Malware Defense Removal

View previous topic View next topic Go down

Re: Malware Defense Removal

Post by Belahzur on Sun Jan 31, 2010 7:58 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Sun Jan 31, 2010 9:13 pm

It won't let me run combofix, it says the "file is infected" and asks me to run my anti virus software.
I looked at how to disable my AV, but it seems nȯne of them apply to me.
I turned off windows firwall, and my Norton doesn't open

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25741
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Mon Feb 01, 2010 1:21 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\SYSTEM32\smss32.exe (UiRXgyfcN)
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon32.exe) - C:\WINDOWS\SYSTEM32\winlogon32.exe (UiRXgyfcN)
    O22 - SharedTaskScheduler: {C4BF49A2-94F1-42BD-F034-3604811C807D} - lkjah87hfijgnfasidofgysgiughnjfkgfgdfgf - C:\WINDOWS\SYSTEM32\k8efzgigz.dll ()
    O33 - MountPoints2\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\Shell - "" = AutoRun
    O33 - MountPoints2\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    [2010/01/22 20:06:06 | 000,022,528 | ---- | C] (UiRXgyfcN) -- C:\WINDOWS\System32\winlogon32.exe
    [2010/01/22 20:06:06 | 000,022,528 | ---- | C] (UiRXgyfcN) -- C:\WINDOWS\System32\smss32.exe
    [2010/01/22 20:06:02 | 000,022,528 | ---- | C] (UiRXgyfcN) -- C:\kkalf.exe
    [2010/01/31 12:54:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    [2010/01/31 12:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28703.exe
    [2010/01/31 12:40:00 | 000,000,312 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
    [2010/01/31 12:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9894.exe
    [2010/01/31 12:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17035.exe
    [2010/01/31 11:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26299.exe
    [2010/01/31 11:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25667.exe
    [2010/01/31 11:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19912.exe
    [2010/01/31 10:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1869.exe
    [2010/01/31 10:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11538.exe
    [2010/01/31 10:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14771.exe
    [2010/01/31 09:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21726.exe
    [2010/01/31 09:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5447.exe
    [2010/01/31 09:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19895.exe
    [2010/01/31 08:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19718.exe
    [2010/01/31 08:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18716.exe
    [2010/01/31 08:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17421.exe
    [2010/01/31 07:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12382.exe
    [2010/01/31 07:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\292.exe
    [2010/01/31 07:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\153.exe
    [2010/01/31 06:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3902.exe
    [2010/01/31 06:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14604.exe
    [2010/01/31 06:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32391.exe
    [2010/01/31 05:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe
    [2010/01/31 05:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4827.exe
    [2010/01/31 05:11:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe
    [2010/01/31 04:51:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe
    [2010/01/31 04:31:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
    [2010/01/31 04:11:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
    [2010/01/31 03:51:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
    [2010/01/31 03:34:03 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
    [2010/01/31 03:31:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
    [2010/01/31 03:11:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
    [2010/01/31 02:51:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
    [2010/01/31 02:31:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
    [2010/01/31 02:11:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
    [2010/01/31 01:51:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
    [2010/01/31 01:31:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
    [2010/01/31 01:11:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
    [2010/01/31 00:51:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
    [2010/01/31 00:31:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
    [2010/01/31 00:10:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
    [2010/01/31 00:02:52 | 000,110,953 | ---- | M] () -- C:\autoexec.exe
    [2010/01/30 23:50:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
    [2010/01/30 23:49:31 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\4kmft5rn.exe
    [2010/01/30 23:30:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\IS15.exe
    [2010/01/30 23:30:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
    [2010/01/30 23:30:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\helper32.dll
    [2010/01/30 12:52:04 | 000,001,754 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\AntiVirus Plus.lnk
    [2010/01/30 12:52:03 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk
    [2010/01/30 12:51:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Iqajocimafeyute.bin
    [2010/01/29 19:15:13 | 000,028,409 | ---- | M] () -- C:\WINDOWS\System32\O9I033SIX1.dat
    [2010/01/29 18:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19589.exe
    [2010/01/29 18:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15281.exe
    [2010/01/29 18:13:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14798.exe
    [2010/01/29 17:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19796.exe
    [2010/01/29 17:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20580.exe
    [2010/01/29 17:13:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6618.exe
    [2010/01/29 16:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13458.exe
    [2010/01/29 16:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25200.exe
    [2010/01/29 16:13:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7448.exe
    [2010/01/29 15:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9503.exe
    [2010/01/29 15:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29314.exe
    [2010/01/29 15:13:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1587.exe
    [2010/01/29 14:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30523.exe
    [2010/01/29 14:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14343.exe
    [2010/01/29 14:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3093.exe
    [2010/01/29 13:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20485.exe
    [2010/01/29 13:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3195.exe
    [2010/01/29 13:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32702.exe
    [2010/01/29 12:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14989.exe
    [2010/01/29 12:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32609.exe
    [2010/01/29 12:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5844.exe
    [2010/01/29 11:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11008.exe
    [2010/01/29 11:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6224.exe
    [2010/01/29 11:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30303.exe
    [2010/01/29 10:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22798.exe
    [2010/01/29 10:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31556.exe
    [2010/01/29 10:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16519.exe
    [2010/01/29 09:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5249.exe
    [2010/01/29 09:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20600.exe
    [2010/01/29 09:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17451.exe
    [2010/01/29 08:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18935.exe
    [2010/01/29 08:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7616.exe
    [2010/01/29 08:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14309.exe
    [2010/01/29 07:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9514.exe
    [2010/01/29 07:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22813.exe
    [2010/01/29 07:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6617.exe
    [2010/01/29 06:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14310.exe
    [2010/01/29 06:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2421.exe
    [2010/01/29 06:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17807.exe
    [2010/01/29 05:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22483.exe
    [2010/01/29 05:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24648.exe
    [2010/01/29 05:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14893.exe
    [2010/01/29 04:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3728.exe
    [2010/01/29 04:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\467.exe
    [2010/01/29 04:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18127.exe
    [2010/01/29 03:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3788.exe
    [2010/01/29 03:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6900.exe
    [2010/01/29 03:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27938.exe
    [2010/01/29 02:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26418.exe
    [2010/01/29 02:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1999.exe
    [2010/01/29 02:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\53.exe
    [2010/01/29 01:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4734.exe
    [2010/01/29 01:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8281.exe
    [2010/01/29 01:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24484.exe
    [2010/01/29 00:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19668.exe
    [2010/01/29 00:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23199.exe
    [2010/01/29 00:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27348.exe
    [2010/01/28 23:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24021.exe
    [2010/01/28 23:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4596.exe
    [2010/01/28 23:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11020.exe
    [2010/01/28 22:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9374.exe
    [2010/01/28 22:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30836.exe
    [2010/01/28 22:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\10291.exe
    [2010/01/28 21:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24350.exe
    [2010/01/28 21:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3602.exe
    [2010/01/28 21:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4041.exe
    [2010/01/28 20:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27595.exe
    [2010/01/28 20:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6483.exe
    [2010/01/28 20:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21548.exe
    [2010/01/28 19:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20537.exe
    [2010/01/28 19:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27624.exe
    [2010/01/28 19:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6359.exe
    [2010/01/28 18:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17410.exe
    [2010/01/28 18:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1655.exe
    [2010/01/28 18:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18762.exe
    [2010/01/28 17:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32591.exe
    [2010/01/28 17:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\900.exe
    [2010/01/28 17:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29168.exe
    [2010/01/28 16:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16413.exe
    [2010/01/28 16:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13030.exe
    [2010/01/28 16:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27506.exe
    [2010/01/28 15:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24946.exe
    [2010/01/28 15:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6422.exe
    [2010/01/28 15:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18588.exe
    [2010/01/28 14:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24221.exe
    [2010/01/28 14:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9758.exe
    [2010/01/28 14:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32209.exe
    [2010/01/28 13:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8909.exe
    [2010/01/28 13:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14945.exe
    [2010/01/28 13:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\10383.exe
    [2010/01/28 12:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27753.exe
    [2010/01/28 12:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12287.exe
    [2010/01/28 12:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15457.exe
    [2010/01/28 11:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11337.exe
    [2010/01/28 11:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18007.exe
    [2010/01/28 11:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30191.exe
    [2010/01/28 10:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31107.exe
    [2010/01/28 10:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3430.exe
    [2010/01/28 10:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13966.exe
    [2010/01/28 09:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21724.exe
    [2010/01/28 09:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16941.exe
    [2010/01/28 09:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1150.exe
    [2010/01/28 08:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27350.exe
    [2010/01/28 08:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12052.exe
    [2010/01/28 08:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4031.exe
    [2010/01/28 07:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15574.exe
    [2010/01/28 07:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23655.exe
    [2010/01/28 07:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24767.exe
    [2010/01/28 06:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22355.exe
    [2010/01/28 06:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18636.exe
    [2010/01/28 06:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9161.exe
    [2010/01/28 05:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13290.exe
    [2010/01/28 05:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23986.exe
    [2010/01/28 05:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16512.exe
    [2010/01/28 04:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5097.exe
    [2010/01/28 04:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15573.exe
    [2010/01/28 04:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26777.exe
    [2010/01/28 03:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5829.exe
    [2010/01/28 03:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6270.exe
    [2010/01/28 03:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19072.exe
    [2010/01/28 02:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26924.exe
    [2010/01/28 02:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28745.exe
    [2010/01/28 02:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5021.exe
    [2010/01/28 01:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22386.exe
    [2010/01/28 01:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31673.exe
    [2010/01/28 01:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2306.exe
    [2010/01/28 00:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13977.exe
    [2010/01/28 00:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9930.exe
    [2010/01/28 00:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22704.exe
    [2010/01/27 23:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29658.exe
    [2010/01/27 23:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4639.exe
    [2010/01/27 23:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31115.exe
    [2010/01/27 22:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4833.exe
    [2010/01/27 22:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16541.exe
    [2010/01/27 22:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22929.exe
    [2010/01/27 21:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2082.exe
    [2010/01/27 21:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16118.exe
    [2010/01/27 21:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21538.exe
    [2010/01/27 20:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5537.exe
    [2010/01/27 20:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11323.exe
    [2010/01/27 20:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24626.exe
    [2010/01/27 19:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32439.exe
    [2010/01/27 19:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16944.exe
    [2010/01/27 19:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26308.exe
    [2010/01/27 18:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13931.exe
    [2010/01/27 18:33:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7376.exe
    [2010/01/27 18:13:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4966.exe
    [2010/01/27 17:53:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11840.exe
    [2010/01/27 17:33:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18756.exe
    [2010/01/27 17:13:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19954.exe
    [2010/01/27 16:53:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24084.exe
    [2010/01/27 16:33:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12623.exe
    [2010/01/27 16:13:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19629.exe
    [2010/01/27 15:53:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3548.exe
    [2010/01/27 15:33:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24393.exe
    [2010/01/27 15:13:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31101.exe
    [2010/01/27 14:53:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15006.exe
    [2010/01/27 14:33:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15350.exe
    [2010/01/27 14:13:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24370.exe
    [2010/01/27 13:53:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6729.exe
    [2010/01/27 13:33:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15890.exe
    [2010/01/27 13:13:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23805.exe
    [2010/01/27 12:53:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27446.exe
    [2010/01/27 12:33:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22648.exe
    [2010/01/27 12:13:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19264.exe
    [2010/01/27 11:53:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8942.exe
    [2010/01/27 11:33:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9040.exe
    [2010/01/27 11:13:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30106.exe
    [2010/01/27 10:53:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\288.exe
    [2010/01/27 10:33:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1842.exe
    [2010/01/27 10:12:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22190.exe
    [2010/01/27 09:52:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3035.exe
    [2010/01/27 09:32:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12316.exe
    [2010/01/27 09:12:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\778.exe
    [2010/01/27 08:51:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27529.exe
    [2010/01/27 08:31:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9741.exe
    [2010/01/27 08:11:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8723.exe
    [2010/01/27 07:50:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12859.exe
    [2010/01/27 07:30:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20037.exe
    [2010/01/27 07:10:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32757.exe
    [2010/01/27 06:50:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32662.exe
    [2010/01/27 06:29:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27644.exe
    [2010/01/27 06:09:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25547.exe
    [2010/01/27 05:49:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6868.exe
    [2010/01/27 05:28:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28253.exe
    [2010/01/27 05:08:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7711.exe
    [2010/01/27 04:48:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15141.exe
    [2010/01/27 04:27:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4664.exe
    [2010/01/27 04:07:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17673.exe
    [2010/01/27 03:47:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30333.exe
    [2010/01/27 03:27:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31322.exe
    [2010/01/27 03:06:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23811.exe
    [2010/01/22 20:06:45 | 000,118,256 | ---- | M] () -- C:\WINDOWS\System32\7Pb5AGmfE-.exe
    [2010/01/22 20:06:11 | 000,180,224 | ---- | M] () -- C:\WINDOWS\msa.exe
    [2010/01/22 20:06:07 | 000,000,001 | ---- | M] () -- C:\s
    [2010/01/22 20:06:02 | 000,022,528 | ---- | M] (UiRXgyfcN) -- C:\WINDOWS\System32\winlogon32.exe
    [2010/01/22 20:06:02 | 000,022,528 | ---- | M] (UiRXgyfcN) -- C:\WINDOWS\System32\smss32.exe
    [2010/01/22 20:06:02 | 000,022,528 | ---- | M] (UiRXgyfcN) -- C:\kkalf.exe
    [2010/01/22 20:06:02 | 000,015,000 | ---- | M] () -- C:\WINDOWS\System32\k8efzgigz.dll
    [2010/01/22 20:05:39 | 000,057,356 | ---- | M] () -- C:\WINDOWS\System32\net.net
    [2010/01/22 19:49:17 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch Anti-Virus PLUS.lnk
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "UserInit"="C:\WINDOWS\system32\userinit.exe,"


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Mon Feb 01, 2010 8:40 am

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\smss32.exe deleted successfully.
C:\WINDOWS\SYSTEM32\smss32.exe moved successfully.
Starting removal of ActiveX control {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error.\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\winlogon32.exe deleted successfully.
C:\WINDOWS\SYSTEM32\winlogon32.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{C4BF49A2-94F1-42BD-F034-3604811C807D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4BF49A2-94F1-42BD-F034-3604811C807D}\ deleted successfully.
C:\WINDOWS\SYSTEM32\k8efzgigz.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\ not found.
File F:\LaunchU3.exe not found.
File C:\WINDOWS\System32\winlogon32.exe not found.
File C:\WINDOWS\System32\smss32.exe not found.
C:\kkalf.exe moved successfully.
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\WINDOWS\SYSTEM32\28703.exe moved successfully.
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully.
C:\WINDOWS\SYSTEM32\9894.exe moved successfully.
C:\WINDOWS\SYSTEM32\17035.exe moved successfully.
C:\WINDOWS\SYSTEM32\26299.exe moved successfully.
C:\WINDOWS\SYSTEM32\25667.exe moved successfully.
C:\WINDOWS\SYSTEM32\19912.exe moved successfully.
C:\WINDOWS\SYSTEM32\1869.exe moved successfully.
C:\WINDOWS\SYSTEM32\11538.exe moved successfully.
C:\WINDOWS\SYSTEM32\14771.exe moved successfully.
C:\WINDOWS\SYSTEM32\21726.exe moved successfully.
C:\WINDOWS\SYSTEM32\5447.exe moved successfully.
C:\WINDOWS\SYSTEM32\19895.exe moved successfully.
C:\WINDOWS\SYSTEM32\19718.exe moved successfully.
C:\WINDOWS\SYSTEM32\18716.exe moved successfully.
C:\WINDOWS\SYSTEM32\17421.exe moved successfully.
C:\WINDOWS\SYSTEM32\12382.exe moved successfully.
C:\WINDOWS\SYSTEM32\292.exe moved successfully.
C:\WINDOWS\SYSTEM32\153.exe moved successfully.
C:\WINDOWS\SYSTEM32\3902.exe moved successfully.
C:\WINDOWS\SYSTEM32\14604.exe moved successfully.
C:\WINDOWS\SYSTEM32\32391.exe moved successfully.
C:\WINDOWS\SYSTEM32\5436.exe moved successfully.
C:\WINDOWS\SYSTEM32\4827.exe moved successfully.
C:\WINDOWS\SYSTEM32\11942.exe moved successfully.
C:\WINDOWS\SYSTEM32\2995.exe moved successfully.
C:\WINDOWS\SYSTEM32\491.exe moved successfully.
C:\WINDOWS\SYSTEM32\9961.exe moved successfully.
C:\WINDOWS\SYSTEM32\16827.exe moved successfully.
C:\WINDOWS\tasks\RegCure.job moved successfully.
C:\WINDOWS\SYSTEM32\23281.exe moved successfully.
C:\WINDOWS\SYSTEM32\28145.exe moved successfully.
C:\WINDOWS\SYSTEM32\5705.exe moved successfully.
C:\WINDOWS\SYSTEM32\24464.exe moved successfully.
C:\WINDOWS\SYSTEM32\26962.exe moved successfully.
C:\WINDOWS\SYSTEM32\29358.exe moved successfully.
C:\WINDOWS\SYSTEM32\11478.exe moved successfully.
C:\WINDOWS\SYSTEM32\15724.exe moved successfully.
C:\WINDOWS\SYSTEM32\19169.exe moved successfully.
C:\WINDOWS\SYSTEM32\26500.exe moved successfully.
C:\WINDOWS\SYSTEM32\6334.exe moved successfully.
C:\autoexec.exe moved successfully.
C:\WINDOWS\SYSTEM32\18467.exe moved successfully.
C:\Documents and Settings\Wayne Noble\Desktop\4kmft5rn.exe moved successfully.
File move failed. C:\WINDOWS\SYSTEM32\IS15.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\SYSTEM32\41.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\SYSTEM32\helper32.dll scheduled to be moved on reboot.
C:\Documents and Settings\Wayne Noble\Desktop\AntiVirus Plus.lnk moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk moved successfully.
C:\WINDOWS\Iqajocimafeyute.bin moved successfully.
C:\WINDOWS\SYSTEM32\O9I033SIX1.dat moved successfully.
C:\WINDOWS\SYSTEM32\19589.exe moved successfully.
C:\WINDOWS\SYSTEM32\15281.exe moved successfully.
C:\WINDOWS\SYSTEM32\14798.exe moved successfully.
C:\WINDOWS\SYSTEM32\19796.exe moved successfully.
C:\WINDOWS\SYSTEM32\20580.exe moved successfully.
C:\WINDOWS\SYSTEM32\6618.exe moved successfully.
C:\WINDOWS\SYSTEM32\13458.exe moved successfully.
C:\WINDOWS\SYSTEM32\25200.exe moved successfully.
C:\WINDOWS\SYSTEM32\7448.exe moved successfully.
C:\WINDOWS\SYSTEM32\9503.exe moved successfully.
C:\WINDOWS\SYSTEM32\29314.exe moved successfully.
C:\WINDOWS\SYSTEM32\1587.exe moved successfully.
C:\WINDOWS\SYSTEM32\30523.exe moved successfully.
C:\WINDOWS\SYSTEM32\14343.exe moved successfully.
C:\WINDOWS\SYSTEM32\3093.exe moved successfully.
C:\WINDOWS\SYSTEM32\20485.exe moved successfully.
C:\WINDOWS\SYSTEM32\3195.exe moved successfully.
C:\WINDOWS\SYSTEM32\32702.exe moved successfully.
C:\WINDOWS\SYSTEM32\14989.exe moved successfully.
C:\WINDOWS\SYSTEM32\32609.exe moved successfully.
C:\WINDOWS\SYSTEM32\5844.exe moved successfully.
C:\WINDOWS\SYSTEM32\11008.exe moved successfully.
C:\WINDOWS\SYSTEM32\6224.exe moved successfully.
C:\WINDOWS\SYSTEM32\30303.exe moved successfully.
C:\WINDOWS\SYSTEM32\22798.exe moved successfully.
C:\WINDOWS\SYSTEM32\31556.exe moved successfully.
C:\WINDOWS\SYSTEM32\16519.exe moved successfully.
C:\WINDOWS\SYSTEM32\5249.exe moved successfully.
C:\WINDOWS\SYSTEM32\20600.exe moved successfully.
C:\WINDOWS\SYSTEM32\17451.exe moved successfully.
C:\WINDOWS\SYSTEM32\18935.exe moved successfully.
C:\WINDOWS\SYSTEM32\7616.exe moved successfully.
C:\WINDOWS\SYSTEM32\14309.exe moved successfully.
C:\WINDOWS\SYSTEM32\9514.exe moved successfully.
C:\WINDOWS\SYSTEM32\22813.exe moved successfully.
C:\WINDOWS\SYSTEM32\6617.exe moved successfully.
C:\WINDOWS\SYSTEM32\14310.exe moved successfully.
C:\WINDOWS\SYSTEM32\2421.exe moved successfully.
C:\WINDOWS\SYSTEM32\17807.exe moved successfully.
C:\WINDOWS\SYSTEM32\22483.exe moved successfully.
C:\WINDOWS\SYSTEM32\24648.exe moved successfully.
C:\WINDOWS\SYSTEM32\14893.exe moved successfully.
C:\WINDOWS\SYSTEM32\3728.exe moved successfully.
C:\WINDOWS\SYSTEM32\467.exe moved successfully.
C:\WINDOWS\SYSTEM32\18127.exe moved successfully.
C:\WINDOWS\SYSTEM32\3788.exe moved successfully.
C:\WINDOWS\SYSTEM32\6900.exe moved successfully.
C:\WINDOWS\SYSTEM32\27938.exe moved successfully.
C:\WINDOWS\SYSTEM32\26418.exe moved successfully.
C:\WINDOWS\SYSTEM32\1999.exe moved successfully.
C:\WINDOWS\SYSTEM32\53.exe moved successfully.
C:\WINDOWS\SYSTEM32\4734.exe moved successfully.
C:\WINDOWS\SYSTEM32\8281.exe moved successfully.
C:\WINDOWS\SYSTEM32\24484.exe moved successfully.
C:\WINDOWS\SYSTEM32\19668.exe moved successfully.
C:\WINDOWS\SYSTEM32\23199.exe moved successfully.
C:\WINDOWS\SYSTEM32\27348.exe moved successfully.
C:\WINDOWS\SYSTEM32\24021.exe moved successfully.
C:\WINDOWS\SYSTEM32\4596.exe moved successfully.
C:\WINDOWS\SYSTEM32\11020.exe moved successfully.
C:\WINDOWS\SYSTEM32\9374.exe moved successfully.
C:\WINDOWS\SYSTEM32\30836.exe moved successfully.
C:\WINDOWS\SYSTEM32\10291.exe moved successfully.
C:\WINDOWS\SYSTEM32\24350.exe moved successfully.
C:\WINDOWS\SYSTEM32\3602.exe moved successfully.
C:\WINDOWS\SYSTEM32\4041.exe moved successfully.
C:\WINDOWS\SYSTEM32\27595.exe moved successfully.
C:\WINDOWS\SYSTEM32\6483.exe moved successfully.
C:\WINDOWS\SYSTEM32\21548.exe moved successfully.
C:\WINDOWS\SYSTEM32\20537.exe moved successfully.
C:\WINDOWS\SYSTEM32\27624.exe moved successfully.
C:\WINDOWS\SYSTEM32\6359.exe moved successfully.
C:\WINDOWS\SYSTEM32\17410.exe moved successfully.
C:\WINDOWS\SYSTEM32\1655.exe moved successfully.
C:\WINDOWS\SYSTEM32\18762.exe moved successfully.
C:\WINDOWS\SYSTEM32\32591.exe moved successfully.
C:\WINDOWS\SYSTEM32\900.exe moved successfully.
C:\WINDOWS\SYSTEM32\29168.exe moved successfully.
C:\WINDOWS\SYSTEM32\16413.exe moved successfully.
C:\WINDOWS\SYSTEM32\13030.exe moved successfully.
C:\WINDOWS\SYSTEM32\27506.exe moved successfully.
C:\WINDOWS\SYSTEM32\24946.exe moved successfully.
C:\WINDOWS\SYSTEM32\6422.exe moved successfully.
C:\WINDOWS\SYSTEM32\18588.exe moved successfully.
C:\WINDOWS\SYSTEM32\24221.exe moved successfully.
C:\WINDOWS\SYSTEM32\9758.exe moved successfully.
C:\WINDOWS\SYSTEM32\32209.exe moved successfully.
C:\WINDOWS\SYSTEM32\8909.exe moved successfully.
C:\WINDOWS\SYSTEM32\14945.exe moved successfully.
C:\WINDOWS\SYSTEM32\10383.exe moved successfully.
C:\WINDOWS\SYSTEM32\27753.exe moved successfully.
C:\WINDOWS\SYSTEM32\12287.exe moved successfully.
C:\WINDOWS\SYSTEM32\15457.exe moved successfully.
C:\WINDOWS\SYSTEM32\11337.exe moved successfully.
C:\WINDOWS\SYSTEM32\18007.exe moved successfully.
C:\WINDOWS\SYSTEM32\30191.exe moved successfully.
C:\WINDOWS\SYSTEM32\31107.exe moved successfully.
C:\WINDOWS\SYSTEM32\3430.exe moved successfully.
C:\WINDOWS\SYSTEM32\13966.exe moved successfully.
C:\WINDOWS\SYSTEM32\21724.exe moved successfully.
C:\WINDOWS\SYSTEM32\16941.exe moved successfully.
C:\WINDOWS\SYSTEM32\1150.exe moved successfully.
C:\WINDOWS\SYSTEM32\27350.exe moved successfully.
C:\WINDOWS\SYSTEM32\12052.exe moved successfully.
C:\WINDOWS\SYSTEM32\4031.exe moved successfully.
C:\WINDOWS\SYSTEM32\15574.exe moved successfully.
C:\WINDOWS\SYSTEM32\23655.exe moved successfully.
C:\WINDOWS\SYSTEM32\24767.exe moved successfully.
C:\WINDOWS\SYSTEM32\22355.exe moved successfully.
C:\WINDOWS\SYSTEM32\18636.exe moved successfully.
C:\WINDOWS\SYSTEM32\9161.exe moved successfully.
C:\WINDOWS\SYSTEM32\13290.exe moved successfully.
C:\WINDOWS\SYSTEM32\23986.exe moved successfully.
C:\WINDOWS\SYSTEM32\16512.exe moved successfully.
C:\WINDOWS\SYSTEM32\5097.exe moved successfully.
C:\WINDOWS\SYSTEM32\15573.exe moved successfully.
C:\WINDOWS\SYSTEM32\26777.exe moved successfully.
C:\WINDOWS\SYSTEM32\5829.exe moved successfully.
C:\WINDOWS\SYSTEM32\6270.exe moved successfully.
C:\WINDOWS\SYSTEM32\19072.exe moved successfully.
C:\WINDOWS\SYSTEM32\26924.exe moved successfully.
C:\WINDOWS\SYSTEM32\28745.exe moved successfully.
C:\WINDOWS\SYSTEM32\5021.exe moved successfully.
C:\WINDOWS\SYSTEM32\22386.exe moved successfully.
C:\WINDOWS\SYSTEM32\31673.exe moved successfully.
C:\WINDOWS\SYSTEM32\2306.exe moved successfully.
C:\WINDOWS\SYSTEM32\13977.exe moved successfully.
C:\WINDOWS\SYSTEM32\9930.exe moved successfully.
C:\WINDOWS\SYSTEM32\22704.exe moved successfully.
C:\WINDOWS\SYSTEM32\29658.exe moved successfully.
C:\WINDOWS\SYSTEM32\4639.exe moved successfully.
C:\WINDOWS\SYSTEM32\31115.exe moved successfully.
C:\WINDOWS\SYSTEM32\4833.exe moved successfully.
C:\WINDOWS\SYSTEM32\16541.exe moved successfully.
C:\WINDOWS\SYSTEM32\22929.exe moved successfully.
C:\WINDOWS\SYSTEM32\2082.exe moved successfully.
C:\WINDOWS\SYSTEM32\16118.exe moved successfully.
C:\WINDOWS\SYSTEM32\21538.exe moved successfully.
C:\WINDOWS\SYSTEM32\5537.exe moved successfully.
C:\WINDOWS\SYSTEM32\11323.exe moved successfully.
C:\WINDOWS\SYSTEM32\24626.exe moved successfully.
C:\WINDOWS\SYSTEM32\32439.exe moved successfully.
C:\WINDOWS\SYSTEM32\16944.exe moved successfully.
C:\WINDOWS\SYSTEM32\26308.exe moved successfully.
C:\WINDOWS\SYSTEM32\13931.exe moved successfully.
C:\WINDOWS\SYSTEM32\7376.exe moved successfully.
C:\WINDOWS\SYSTEM32\4966.exe moved successfully.
C:\WINDOWS\SYSTEM32\11840.exe moved successfully.
C:\WINDOWS\SYSTEM32\18756.exe moved successfully.
C:\WINDOWS\SYSTEM32\19954.exe moved successfully.
C:\WINDOWS\SYSTEM32\24084.exe moved successfully.
C:\WINDOWS\SYSTEM32\12623.exe moved successfully.
C:\WINDOWS\SYSTEM32\19629.exe moved successfully.
C:\WINDOWS\SYSTEM32\3548.exe moved successfully.
C:\WINDOWS\SYSTEM32\24393.exe moved successfully.
C:\WINDOWS\SYSTEM32\31101.exe moved successfully.
C:\WINDOWS\SYSTEM32\15006.exe moved successfully.
C:\WINDOWS\SYSTEM32\15350.exe moved successfully.
C:\WINDOWS\SYSTEM32\24370.exe moved successfully.
C:\WINDOWS\SYSTEM32\6729.exe moved successfully.
C:\WINDOWS\SYSTEM32\15890.exe moved successfully.
C:\WINDOWS\SYSTEM32\23805.exe moved successfully.
C:\WINDOWS\SYSTEM32\27446.exe moved successfully.
C:\WINDOWS\SYSTEM32\22648.exe moved successfully.
C:\WINDOWS\SYSTEM32\19264.exe moved successfully.
C:\WINDOWS\SYSTEM32\8942.exe moved successfully.
C:\WINDOWS\SYSTEM32\9040.exe moved successfully.
C:\WINDOWS\SYSTEM32\30106.exe moved successfully.
C:\WINDOWS\SYSTEM32\288.exe moved successfully.
C:\WINDOWS\SYSTEM32\1842.exe moved successfully.
C:\WINDOWS\SYSTEM32\22190.exe moved successfully.
C:\WINDOWS\SYSTEM32\3035.exe moved successfully.
C:\WINDOWS\SYSTEM32\12316.exe moved successfully.
C:\WINDOWS\SYSTEM32\778.exe moved successfully.
C:\WINDOWS\SYSTEM32\27529.exe moved successfully.
C:\WINDOWS\SYSTEM32\9741.exe moved successfully.
C:\WINDOWS\SYSTEM32\8723.exe moved successfully.
C:\WINDOWS\SYSTEM32\12859.exe moved successfully.
C:\WINDOWS\SYSTEM32\20037.exe moved successfully.
C:\WINDOWS\SYSTEM32\32757.exe moved successfully.
C:\WINDOWS\SYSTEM32\32662.exe moved successfully.
C:\WINDOWS\SYSTEM32\27644.exe moved successfully.
C:\WINDOWS\SYSTEM32\25547.exe moved successfully.
C:\WINDOWS\SYSTEM32\6868.exe moved successfully.
C:\WINDOWS\SYSTEM32\28253.exe moved successfully.
C:\WINDOWS\SYSTEM32\7711.exe moved successfully.
C:\WINDOWS\SYSTEM32\15141.exe moved successfully.
C:\WINDOWS\SYSTEM32\4664.exe moved successfully.
C:\WINDOWS\SYSTEM32\17673.exe moved successfully.
C:\WINDOWS\SYSTEM32\30333.exe moved successfully.
C:\WINDOWS\SYSTEM32\31322.exe moved successfully.
C:\WINDOWS\SYSTEM32\23811.exe moved successfully.
C:\WINDOWS\SYSTEM32\7Pb5AGmfE-.exe moved successfully.
C:\WINDOWS\msa.exe moved successfully.
C:\s moved successfully.
File C:\WINDOWS\System32\winlogon32.exe not found.
File C:\WINDOWS\System32\smss32.exe not found.
File C:\kkalf.exe not found.
File C:\WINDOWS\System32\k8efzgigz.dll not found.
C:\WINDOWS\SYSTEM32\net.net moved successfully.
C:\Documents and Settings\All Users\Desktop\Launch Anti-Virus PLUS.lnk moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"UserInit"|"C:\WINDOWS\system32\userinit.exe," /E : value set successfully!

OTL by OldTimer - Version 3.1.27.1 log created on 02012010_033243

Files\Folders moved on Reboot...
C:\WINDOWS\SYSTEM32\IS15.exe moved successfully.
C:\WINDOWS\SYSTEM32\41.exe moved successfully.
C:\WINDOWS\SYSTEM32\helper32.dll moved successfully.

Registry entries deleted on Reboot...

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25741
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Mon Feb 01, 2010 8:56 am

I just tried combofix and it worked,
here's the log...
"Wayne Noble" - 2010-02-01 3:45:00 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Wayne Noble\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\system32\drivers\fad.sys"


((((((((((((((((((((((((((((((( Files Created from 2010-01-01 to 2010-02-01 ))))))))))))))))))))))))))))))))))


2010-02-01 03:34 0 --a------ C:\WINDOWS\Iqajocimafeyute.bin
2010-02-01 03:32 d-------- C:\_OTL
2010-01-30 22:06 d--hs---- C:\Documents and Settings\WAYNEN~1\PrivacIE
2010-01-30 22:06 d--hs---- C:\DOCUME~1\WAYNEN~1\PrivacIE
2010-01-30 22:04 d--hs---- C:\Documents and Settings\WAYNEN~1\IETldCache
2010-01-30 22:04 d--hs---- C:\DOCUME~1\WAYNEN~1\IETldCache
2010-01-30 21:58 d-------- C:\WINDOWS\ie8updates
2010-01-30 21:54 d--h-c--- C:\WINDOWS\ie8
2010-01-25 12:34 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
2010-01-24 01:58 444 --a------ C:\WINDOWS\SYSTEM32\d3d8caps.dat
2010-01-22 20:34 9 --a------ C:\confin.sys
2010-01-22 20:34 d--hs---- C:\DOCUME~1\WAYNEN~1\APPLIC~1\SystemProc
2010-01-22 20:09 120 --a------ C:\WINDOWS\Trorodizi.dat
2010-01-22 20:06 648 --a------ C:\WINDOWS\SYSTEM32\uses32.dat
2010-01-22 20:06 d--hs---- C:\DOCUME~1\ADMINI~1.DBQ\APPLIC~1\SystemProc
2010-01-22 20:05 d-------- C:\DOCUME~1\ADMINI~1.DBQ\APPLIC~1\AntiVirus Plus
2010-01-22 19:54 d-------- C:\Malwarebytes' Anti-Malware
2010-01-22 19:01 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-22 01:06 d-------- C:\Program Files\Trend Micro
2010-01-22 00:07 d----c--- C:\Program Files\ParetoLogic
2010-01-22 00:07 d-------- C:\Program Files\Common Files\ParetoLogic
2010-01-22 00:07 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic Anti-Virus PLUS
2010-01-22 00:07 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic
2010-01-21 23:24 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1.DBQ\NTUSER.DAT
2010-01-21 23:24 d-------- C:\DOCUME~1\ADMINI~1.DBQ\APPLIC~1\Symantec
2010-01-21 23:24 d-------- C:\DOCUME~1\ADMINI~1.DBQ\APPLIC~1\Sonic
2010-01-21 23:24 d-------- C:\DOCUME~1\ADMINI~1.DBQ\APPLIC~1\Jasc Software Inc
2010-01-21 23:24 d-------- C:\DOCUME~1\ADMINI~1.DBQ\APPLIC~1\Apple Computer
2010-01-21 23:20 233,136 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys
2010-01-21 23:01 87,784 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PCTAppEvent.sys
2010-01-21 23:01 207,792 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PCTCore.sys
2010-01-21 23:00 70,408 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys
2010-01-21 23:00 d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2010-01-21 23:00 d-------- C:\Program Files\Spyware Doctor
2010-01-21 23:00 d-------- C:\Program Files\Common Files\PC Tools
2010-01-21 23:00 d-------- C:\DOCUME~1\WAYNEN~1\APPLIC~1\PC Tools
2010-01-21 23:00 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
2010-01-21 22:34 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2010-01-21 22:34 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2010-01-21 22:34 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2010-01-21 22:34 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc
2010-01-21 22:34 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2010-01-21 22:08 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2010-01-21 21:50 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\RegCure


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2010-02-01 08:41:32 -------- d-----w C:\DOCUME~1\WAYNEN~1\APPLIC~1\Skype
2010-02-01 08:38:08 -------- d-----w C:\DOCUME~1\WAYNEN~1\APPLIC~1\skypePM
2010-01-22 17:28:53 -------- d-----w C:\DOCUME~1\WAYNEN~1\APPLIC~1\uTorrent
2010-01-22 02:50:01 -------- d-----w C:\Program Files\RegCure
2010-01-21 21:09:12 -------- d-----w C:\Program Files\Microsoft Silverlight
2010-01-21 17:46:37 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2010-01-19 06:08:16 -------- d-----w C:\Program Files\Hotspot Shield
2010-01-17 10:27:16 -------- d-----w C:\Program Files\Google
2009-12-26 05:07:24 1,183,744 ----a-w C:\WINDOWS\system32\Dr--iXA0_rR.dll
2009-12-15 21:11:23 -------- d-----w C:\Program Files\Microsoft LifeCam
2009-12-15 21:03:31 0 ----a-w C:\WINDOWS\system32\cd.dat
2009-11-22 22:01:05 56 ---ha-w C:\WINDOWS\system32\ezsidmv.dat
2005-01-08 23:08:16 56 --sh--r C:\WINDOWS\SYSTEM32\7651CD09DA.sys
2005-01-08 23:08:16 10,022 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4efb-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 16:49]
{C4BF49A2-94F1-42BD-F034-3604811C807D}=C:\WINDOWS\system32\k8efzgigz.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="c:\Program Files\Common Files\Dell\EUSW\Support.exe" [2003-10-07 16:21]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 19:47]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 10:38]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 14:52]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-02-07 01:49]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 15:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-11-10 23:08]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-11-12 16:33]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 18:54]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2009-11-18 12:47]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 10:44]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2009-10-09 13:11]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"=1 (0x1)
"NoSetActiveDesktop"=1 (0x1)
"NoActiveDesktopChanges"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"RTHDBPL"=C:\Documents and Settings\Wayne Noble\Application Data\SystemProc\lsass.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)
"NoActiveDesktopChanges"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C4BF49A2-94F1-42BD-F034-3604811C807D}"="C:\WINDOWS\system32\k8efzgigz.dll" []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages scecli kbet70A.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2010-01-30 21:11:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2010-01-26 01:05:17 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Wayne Noble.job
2010-01-31 17:41:03 C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS.job
2010-01-30 23:30:32 C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
2010-01-31 05:33:06 C:\WINDOWS\tasks\ParetoLogic Update Version2.job
2010-01-30 23:30:33 C:\WINDOWS\tasks\RegCure Program Check.job
2010-02-01 08:35:08 C:\WINDOWS\tasks\RegCure Startup.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-01 03:51:23
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenKey, ZwQueryValueKey, ZwQueryDirectoryFile

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\Program Files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???????????x???x???????????x???????????x???x????????????????????????????????????????D?w????????????7??w????x???x??????????????
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
RTHDBPL = C:\Documents and Settings\Wayne Noble\Application Data\SystemProc\lsass.exe?????????????????????????????????????????????????????

scanning hȋdden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\H8SRTd.sys]
"imagepath"="\systemroot\system32\drivers\H8SRTehtpcvnoiy.sys"

Completion time: 2010-02-01 3:53:38
C:\ComboFix-quarantined-files.txt ... 2010-02-01 03:53

--- E O F ---

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25741
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Mon Feb 01, 2010 8:57 am

and here are the quarantined files..
Code:

2003-01-30 12:52      12073    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\FAD.sys.vir


Folder PATH listing
Volume serial number is 3420-6CD0
C:\QOOBOX
\---Quarantine
    +---C
    |  \---WINDOWS
    |      \---SYSTEM32
    |          \---DRIVERS
    |                  FAD.sys.vir
    |                 
    \---Registry_backups

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25741
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Mon Feb 01, 2010 7:33 pm

Hello.
Please delete that version of Combofix you have, it's extremely old. Download a new version and run it please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Mon Feb 01, 2010 7:43 pm

The problem is, when I click on your links for combofix, I get redirected to ask.com, or Iamwired. It won't let me get to those links.

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25741
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Mon Feb 01, 2010 8:28 pm

Please run OTL again and post the new OTL.txt log ONLY!!


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Mon Feb 01, 2010 10:48 pm

OTL logfile created on: 01/02/2010 5:44:41 PM - Run 2
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Wayne Noble\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 454.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.97 Gb Total Space | 11.62 Gb Free Space | 7.80% Space Free | Partition Type: NTFS
Drive D: | 467.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DBQMM051
Current User Name: Wayne Noble
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/31 00:24:17 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne Noble\Desktop\OTL.exe
PRC - [2010/01/22 20:34:39 | 000,147,456 | -HS- | M] (HellFire) -- C:\Documents and Settings\Wayne Noble\Application Data\SystemProc\lsass.exe
PRC - [2010/01/08 19:31:00 | 000,107,056 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2010/01/08 19:30:28 | 000,234,032 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/01/08 18:42:42 | 000,285,744 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2009/12/11 14:00:44 | 013,006,104 | ---- | M] () -- C:\Program Files\RegCure\RegCure.exe
PRC - [2009/11/18 12:47:14 | 001,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/11/12 16:42:18 | 000,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/10/09 13:11:12 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/18 14:40:36 | 000,587,216 | ---- | M] (ParetoLogic Inc.) -- C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/03/16 14:06:03 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/02/22 03:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2008/01/11 22:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007/08/06 10:44:32 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/19 19:13:32 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2006/06/29 18:54:23 | 000,187,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
PRC - [2005/11/14 08:05:05 | 000,083,456 | R--- | M] (Corel Corporation) -- C:\Corel\Graphics8\Programs\MFIndexer.exe
PRC - [2004/12/17 08:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2003/10/07 16:21:10 | 000,294,912 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2003/09/03 20:12:44 | 000,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2003/08/26 19:47:34 | 000,204,800 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2002/06/03 10:38:12 | 000,049,152 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
PRC - [2001/08/09 01:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2001/05/01 17:06:22 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe


========== Modules (SafeList) ==========

MOD - [2010/01/31 00:24:17 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne Noble\Desktop\OTL.exe
MOD - [2007/03/08 10:36:28 | 000,037,376 | ---- | M] () -- C:\WINDOWS\kbet70A.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2002/06/03 10:37:50 | 000,167,936 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Savradm)
SRV - File not found [On_Demand | Stopped] -- -- (Helodrmkipbd)
SRV - [2010/01/17 05:27:20 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2010/01/08 19:31:04 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/01/08 19:30:28 | 000,234,032 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/01/08 18:42:42 | 000,285,744 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2009/11/12 16:42:18 | 000,331,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/02/18 14:40:36 | 000,587,216 | ---- | M] (ParetoLogic Inc.) [Auto | Running] -- C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe -- (ZeppelinService)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/08/04 10:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/03/16 14:06:03 | 001,245,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/02/09 19:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/22 03:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/06/29 18:54:23 | 000,187,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamSvc.exe -- (MSCamSvc)
SRV - [2005/01/03 19:22:47 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/08/09 01:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
SRV - [2001/05/01 17:06:22 | 000,053,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [2000/05/24 14:20:36 | 000,015,360 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\ATMsrvc.exe -- (ATMsrvc)


========== Driver Services (SafeList) ==========

DRV - [2009/11/12 16:42:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\taphss.sys -- (taphss)
DRV - [2009/06/26 17:21:02 | 001,956,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vx3000.sys -- (VX3000)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/02/25 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/02/25 04:00:00 | 000,101,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eraserutilrebootdrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/02/19 11:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symim.sys -- (SymIMMP)
DRV - [2009/02/19 11:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\symim.sys -- (SymIM)
DRV - [2009/02/19 11:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 11:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 11:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/02/19 11:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/02/19 11:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 11:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/02/19 04:00:00 | 000,876,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090617.003\navex15.sys -- (NAVEX15)
DRV - [2009/02/19 04:00:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090617.003\naveng.sys -- (NAVENG)
DRV - [2009/02/18 14:41:10 | 000,186,128 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\klif.sys -- (KLIF)
DRV - [2009/02/09 17:59:18 | 000,251,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090610.001\symidsco.sys -- (SYMIDSCO)
DRV - [2009/01/09 13:01:07 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symevent.sys -- (SymEvent)
DRV - [2008/09/15 19:14:18 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2008/09/05 13:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\spbbcdrv.sys -- (SPBBCDrv)
DRV - [2008/07/30 16:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\coh_mon.sys -- (COH_Mon)
DRV - [2008/01/31 20:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtspl.sys -- (SRTSPL)
DRV - [2008/01/31 20:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtsp.sys -- (SRTSP)
DRV - [2008/01/31 20:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtspx.sys -- (SRTSPX)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/10/31 14:09:14 | 000,030,464 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL)
DRV - [2007/08/08 19:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\co_mon.sys -- (CO_Mon)
DRV - [2007/03/08 16:18:00 | 000,008,320 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\grmnusb.sys -- (grmnusb)
DRV - [2006/08/31 12:03:08 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
DRV - [2005/10/19 07:59:12 | 000,807,998 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2004/08/04 02:09:58 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mstape.sys -- (MSTAPE)
DRV - [2004/08/04 02:09:58 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avcstrm.sys -- (AVCSTRM)
DRV - [2004/08/04 02:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/04 01:10:10 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883)
DRV - [2004/08/04 01:10:10 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc)
DRV - [2004/08/04 01:09:58 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
DRV - [2004/08/04 01:07:42 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 01:07:42 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelc52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelc51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelc53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2004/01/05 09:23:16 | 000,006,016 | ---- | M] (Genesys Logic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\fixustor.sys -- (fixustor)
DRV - [2003/11/18 11:38:32 | 000,591,808 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2003/09/26 00:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/09/26 00:04:00 | 000,098,164 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/09/26 00:04:00 | 000,083,572 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/09/26 00:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/09/26 00:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/09/26 00:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/09/26 00:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/09/26 00:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/09/26 00:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/09/19 02:21:00 | 000,084,608 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/08/11 09:07:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2003/07/14 10:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 10:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 01:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2003/05/23 12:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/04/15 10:40:54 | 000,113,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS)
DRV - [2003/04/15 10:40:46 | 000,078,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/08/29 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2002/04/01 13:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
DRV - [2002/01/24 10:23:40 | 000,013,545 | ---- | M] (SCM Microsystems Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Stltrk2k.sys -- (Stltrk2k)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\modemcsa.sys -- (MODEMCSA)
DRV - [2001/08/17 13:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sonypvu1.sys -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Hotspot Shield Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {4a4f15aa-8569-f02e-7cb6-b10fe045b81c}:4.6.6.2
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {47D99070-1169-4A6B-AA14-DB1810417EF5}:1.9.1
FF - prefs.js..extensions.enabledItems: {3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4}:1.9.1
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{47D99070-1169-4A6B-AA14-DB1810417EF5}: C:\Documents and Settings\Administrator.DBQMM051\Local Settings\Application Data\{47D99070-1169-4A6B-AA14-DB1810417EF5} [2010/01/22 20:09:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4}: C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\{3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4} [2010/01/22 20:32:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/19 03:12:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/17 04:19:11 | 000,000,000 | ---D | M]

[2008/12/10 10:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne Noble\Application Data\Mozilla\Extensions
[2010/01/22 21:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne Noble\Application Data\Mozilla\Firefox\Profiles\awc5jfy8.default\extensions
[2009/07/01 14:20:48 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Application Data\Mozilla\Firefox\Profiles\awc5jfy8.default\searchplugins\conduit.xml
[2010/02/01 03:55:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/22 20:06:45 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{4a4f15aa-8569-f02e-7cb6-b10fe045b81c}
[2010/01/22 20:06:09 | 000,000,000 | ---D | M] (Internal security) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
[2009/03/31 21:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2009/12/05 19:27:10 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/12/05 19:27:10 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/12/05 19:27:10 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/12/05 19:27:10 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2002/08/29 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (C:\WINDOWS\system32\k8efzgigz.dll) - {C4BF49A2-94F1-42BD-F034-3604811C807D} - C:\WINDOWS\System32\k8efzgigz.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe (Corel Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\Wayne Noble\Application Data\SystemProc\lsass.exe (HellFire)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\INetHTTPFilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\INetHTTPFilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\INetHTTPFilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\INetHTTPFilter.dll ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} [You must be registered and logged in to see this link.] (SysProWmi Class)
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} [You must be registered and logged in to see this link.] (AxProdInfoCtl Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} [You must be registered and logged in to see this link.] (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} [You must be registered and logged in to see this link.] (InstallShield International Setup Player)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} [You must be registered and logged in to see this link.] (LinkSys Content Update)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} [You must be registered and logged in to see this link.] (CTAdjust Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O22 - SharedTaskScheduler: {C4BF49A2-94F1-42BD-F034-3604811C807D} - lkjah87hfijgnfasidofgysgiughnjfkgfgdfgf - C:\WINDOWS\System32\k8efzgigz.dll File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 08:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/12/08 02:36:34 | 000,000,042 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/01 14:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Application Data\InstallShield
[2010/02/01 03:53:39 | 000,428,032 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010/02/01 03:53:39 | 000,370,688 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swsc.exe
[2010/02/01 03:53:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010/02/01 03:53:39 | 000,049,152 | ---- | C] (NirSoft) -- C:\WINDOWS\nircmd.exe
[2010/02/01 03:50:30 | 000,000,000 | ---D | C] -- C:\QooBox
[2010/02/01 03:32:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/01/31 00:24:11 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wayne Noble\Desktop\OTL.exe
[2010/01/30 23:46:52 | 000,209,624 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Wayne Noble\Desktop\uninstall_flash_player.exe
[2010/01/30 22:06:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Wayne Noble\PrivacIE
[2010/01/30 22:04:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Wayne Noble\IETldCache
[2010/01/30 21:58:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/01/30 21:54:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/01/30 18:51:50 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wayne Noble\Desktop\mbamsetup.exe
[2010/01/30 14:51:40 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wayne Noble\Desktop\mbam-setup.exe
[2010/01/25 12:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Desktop\IceSword122en
[2010/01/22 20:34:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Wayne Noble\Application Data\SystemProc
[2010/01/22 20:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\{3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4}
[2010/01/22 19:54:02 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2010/01/22 19:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/22 01:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/22 00:08:13 | 000,186,128 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/01/22 00:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2010/01/22 00:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2010/01/22 00:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/01/22 00:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/01/22 00:02:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\Downloaded Installations
[2010/01/21 23:20:59 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/01/21 23:01:03 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/01/21 23:01:03 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/01/21 23:00:57 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/01/21 23:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/21 23:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/21 23:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Application Data\PC Tools
[2010/01/21 23:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/01/21 23:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/21 22:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/21 21:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/01/20 03:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/13 03:33:43 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/11/21 16:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Hotspot_Shield
[2008/07/10 05:59:27 | 000,642,540 | ---- | C] (Xvid team ) -- C:\Program Files\Xvid-1.1.3-27042008.exe
[2007/12/20 15:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/08/28 07:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2004/09/12 13:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/06/09 12:39:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/06/09 12:39:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/01 17:41:24 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/02/01 17:40:18 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/02/01 17:40:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/01 17:39:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/02/01 17:39:06 | 1071,714,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/01 03:58:52 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wayne Noble\Desktop\mbam-setup.exe
[2010/02/01 03:44:40 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\ntuser.dat
[2010/02/01 03:34:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Iqajocimafeyute.bin
[2010/02/01 03:33:21 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Wayne Noble\NTUSER.INI
[2010/02/01 03:17:03 | 000,000,648 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
[2010/02/01 03:13:52 | 000,002,931 | ---- | M] () -- C:\WINDOWS\System32\warning.html
[2010/01/31 15:34:18 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Trorodizi.dat
[2010/01/31 12:41:03 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS.job
[2010/01/31 00:33:06 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/01/31 00:24:17 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne Noble\Desktop\OTL.exe
[2010/01/30 23:46:52 | 000,209,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Wayne Noble\Desktop\uninstall_flash_player.exe
[2010/01/30 21:58:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/30 21:07:37 | 000,000,100 | ---- | M] () -- C:\WINDOWS\System32\flags.ini
[2010/01/30 20:51:15 | 000,000,066 | ---- | M] () -- C:\WINDOWS\BBW_INFO.INI
[2010/01/30 19:20:34 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/30 18:51:51 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wayne Noble\Desktop\mbamsetup.exe
[2010/01/30 18:30:33 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/30 18:30:32 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
[2010/01/30 16:11:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/30 12:52:04 | 000,004,286 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Application Data\avp.ico
[2010/01/30 12:52:03 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup\AntiVirus Plus.lnk
[2010/01/25 20:05:17 | 000,000,634 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Wayne Noble.job
[2010/01/25 16:42:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/25 12:10:23 | 002,205,157 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\IceSword122en.zip
[2010/01/24 01:58:58 | 000,000,444 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/22 20:56:33 | 001,088,512 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\Combo-Fix.exe
[2010/01/22 20:34:57 | 000,000,009 | ---- | M] () -- C:\confin.sys
[2010/01/22 18:49:24 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/22 13:02:55 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\barresume.doc
[2010/01/22 01:06:55 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\HijackThis.lnk
[2010/01/21 21:50:01 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/01/21 12:24:16 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/20 18:20:22 | 000,004,533 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\index.php
[2010/01/05 20:27:44 | 000,014,453 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\resume.htm
[2010/01/05 19:32:48 | 000,004,043 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\links.htm
[2010/01/05 05:00:21 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/01 03:53:39 | 000,087,040 | ---- | C] () -- C:\WINDOWS\catchme.exe
[2010/02/01 03:53:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\vfind.exe
[2010/02/01 03:53:39 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\moveex.exe
[2010/02/01 03:34:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Iqajocimafeyute.bin
[2010/01/30 21:21:14 | 1071,714,304 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/25 12:34:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/25 12:10:22 | 002,205,157 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\IceSword122en.zip
[2010/01/24 01:58:58 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/22 20:56:33 | 001,088,512 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\Combo-Fix.exe
[2010/01/22 20:34:57 | 000,000,009 | ---- | C] () -- C:\confin.sys
[2010/01/22 20:33:06 | 000,004,286 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\avp.ico
[2010/01/22 20:33:06 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup\AntiVirus Plus.lnk
[2010/01/22 20:32:56 | 000,002,931 | ---- | C] () -- C:\WINDOWS\System32\warning.html
[2010/01/22 20:09:41 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Trorodizi.dat
[2010/01/22 20:06:58 | 000,000,648 | ---- | C] () -- C:\WINDOWS\System32\uses32.dat
[2010/01/22 20:06:58 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\flags.ini
[2010/01/22 18:49:24 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/22 13:02:54 | 000,065,536 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\barresume.doc
[2010/01/22 01:06:55 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\HijackThis.lnk
[2010/01/22 00:08:16 | 000,000,454 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
[2010/01/22 00:08:15 | 000,000,478 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS.job
[2010/01/22 00:08:15 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/01/21 23:20:59 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/01/21 23:01:03 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/01/21 23:01:03 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/01/21 23:00:57 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/01/21 21:50:12 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/21 21:50:11 | 000,000,390 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/21 12:24:16 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/20 18:20:22 | 000,004,533 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\index.php
[2010/01/05 20:27:44 | 000,014,453 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\resume.htm
[2010/01/05 19:32:48 | 000,004,043 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\links.htm
[2009/12/26 00:07:24 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\Dr--iXA0_rR.dll
[2009/02/18 14:43:08 | 000,111,960 | ---- | C] () -- C:\WINDOWS\System32\INetHTTPFilter.dll
[2008/08/28 10:03:20 | 000,024,155 | ---- | C] () -- C:\Program Files\orilliapic.jpg
[2008/08/10 12:33:11 | 000,016,190 | ---- | C] () -- C:\Program Files\Abby+Winters+Presents+-+Rosanna+&+Chloe+B.mpg.torrent
[2008/08/10 12:30:38 | 000,017,276 | ---- | C] () -- C:\Program Files\Abby_Winters_-_Tiff_amp_Nadine_2_Girl_Girl_.wmv.torrent
[2008/07/11 10:35:54 | 000,014,006 | ---- | C] () -- C:\Program Files\[isoHunt]_Led_Zeppelin_-_Led_Zeppelin_I_{Original_master}_(1969)_[EAC_-_VB.torrent
[2008/07/10 08:49:37 | 000,012,732 | ---- | C] () -- C:\Program Files\[isoHunt]_Rodney_Moore_-_Horny_hairy_girls_19.mpg.torrent
[2008/07/10 06:00:47 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/10 06:00:46 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/08 09:25:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2008/03/17 09:02:44 | 000,022,764 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\Microsoft Excel.ADR
[2007/11/18 11:07:25 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/10/01 10:16:19 | 000,000,396 | ---- | C] () -- C:\WINDOWS\Prestopm.INI
[2007/03/31 13:22:11 | 000,000,703 | ---- | C] () -- C:\WINDOWS\System32\iconcfg.ini
[2007/03/27 10:54:54 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/03/26 13:41:42 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\ustor.dll
[2007/03/26 13:41:42 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\DMAPI.dll
[2006/09/09 16:05:19 | 000,000,066 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2006/04/14 21:30:47 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2006/01/31 14:26:27 | 000,000,198 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/01/12 19:51:52 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2005/07/15 05:33:17 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2005/02/19 09:15:11 | 000,000,011 | ---- | C] () -- C:\WINDOWS\Burn and Go Nitro.ini
[2005/02/09 20:24:56 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2005/02/09 17:24:29 | 003,691,666 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\imageCache.db
[2005/02/09 16:20:49 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameF.txt
[2005/01/09 13:19:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/09 16:45:06 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\PFP110JPR.{PB
[2004/12/09 16:45:06 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\PFP110JCM.{PB
[2004/09/11 15:44:12 | 000,000,613 | ---- | C] () -- C:\WINDOWS\pmontage.ini
[2004/09/11 15:44:12 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Pm_setup.ini
[2004/09/11 15:43:42 | 000,000,745 | ---- | C] () -- C:\WINDOWS\pi2000.ini
[2004/09/11 15:10:20 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Epson880.ini
[2004/09/09 14:27:04 | 000,010,022 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2004/09/09 14:27:04 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\7651CD09DA.sys
[2004/07/09 14:41:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/07/09 14:38:32 | 000,000,184 | -H-- | C] () -- C:\WINDOWS\NsNetScan.ini
[2004/07/09 14:27:59 | 000,043,786 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2004/07/09 14:23:53 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2004/07/09 14:23:53 | 000,000,092 | ---- | C] () -- C:\WINDOWS\PM20.INI
[2004/07/09 14:23:44 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2004/07/09 14:23:02 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2004/07/09 14:22:39 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2004/07/09 10:32:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\dm.ini
[2004/06/26 07:05:02 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/06/22 11:23:22 | 000,001,908 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/06/18 20:48:07 | 000,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2004/06/18 20:37:51 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/06/18 20:32:09 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2004/06/18 20:31:57 | 000,000,123 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2004/06/09 13:17:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/09 13:09:17 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/06/09 13:08:36 | 000,000,516 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/06/09 13:04:35 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/06/09 12:55:28 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/09 12:55:20 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/06/09 12:42:04 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/11/13 08:58:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/29 05:00:00 | 000,037,376 | ---- | C] () -- C:\WINDOWS\kbet70A.dll
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Wayne Noble\Desktop\~:SummaryInformation
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25741
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Tue Feb 02, 2010 8:27 pm

Please download GooredFix from one of the locations below and save it to your Desktop
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Tue Feb 02, 2010 9:06 pm

GooredFix by jpshortstuff (08.01.10.1)
Log created at 16:05 on 02/02/2010 (Wayne Noble)
Firefox version 3.5.7 (en-GB)

========== GooredScan ==========

Deleting "C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}" -> Success!
(nȯne)
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{47D99070-1169-4A6B-AA14-DB1810417EF5} -> Success!
Deleting C:\Documents and Settings\Administrator.DBQMM051\Local Settings\Application Data\{47D99070-1169-4A6B-AA14-DB1810417EF5} -> Success!
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4} -> Success!
Deleting C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\{3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{4a4f15aa-8569-f02e-7cb6-b10fe045b81c} [01:06 23/01/2010]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [15:45 10/12/2008]
{B13721C7-F507-4982-B2E5-502A71474FED} [21:56 22/11/2009]

C:\Documents and Settings\Wayne Noble\Application Data\Mozilla\Firefox\Profiles\awc5jfy8.default\extensions\
(nȯne)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [08:41 22/11/2009]

-=E.O.F=-

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25741
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Wed Feb 03, 2010 12:43 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (C:\WINDOWS\system32\k8efzgigz.dll) - {C4BF49A2-94F1-42BD-F034-3604811C807D} - C:\WINDOWS\System32\k8efzgigz.dll File not found
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\Wayne Noble\Application Data\SystemProc\lsass.exe (HellFire)
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O22 - SharedTaskScheduler: {C4BF49A2-94F1-42BD-F034-3604811C807D} - lkjah87hfijgnfasidofgysgiughnjfkgfgdfgf - C:\WINDOWS\System32\k8efzgigz.dll File not found
    O32 - AutoRun File - [2006/12/08 02:36:34 | 000,000,042 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
    [2010/02/01 03:13:52 | 000,002,931 | ---- | M] () -- C:\WINDOWS\System32\warning.html
    [2010/01/31 15:34:18 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Trorodizi.dat
    [2010/02/01 03:34:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Iqajocimafeyute.bin
    [2008/08/10 12:33:11 | 000,016,190 | ---- | C] () -- C:\Program Files\Abby+Winters+Presents+-+Rosanna+&+Chloe+B.mpg.torrent
    [2008/08/10 12:30:38 | 000,017,276 | ---- | C] () -- C:\Program Files\Abby_Winters_-_Tiff_amp_Nadine_2_Girl_Girl_.wmv.torrent
    [2008/07/11 10:35:54 | 000,014,006 | ---- | C] () -- C:\Program Files\[isoHunt]_Led_Zeppelin_-_Led_Zeppelin_I_{Original_master}_(1969)_[EAC_-_VB.torrent
    [2008/07/10 08:49:37 | 000,012,732 | ---- | C] () -- C:\Program Files\[isoHunt]_Rodney_Moore_-_Horny_hairy_girls_19.mpg.torrent



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Wed Feb 03, 2010 4:43 am

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4BF49A2-94F1-42BD-F034-3604811C807D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4BF49A2-94F1-42BD-F034-3604811C807D}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\RTHDBPL deleted successfully.
C:\Documents and Settings\Wayne Noble\Application Data\SystemProc\lsass.exe moved successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{C4BF49A2-94F1-42BD-F034-3604811C807D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4BF49A2-94F1-42BD-F034-3604811C807D}\ not found.
File move failed. D:\Autorun.inf scheduled to be moved on reboot.
C:\WINDOWS\SYSTEM32\warning.html moved successfully.
C:\WINDOWS\Trorodizi.dat moved successfully.
C:\WINDOWS\Iqajocimafeyute.bin moved successfully.
C:\Program Files\Abby+Winters+Presents+-+Rosanna+&+Chloe+B.mpg.torrent moved successfully.
C:\Program Files\Abby_Winters_-_Tiff_amp_Nadine_2_Girl_Girl_.wmv.torrent moved successfully.
C:\Program Files\[isoHunt]_Led_Zeppelin_-_Led_Zeppelin_I_{Original_master}_(1969)_[EAC_-_VB.torrent moved successfully.
C:\Program Files\[isoHunt]_Rodney_Moore_-_Horny_hairy_girls_19.mpg.torrent moved successfully.

OTL by OldTimer - Version 3.1.27.1 log created on 02022010_233505

Files\Folders moved on Reboot...
File move failed. D:\Autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25741
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Wed Feb 03, 2010 7:56 pm

Can't Believe It That aturoun file doesn't wanna leave does it, oh well, time to get the bigger guns out.

Please download [You must be registered and logged in to see this link.] to your Desktop and run it by double clicking the program's icon.

  1. Wait a couple of seconds for initial scan to finish.
  2. Connect all of your USB storage devices to the PC, one at a time, and keep each one connected at least for 10 seconds.
  3. If there are more USB storage devices to scan, please take a note about the order in which these were connected.
  4. After all the devices are scanned, right click in the Monitor tab, and choose "Save log". That will open the log in Notepad. Please copy and paste the log into this thread.
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Sun Feb 07, 2010 7:57 pm

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 07/02/2010 2:53:51 PM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {cb5ec364-c18a-11d8-b826-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for cb5ec364-c18a-11d8-b826-806d6172696f
----------------------------------------
Desktop.ini found at C:\INCINERATE\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={23CE4E06-2508-11D0-1977-0734210ABE0B}
----------------------------------------
CLSID not found in registry
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 07/02/2010 2:55:40 PM

Scanning for connected USB mass storage...
----------------------------------------
F: {70ab2198-0f0f-11df-be4d-000f1f4bbea8}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
Sanitized mountpoint for 70ab2198-0f0f-11df-be4d-000f1f4bbea8
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25741
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Sun Feb 07, 2010 8:05 pm

Hello.
What is the D:\ drive?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Mon Feb 08, 2010 6:57 am

it's a dvd/disk drive I gues you call it.
There's two disk drives, d and e

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25741
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Mon Feb 08, 2010 8:09 pm

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum