496 | -HS- | M] () -- C:\WINDOWS\System32\paweharo.dll
    [2010/02/01 20:00:04 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\lehifili
    [2010/02/01 20:00:01 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\kosrecsr.job
    [2010/02/01 17:43:18 | 000,043,520 | ---- | M] () -- C:\Program Files\alggui.exe
    [2010/02/01 17:43:15 | 000,000,009 | ---- | M] () -- C:\Program Files\nuar.old
    [2010/02/01 17:43:10 | 000,037,376 | ---- | M] () -- C:\Program Files\svchost.exe


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: firowazo.dll

Post by nsousa on 4th February 2010, 12:03 am

Hello There,

I ran the fix and the program stated that it was successfully completed, and then asked for me to click 'OK' to get the fix log. However, no log appears. I attempted to repeat this process twice, both times with the same result.

nsousa
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-18
OS OS : windows xp
Points Points : 25283
# Likes # Likes : 0

View user profile

Back to top Go down

Re: firowazo.dll

Post by Belahzur on 4th February 2010, 12:43 am

Hello.
Is there a saved log at C:\_OTL?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: firowazo.dll

Post by nsousa on 4th February 2010, 1:33 am

Hello.

You were right. Found the log there. I think I just realized why it didn't open up...I'm finding that my programs are apparently corrupted. For instance, to run notepad, I now have to browse to find notepad under the application I want to open notepad.exe with. This is happening with almost all programs. And I cannot open Microsoft Word without getting an error message of, "Application Not Found."

========== OTL ==========
Service Spaqmmupds stopped successfully!
Service Spaqmmupds deleted successfully!
Service AdbUpd stopped successfully!
Service AdbUpd deleted successfully!
C:\Program Files\svchost.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}\ deleted successfully.
C:\Program Files\adc32.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mabisimey deleted successfully.
C:\WINDOWS\system32\tutepega.dll moved successfully.
Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
C:\WINDOWS\Downloaded Program Files\popcaploader.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\tutepega.dll c:\windows\system32\wayebomi.dll deleted successfully.
File C:\WINDOWS\System32\tutepega.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:zazuporo.dll deleted successfully.
C:\WINDOWS\system32\zazuporo.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\lepewihol deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e3a8783-974b-4111-8b9c-e3810ba5356c}\ deleted successfully.
C:\WINDOWS\system32\wayebomi.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\vuzilivag deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f50bd7e-8863-48c2-90c3-2c77dd0a20d0}\ deleted successfully.
File C:\WINDOWS\system32\tutepega.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\worubilif deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dfa076a-546e-4a1f-bcd4-f9fafbf80cb4}\ deleted successfully.
File C:\WINDOWS\system32\wayebomi.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\yerisoviv deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171d4207-74d9-4574-afed-9da9f1144a95}\ deleted successfully.
File C:\WINDOWS\system32\wayebomi.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\zotuvuvot deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30eb09f2-44d8-40ee-a863-aa7bfb07df2f}\ deleted successfully.
File C:\WINDOWS\system32\wayebomi.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{0e3a8783-974b-4111-8b9c-e3810ba5356c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e3a8783-974b-4111-8b9c-e3810ba5356c}\ not found.
File C:\WINDOWS\system32\wayebomi.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{171d4207-74d9-4574-afed-9da9f1144a95} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171d4207-74d9-4574-afed-9da9f1144a95}\ not found.
File C:\WINDOWS\system32\wayebomi.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{1dfa076a-546e-4a1f-bcd4-f9fafbf80cb4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dfa076a-546e-4a1f-bcd4-f9fafbf80cb4}\ not found.
File C:\WINDOWS\system32\wayebomi.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{30eb09f2-44d8-40ee-a863-aa7bfb07df2f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30eb09f2-44d8-40ee-a863-aa7bfb07df2f}\ not found.
File C:\WINDOWS\system32\wayebomi.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{7f50bd7e-8863-48c2-90c3-2c77dd0a20d0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f50bd7e-8863-48c2-90c3-2c77dd0a20d0}\ deleted successfully.
File C:\WINDOWS\system32\tutepega.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbf33b96-d811-11dc-adfa-0012f018f59b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbf33b96-d811-11dc-adfa-0012f018f59b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbf33b96-d811-11dc-adfa-0012f018f59b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbf33b96-d811-11dc-adfa-0012f018f59b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbf33b96-d811-11dc-adfa-0012f018f59b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbf33b96-d811-11dc-adfa-0012f018f59b}\ not found.
File E:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc87d756-6ef6-11de-8aee-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc87d756-6ef6-11de-8aee-806d6172696f}\ not found.
File E:\slacker.synclauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc87d756-6ef6-11de-8aee-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc87d756-6ef6-11de-8aee-806d6172696f}\ not found.
File E:\slacker.synclauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc244dec-8e6a-11dc-adcf-0012f018f59b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc244dec-8e6a-11dc-adcf-0012f018f59b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc244dec-8e6a-11dc-adcf-0012f018f59b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc244dec-8e6a-11dc-adcf-0012f018f59b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc244dec-8e6a-11dc-adcf-0012f018f59b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc244dec-8e6a-11dc-adcf-0012f018f59b}\ not found.
File E:\LaunchU3.exe not found.
File C:\Program Files\adc32.dll not found.
C:\Program Files\Your PC Protector folder moved successfully.
File C:\WINDOWS\System32\wayebomi.dll not found.
File C:\WINDOWS\System32\tutepega.dll not found.
File C:\WINDOWS\System32\tasurizo.dll not found.
File C:\WINDOWS\System32\zazuporo.dll not found.
C:\WINDOWS\system32\wepejapu.dll moved successfully.
C:\WINDOWS\system32\lodayija.dll moved successfully.
C:\WINDOWS\system32\kunokeja.dll moved successfully.
C:\WINDOWS\system32\fiyamepe.dll moved successfully.
C:\WINDOWS\system32\ropenoya.dll moved successfully.
C:\WINDOWS\system32\pasufizi.dll moved successfully.
C:\WINDOWS\system32\sosubova.dll moved successfully.
C:\WINDOWS\system32\jutugife.dll moved successfully.
C:\WINDOWS\system32\paweharo.dll moved successfully.
C:\WINDOWS\system32\lehifili moved successfully.
File C:\WINDOWS\tasks\kosrecsr.job not found.
C:\Program Files\alggui.exe moved successfully.
C:\Program Files\nuar.old moved successfully.
File C:\Program Files\svchost.exe not found.

OTL by OldTimer - Version 3.1.27.1 log created on 02032010_174644

nsousa
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-18
OS OS : windows xp
Points Points : 25283
# Likes # Likes : 0

View user profile

Back to top Go down

Re: firowazo.dll

Post by Belahzur on 4th February 2010, 11:48 pm

Can you run MBAM now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

MBAM Log

Post by nsousa on 5th February 2010, 1:04 am

Hello!
Yes, I was able to run MBAM. And everything seems to be working alright...for now. Smile

Malwarebytes' Anti-Malware 1.44
Database version: 3691
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

2/4/2010 6:52:26 PM
mbam-log-2010-02-04 (18-52-26).txt

Scan type: Quick Scan
Objects scanned: 129663
Time elapsed: 14 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 3
Registry Data Items Infected: 5
Folders Infected: 2
Files Infected: 36

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77dc0baa-3235-4ba9-8be8-aa9eb678fa02} (Rogue.ASCAntispyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mabisimey (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\Program Files\alggui.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5cad2b7d-3eb6-41f9-b443-868399c8765c}\NameServer (Trojan.DNSChanger) -> Data: 83.149.115.157,4.2.2.1,192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7352e0b1-bf38-4023-9567-a4c6e44a4a3f}\NameServer (Trojan.DNSChanger) -> Data: 83.149.115.157,4.2.2.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{82f0d4c2-fb40-4eb6-9866-a6fbb805507c}\NameServer (Trojan.DNSChanger) -> Data: 83.149.115.157,4.2.2.1 -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\schtml (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images (Rogue.YourPCProtector) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\rotemigo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\win1.tmp (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Program Files\schtml\dbsinit.exe (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\wispex.html (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\i1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\i2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\i3.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\j1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\j2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\j3.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\jj1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\jj2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\jj3.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\l1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\l2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\l3.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\pix.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\t1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\t2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\Thumbs.db (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\up1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\up2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\w1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\w11.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\w2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\w3.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\w3.jpg (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\word.doc (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\wt1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\wt2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\schtml\images\wt3.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully.
C:\Program Files\wp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\wp4.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\EndNote10.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Sousa\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

nsousa
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-18
OS OS : windows xp
Points Points : 25283
# Likes # Likes : 0

View user profile

Back to top Go down

Re: firowazo.dll

Post by Belahzur on 5th February 2010, 1:41 am

Please try running Combofix as well.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: firowazo.dll

Post by nsousa on 5th February 2010, 3:28 am

Hello,

I attempted to disable my AV (Symantec AntiVirus 9.0.0.1400) by disabling Auto-Protect in the system tray, as well as on the program itself under the "configure" section. However, combofix still claims that my AV is still active. I read the forum on disabling AVs, but I cannot figure out what the issue is. Any advice?

Thanks!

nsousa
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-18
OS OS : windows xp
Points Points : 25283
# Likes # Likes : 0

View user profile

Back to top Go down

Re: firowazo.dll

Post by Belahzur on 5th February 2010, 5:03 pm

Hello.

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

Run Combofix in Safe Mode, the AV wont interfere in Safe Mode.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum