Multiple trojans, virus, and exploits , worst problem is search engine redirecti

View previous topic View next topic Go down

Solved Multiple trojans, virus, and exploits , worst problem is search engine redirecti

Post by brahm13 on Wed May 26, 2010 8:05 pm

I've been having a lot of problems with search engine redirecting, and searching for a cure is not helping. I've tried Malwarebytes, AVG, Window's one care safety, and microsoft's security essentials. The only one that helped identify the problems was security essentials, and then it said it could not clean the problems (error code: 0x80072efe - it said it was not connected to the internet, but the internet was working fine, and was status:connected).
Here are the basics: 1) Exploit - java/cve-208-5353.c 2)Java/CVE-2009-3867 3)Trojan: Java/selace.m (appletpanel.class) 4)Trojan downloader: Java/openstream.f (dev/s/loaderx.class and dev/s/dyesyasz.class) 5)Virus: Win32/Alureon.H 6)Program: Win32/PowerRegSchedule

I do have the exact filenames if that is needed as well. At this point, we are ready to chuck the computer, but we can't afford to get a new one, so any help is great! Thanks for what you are doing!

brahm13
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-05-26
OS OS : xp
Points Points : 24026
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Multiple trojans, virus, and exploits , worst problem is search engine redirecti

Post by Belahzur on Wed May 26, 2010 10:05 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved part one log otl

Post by brahm13 on Thu May 27, 2010 2:14 am

OTL logfile created on: 5/26/2010 8:34:03 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Brenda\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 275.00 Mb Available Physical Memory | 36.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 47.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 33.77 Gb Free Space | 45.35% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARKR
Current User Name: Brenda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/26 19:33:00 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brenda\Desktop\OTL.exe
PRC - [2010/05/22 17:19:08 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/22 17:19:07 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/05/22 17:19:04 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/05/22 17:18:59 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/05/22 17:18:32 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/05/22 17:17:44 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/12/09 18:02:36 | 000,202,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/07 10:23:46 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/04/30 18:53:44 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/01 17:13:26 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
PRC - [2007/09/13 20:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2006/08/24 00:38:28 | 000,968,696 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2006/08/24 00:38:26 | 000,075,768 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
PRC - [2006/07/21 17:19:46 | 000,129,536 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe
PRC - [2006/03/03 15:18:10 | 000,200,704 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2002/12/03 12:25:26 | 000,212,992 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
PRC - [2002/04/10 17:44:04 | 000,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2002/04/03 02:01:00 | 000,135,264 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
PRC - [2002/03/27 03:35:00 | 000,045,056 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2001/11/26 20:54:02 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2001/08/07 18:06:54 | 000,024,633 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
PRC - [2001/07/25 11:00:00 | 000,184,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Money\System\Money Express.exe


========== Modules (SafeList) ==========

MOD - [2010/05/26 19:33:00 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brenda\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (getPlus(R) Helper) getPlus(R)
SRV - [2010/05/22 17:17:44 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/08/24 00:38:26 | 000,075,768 | ---- | M] (Zone Labs, LLC) [Auto | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/05/03 12:29:42 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel(R)
SRV - [2001/11/26 20:54:02 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2010/05/26 13:46:04 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\MpEngineStore\MpKsla286ac5a.sys -- (MpKsla286ac5a)
DRV - [2010/05/22 17:20:52 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (AvgTdiX)
DRV - [2010/05/22 17:20:35 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (AvgLdx86)
DRV - [2010/05/22 17:20:33 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys -- (MpFilter)
DRV - [2009/08/14 08:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 08:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/03/07 18:51:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/03/07 18:51:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/08/24 00:38:36 | 000,392,824 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\vsdatant.sys -- (vsdatant)
DRV - [2006/08/03 02:53:32 | 000,029,680 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2005/06/28 11:32:14 | 000,113,664 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mr7910.sys -- (mr7910)
DRV - [2004/12/07 14:00:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS -- (ASPI32)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2002/09/10 20:42:00 | 000,024,808 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sqcaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2002/08/30 17:29:02 | 001,293,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2002/06/30 20:50:12 | 000,167,155 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2002/06/30 20:49:46 | 001,172,416 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2002/06/30 20:45:12 | 000,594,832 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2002/05/03 12:30:08 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG)
DRV - [2002/04/10 18:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/04/10 18:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/04/10 18:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys -- (pwd_2k)
DRV - [2002/04/10 17:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/04/10 17:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2002/04/08 10:05:52 | 000,295,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtaa.sys -- (ati2mtaa)
DRV - [2001/09/27 11:58:20 | 000,028,396 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_V124.sys -- (V124)
DRV - [2001/08/17 14:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 14:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 14:28:10 | 000,073,279 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SPKP.sys -- (SpeakerPhone)
DRV - [2001/08/17 14:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 14:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 14:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 14:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 14:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 14:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_BSC2.sys -- (basic2)
DRV - [2001/08/17 13:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4.SYS -- (nv4)
DRV - [2001/08/17 13:48:52 | 000,281,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mpaa.sys -- (ati2mpaa)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/08/09 18:26:02 | 000,022,608 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wandrv.sys -- (wandrv)
DRV - [1999/12/17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/04/30 18:54:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/05/22 17:17:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/21 07:36:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/21 07:36:22 | 000,000,000 | ---D | M]

[2010/05/21 07:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brenda\Application Data\Mozilla\Extensions
[2010/05/22 21:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\v8eddjxk.default\extensions
[2010/05/21 07:38:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\v8eddjxk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/22 21:21:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/30 18:50:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

O1 HOSTS File: ([2006/04/26 11:19:29 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {2EF37A01-884F-11d5-AC99-B112050ECB4F} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: christianbook.com ([dlm] https in Trusted sites)
O15 - HKCU\..Trusted Domains: christianbook.com ([drm] https in Trusted sites)
O15 - HKCU\..Trusted Domains: christianbook.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: compuserve.com ([]* is out of zone range - 5)
O15 - HKCU\..Trusted Domains: compuserve.com ([objects] * is out of zone range - 6)
O15 - HKCU\..Trusted Domains: yahoo.com ([]* in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([]http in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([]https in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([ad] * in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([ad] http in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([ad] https in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([ads.auctions] * in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([ads.auctions] http in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([ads.auctions] https in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([adserver] * in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([adserver] http in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([adserver] https in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([geo] * in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([geo] http in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([geo] https in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([geocities] * in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([geocities] http in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([geocities] https in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([images] * in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([images] http in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([images] https in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([java] * in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([java] http in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([java] https in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([java.europe] * in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([java.europe] http in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([java.europe] https in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([promo] * in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([promo] http in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([promo] https in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([promotions] * in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([promotions] http in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([promotions] https in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([st21] * in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([st21] http in Internet)
O15 - HKCU\..Trusted Domains: yahoo.com ([st21] https in Internet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} [You must be registered and logged in to see this link.] (CPlayFirstFashionDasControl Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} [You must be registered and logged in to see this link.] (Musicnotes Viewer)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} [You must be registered and logged in to see this link.] (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} [You must be registered and logged in to see this link.] (CPlayFirstTriJinxControl Object)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll (Installation Support)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} [You must be registered and logged in to see this link.] (WebGameLoader Class)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} [You must be registered and logged in to see this link.] (Windows Live Safety Center Base Module)
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} [You must be registered and logged in to see this link.] (CPlayFirstDinerDash2Control Object)
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} [You must be registered and logged in to see this link.] (OneCCCtl Class)
O16 - DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} [You must be registered and logged in to see this link.] (CPlayFirstGreatChocoControl Object)
O16 - DPF: {74EF5274-F439-2168-B543-14745B625C72} [You must be registered and logged in to see this link.] (CPlayFirstWeddingDasControl Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {8ADC4409-4FBF-4224-B73F-2392C721BCB4} [You must be registered and logged in to see this link.] (GenimoWebGames Control)
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} [You must be registered and logged in to see this link.] (CustomerCtrl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} [You must be registered and logged in to see this link.] (Jolly Bear Games Player)
O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} [You must be registered and logged in to see this link.] (GDIChk Object)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} [You must be registered and logged in to see this link.] (FujifilmUploader Class)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} [You must be registered and logged in to see this link.] (ScorchPlugin Class)
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} [You must be registered and logged in to see this link.] (DVCDownloadControl)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} [You must be registered and logged in to see this link.] (GoBit Games Player)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} [You must be registered and logged in to see this link.] (CPlayFirstddfotgControl Object)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} [You must be registered and logged in to see this link.] (Zylom Games Player)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} [You must be registered and logged in to see this link.] (EPUImageControl Class)
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} [You must be registered and logged in to see this link.] (Downloader Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} [You must be registered and logged in to see this link.] (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} [You must be registered and logged in to see this link.] (CPlayFirstChocolatieControl Object)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} [You must be registered and logged in to see this link.] (SproutLauncherCtrl Class)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [You must be registered and logged in to see this link.] (iTunesDetector Class)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} [You must be registered and logged in to see this link.] (TikGames Online Control)
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} [You must be registered and logged in to see this link.] (CPlayFirstDinerDashControl Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [You must be registered and logged in to see this link.] (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} [You must be registered and logged in to see this link.] (CPlayFirstWeddingDashControl Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} [You must be registered and logged in to see this link.] (QDiagHUpdateObj Class)
O16 - DPF: JT's Blocks [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Yahoo! Cribbage [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Yahoo! Dice [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Yahoo! Exploder [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Yahoo! Fleet [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Yahoo! Graffiti [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Yahoo! Pool 2 [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Yahoo! Pyramids [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Yahoo! Reversi [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Yahoo! Sheepshead [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Yahoo! Spelldown [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Yahoo! Towers 2.0 [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Yahoo! Trivia [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 () - [You must be registered and logged in to see this link.]
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Brenda\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brenda\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/03 17:47:21 | 000,000,748 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2001/11/15 08:31:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

brahm13
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-05-26
OS OS : xp
Points Points : 24026
# Likes # Likes : 0

View user profile

Back to top Go down

Solved part two otl log

Post by brahm13 on Thu May 27, 2010 2:15 am

========== Files/Folders - Created Within 30 Days ==========

[2010/05/26 19:14:26 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brenda\Desktop\OTL.exe
[2010/05/26 13:46:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/05/26 13:28:48 | 000,000,000 | ---D | C] -- C:\7e96eceef3e83ddda1c06f471906d6
[2010/05/26 13:11:03 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/05/25 21:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/05/25 06:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brenda\Local Settings\Application Data\The Weather Channel
[2010/05/24 13:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/05/23 15:55:45 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/05/22 19:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\ATT-PRT22-WISE
[2010/05/22 19:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\ATT
[2010/05/22 17:20:53 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/22 17:20:46 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/05/22 17:20:34 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/22 17:20:29 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/22 17:20:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/05/22 17:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/05/22 17:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/22 15:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brenda\Application Data\Malwarebytes
[2010/05/22 15:04:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/22 15:04:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/22 15:04:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/22 15:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/22 15:03:37 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brenda\Desktop\mbama-setup-1.46.exe
[2010/05/21 13:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/05/21 07:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brenda\My Documents\Downloads
[2010/05/19 12:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2010/05/17 15:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/17 15:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2002/11/15 10:08:34 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[172 C:\Documents and Settings\Brenda\My Documents\*.tmp files -> C:\Documents and Settings\Brenda\My Documents\*.tmp -> ]
[17 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/26 20:51:25 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010/05/26 20:32:46 | 000,048,883 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/05/26 20:31:19 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/26 20:28:38 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/05/26 20:25:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/26 20:24:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/05/26 20:24:28 | 804,331,520 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/26 19:33:00 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brenda\Desktop\OTL.exe
[2010/05/26 18:05:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekday Scanner.job
[2010/05/26 12:35:51 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/05/26 06:49:28 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/05/25 21:08:37 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/05/25 18:03:17 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Brenda\My Documents\2010 Fiscal Recommendations for Town of Freedom.doc
[2010/05/25 17:59:12 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Brenda\My Documents\~$10 Fiscal Recommendations for Town of Freedom.doc
[2010/05/25 12:13:11 | 007,933,952 | ---- | M] () -- C:\Documents and Settings\Brenda\My Documents\My Money.mny
[2010/05/25 12:13:04 | 007,936,270 | R--- | M] () -- C:\Documents and Settings\Brenda\My Documents\My Money Backup.mbf
[2010/05/25 06:20:50 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Brenda\NTUSER.DAT
[2010/05/25 06:20:23 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Brenda\NTUSER.INI
[2010/05/24 19:25:18 | 000,000,117 | ---- | M] () -- C:\WINDOWS\KA.INI
[2010/05/24 14:44:58 | 000,002,082 | ---- | M] () -- C:\WINDOWS\disney.ini
[2010/05/24 14:33:13 | 000,000,062 | ---- | M] () -- C:\WINDOWS\TLCAPPS.INI
[2010/05/24 14:32:21 | 000,001,353 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/05/23 19:22:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job
[2010/05/22 17:20:57 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/05/22 17:20:56 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/22 17:20:52 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/05/22 17:20:35 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/22 17:20:33 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/22 17:20:29 | 060,290,511 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/22 17:20:29 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/05/22 16:32:47 | 000,000,268 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/05/22 15:04:30 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/22 11:25:54 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brenda\Desktop\mbama-setup-1.46.exe
[2010/05/21 16:47:49 | 002,656,478 | -H-- | M] () -- C:\Documents and Settings\Brenda\Local Settings\Application Data\IconCache.db
[2010/05/21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/05/21 07:36:28 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/17 11:50:14 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Brenda\My Documents\Johnson mixes up GOP primary 2010.doc
[2010/05/14 13:45:07 | 000,557,568 | ---- | M] () -- C:\Documents and Settings\Brenda\My Documents\2010 Supervisor Survey.doc
[2010/05/14 10:19:34 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Brenda\My Documents\2010 Fire Permit Statement.doc
[2010/05/12 23:54:50 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Brenda\My Documents\2010 Fire Press Release.doc
[2010/05/08 15:36:26 | 000,988,870 | ---- | M] () -- C:\Documents and Settings\Brenda\My Documents\Tim Michels.jpg
[2010/05/08 14:18:14 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Brenda\My Documents\Town of Freedom Burning Permit and Notification.doc
[2010/05/07 08:36:58 | 000,021,504 | ---- | M] () -- C:\Freedom Parks Minutes May 2010.doc
[2010/05/06 08:43:03 | 000,000,162 | -H-- | M] () -- C:\~$10 freedom.doc
[2010/05/05 09:58:48 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Brenda\My Documents\Freedom Parks Description.doc
[2010/05/03 18:10:13 | 000,019,968 | ---- | M] () -- C:\FREEDOM Parks Agenda May.doc
[2010/05/02 21:06:30 | 000,097,144 | ---- | M] () -- C:\Documents and Settings\Brenda\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 16:16:29 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Brenda\My Documents\ParkJuly2009.doc
[2010/04/28 16:16:02 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Brenda\My Documents\ParkMarch2009.doc
[2010/04/28 15:40:35 | 000,423,417 | ---- | M] () -- C:\ParksNTrails_11x17[1].pdf
[2010/04/28 15:37:06 | 000,635,887 | ---- | M] () -- C:\Proposed_Park[1].pdf
[2010/04/28 15:34:47 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Brenda\My Documents\PARKMAY2009.doc
[2010/04/28 15:32:51 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Brenda\My Documents\NOVEMBER2009.doc
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[172 C:\Documents and Settings\Brenda\My Documents\*.tmp files -> C:\Documents and Settings\Brenda\My Documents\*.tmp -> ]
[17 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/26 13:12:38 | 000,000,374 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010/05/25 21:14:44 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/25 21:08:37 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/05/25 17:59:12 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Brenda\My Documents\~$10 Fiscal Recommendations for Town of Freedom.doc
[2010/05/25 08:02:44 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Brenda\My Documents\2010 Fiscal Recommendations for Town of Freedom.doc
[2010/05/24 13:11:03 | 804,331,520 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/22 17:20:57 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/05/22 17:20:29 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/05/22 17:20:11 | 060,290,511 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/22 15:04:30 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/21 07:36:28 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/17 11:31:51 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Brenda\My Documents\Johnson mixes up GOP primary 2010.doc
[2010/05/14 10:17:14 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Brenda\My Documents\2010 Fire Permit Statement.doc
[2010/05/12 22:36:34 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Brenda\My Documents\2010 Fire Press Release.doc
[2010/05/08 15:36:26 | 000,988,870 | ---- | C] () -- C:\Documents and Settings\Brenda\My Documents\Tim Michels.jpg
[2010/05/08 14:18:11 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Brenda\My Documents\Town of Freedom Burning Permit and Notification.doc
[2010/05/07 08:33:35 | 000,021,504 | ---- | C] () -- C:\Freedom Parks Minutes May 2010.doc
[2010/05/06 08:43:03 | 000,000,162 | -H-- | C] () -- C:\~$10 freedom.doc
[2010/05/05 16:43:46 | 000,557,568 | ---- | C] () -- C:\Documents and Settings\Brenda\My Documents\2010 Supervisor Survey.doc
[2010/05/05 08:33:32 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Brenda\My Documents\Freedom Parks Description.doc
[2010/04/28 16:16:29 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Brenda\My Documents\ParkJuly2009.doc
[2010/04/28 16:16:01 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Brenda\My Documents\ParkMarch2009.doc
[2010/04/28 15:40:35 | 000,423,417 | ---- | C] () -- C:\ParksNTrails_11x17[1].pdf
[2010/04/28 15:37:06 | 000,635,887 | ---- | C] () -- C:\Proposed_Park[1].pdf
[2010/04/28 15:34:46 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Brenda\My Documents\PARKMAY2009.doc
[2010/04/28 15:32:51 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Brenda\My Documents\NOVEMBER2009.doc
[2010/01/24 14:35:30 | 000,000,047 | ---- | C] () -- C:\WINDOWS\PWP.INI
[2009/05/16 17:47:22 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2009/05/16 14:35:45 | 000,000,117 | ---- | C] () -- C:\WINDOWS\KA.INI
[2009/05/16 14:26:30 | 000,000,029 | ---- | C] () -- C:\WINDOWS\RRK.INI
[2009/05/16 14:25:22 | 000,000,062 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2009/02/15 14:21:51 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDKPMON.DLL
[2009/02/15 14:21:51 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDKFXPU.DLL
[2009/02/15 14:21:31 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdkoem.dll
[2008/05/27 18:45:28 | 000,000,046 | ---- | C] () -- C:\WINDOWS\smsafari.ini
[2007/09/10 20:21:48 | 000,018,626 | ---- | C] () -- C:\WINDOWS\Buildalot.ini
[2007/08/23 07:19:26 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2007/08/14 14:18:08 | 000,000,182 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2007/06/20 20:57:11 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/05/15 08:27:45 | 000,000,057 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2006/12/31 23:43:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/12/15 17:59:10 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/09/01 14:33:39 | 000,000,023 | ---- | C] () -- C:\WINDOWS\CANDYLND.INI
[2006/05/09 08:49:51 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/25 13:10:03 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/20 11:34:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/11/09 04:01:56 | 000,002,947 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2005/11/05 13:14:41 | 000,000,229 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/11/05 10:54:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004/06/25 21:21:47 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\xrxscnui.dll
[2004/05/08 15:39:41 | 000,000,377 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/03/21 21:20:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/01/11 14:59:41 | 000,000,100 | ---- | C] () -- C:\WINDOWS\CTRec.INI
[2003/09/10 15:30:53 | 000,057,160 | ---- | C] () -- C:\WINDOWS\System32\qdizidi.dll
[2003/09/10 15:30:53 | 000,047,395 | ---- | C] () -- C:\WINDOWS\System32\qxesex.dll
[2003/08/28 21:45:16 | 000,000,291 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2003/08/18 20:32:44 | 000,455,168 | ---- | C] () -- C:\WINDOWS\System32\redllw32.dll
[2003/08/18 20:32:44 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\PDDLLW32.DLL
[2003/08/08 15:34:48 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/08/08 15:23:48 | 000,002,082 | ---- | C] () -- C:\WINDOWS\disney.ini
[2003/02/21 19:41:14 | 000,002,439 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/02/12 17:02:58 | 000,001,506 | ---- | C] () -- C:\WINDOWS\tlknw5.ini
[2002/12/23 21:31:07 | 000,000,028 | ---- | C] () -- C:\WINDOWS\boxworld.ini
[2002/12/23 21:17:37 | 000,002,662 | ---- | C] () -- C:\WINDOWS\COLORSTA.INI
[2002/12/23 21:15:46 | 000,000,107 | ---- | C] () -- C:\WINDOWS\emsoft.ini
[2002/12/23 21:15:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\BLACKBOX.INI
[2002/12/23 21:10:04 | 000,000,160 | ---- | C] () -- C:\WINDOWS\atoms.ini
[2002/11/28 00:36:39 | 000,002,685 | ---- | C] () -- C:\WINDOWS\FS.INI
[2002/11/27 23:53:48 | 000,000,169 | ---- | C] () -- C:\WINDOWS\WBLOCKER.INI
[2002/11/22 13:51:00 | 000,003,824 | ---- | C] () -- C:\WINDOWS\jammerw.ini
[2002/11/15 10:21:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/11/15 10:08:52 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2002/11/15 10:08:34 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2002/11/15 10:08:34 | 000,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2002/11/15 10:08:34 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2002/11/15 10:08:33 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2002/11/15 10:08:33 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2002/11/15 10:08:33 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2002/11/15 10:08:03 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/11/15 10:01:54 | 000,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/11/15 09:41:12 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/02/06 10:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 16:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2001/11/15 09:19:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:966CEAE7
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AA99C0C
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA004D25
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98AE08EA
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B15F8C8
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:241FA548
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B9D528D
@Alternate Data Stream - 878 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59D05D9A
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BD304B9
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A688EF17
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71FA8B7F
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F264BECE
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F36F14D3
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A696643D
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:554C6431
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F81E7082
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3B5FCD5
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27790C06
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8134D8F
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AADC76BA
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1713795
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B741B2C2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A97FF73C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B51CAAE
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3095C3B0
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0ED4AC2F
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AF9CAEB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79A70C33
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:592D7272
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DAE29C6
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4FCDFD9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AEABFEC4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93226FE3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:723E56EC
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8DB81DC
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CCDAB14
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7776B809
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A8F8A0C
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:417B6FAC
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13DF9DD1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E6B8D68
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22741C1F
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:159E9E4E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7A93447
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF794BCD
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1D818F7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D994162E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D5BB34A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A00BCDEF
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAFE3041
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8140CB50
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80E965A3
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F1019FF
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34B9286E
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D667795F
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C85CD339
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B8643BF
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63F8EC77
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:517B507A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48FEA089
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:453190EC
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18897B1D
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEEEFFAD
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC7C9796
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E84CA8F2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A561576B
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43E95997
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22786385
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E855BDCF
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0FEE2B
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B093E177
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88E71AC6
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B43B7AD
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:269C0B5C
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:049559C0
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDCEE6BF
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDCD8531
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FE30AB2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9DAAA6AF
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:83EC3BCE
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7DA89B1
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF33321C
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80B291A7
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DCAC4BC
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:304D2C3C
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:767A78E5
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F96D8E6
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15DE523E
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEE4A457
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A96D3F23
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81653DC8
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9547F1DB
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:062AF572
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E412AAF2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2A5A561
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6885F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A60D4837
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9EF92A1A
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89E1BAF5
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EF94CF3
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4709F39D
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33611CFB
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F93516B
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9B1EB7E
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0C7D68A
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:969C0C96
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD26134
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957E9765
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84E7BFEB
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81E7CF6A
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:490BCC52
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37994DBE
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13AA281B
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94F67F32
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:439E3411
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C6F032
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BFAD7A5D
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91191703
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663B62CA
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52E1DB1D
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC7738DB
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7B98566
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6285236
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:961B4D58
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:953FDC1A
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62BA1B55
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4AD2C54D
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31F2397C
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9E46E4C
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AA05701
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6677D85A
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDF08FAF
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A468A21E
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:221F35CC
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0762150
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DC2110AD
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7DC6E295
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57EE48CA
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45C55624
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B9E79B3
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16B49C20
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDDE312D
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDEB08FD
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE6DC701
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:883EDFB5
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C412B92
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
< End of report >

brahm13
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-05-26
OS OS : xp
Points Points : 24026
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Multiple trojans, virus, and exploits , worst problem is search engine redirecti

Post by brahm13 on Thu May 27, 2010 2:19 am

OTL Extras logfile created on: 5/26/2010 8:34:03 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Brenda\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 275.00 Mb Available Physical Memory | 36.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 47.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 33.77 Gb Free Space | 45.35% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARKR
Current User Name: Brenda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\XEROX\NWWIA\XrxFTPLt.exe" = C:\Program Files\XEROX\NWWIA\XrxFTPLt.exe:*:Disabled:XrxFTPLt -- ()
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QYCE.EXE" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QYCE.EXE:*:Disabled:QYCE -- File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\wmconnect\wm.exe" = C:\Program Files\wmconnect\wm.exe:*:Enabled:Wal-Mart Connect -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Lexmark 5300 Series\lxdkmon.exe" = C:\Program Files\Lexmark 5300 Series\lxdkmon.exe:*:Enabled:Printer Device Monitor -- File not found
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel(R) PROSet II
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Dell Modem-On-Hold
"{48A34EA8-695B-48BE-B900-C0C44D5D518A}" = Photo Viewer
"{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}" = upapp
"{51C91B84-7B46-4FE7-8999-8228CFA75F89}" = Intel(R) Integrated Performance Primitives RTI 4.0
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DE1AE26-8599-4378-9F17-328B5A3984A4}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC4732F4-665D-4E6B-8E50-74D6B6FBE5A9}" = PassAlong Software
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BDD8B3C0-0877-418D-ACC9-2AB0064B901A}" = Presto! Mr. Photo 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2DEE528-E9CC-4CEF-9E66-1C8975FA760C}" = Music Ace Demo
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E68C446D-D95A-4160-AC39-DE7062422985}" = OLYMPUS Master 2
"{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002
"{E8BC3608-61A8-4DB3-A6E8-3B67B36448DE}" = Greeting Card Factory Express
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"America Online us" = America Online
"ATI Display Driver" = ATI Display Driver
"ATT-PRT22" = ATT-PRT22
"AVG9Uninstall" = AVG Free 9.0
"BFG-Build-a-lot" = Build-a-lot (remove only)
"BFGC" = Big Fish Games Client
"BFG-Escape From Paradise" = Escape From Paradise (remove only)
"BFG-Farm Frenzy Pizza Party" = Farm Frenzy Pizza Party
"BFG-Megaplex Madness - Now Playing" = Megaplex Madness: Now Playing ™
"BFG-Nanny Mania" = Nanny Mania (remove only)
"BFG-Super Granny 3" = Super Granny 3 (remove only)
"BroadJump Client Foundation" = BroadJump Client Foundation
"Cake Mania" = Cake Mania (remove only)
"Canon MP190 series User Registration" = Canon MP190 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0" = Conexant HSF V92 56K RTAD Speakerphone PCI Modem
"DRM7Tool" = Personal License Update Wizard for Windows Media Player
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"eGames GameButler" = eGames GameButler
"Fizzball" = Fizzball (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LameACM" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP Navigator EX 1.2" = Canon MP Navigator EX 1.2
"mr7910_32bb2befe1e5d1d6012329af0300b36139b7b84a" = Windows Driver Package - (mr7910) Image 06/28/2005 1.3.0.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.2
"Mystic Inn" = Mystic Inn (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NoteWorthy Composer" = NoteWorthy Composer
"Pianonimo" = Pianonimo
"Prism" = Prism Video Converter
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"RollerCoaster Tycoon Setup" = Roll
"Shockwave" = Shockwave
"Sierra Utilities" = Sierra Utilities
"Stand O`Food" = Stand O`Food (remove only)
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"You Don't Know Jack The Ride" = You Don't Know Jack The Ride
"ZoneAlarm" = ZoneAlarm

brahm13
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-05-26
OS OS : xp
Points Points : 24026
# Likes # Likes : 0

View user profile

Back to top Go down

Solved extras log part 2 (having problems posting replies currently)

Post by brahm13 on Thu May 27, 2010 2:27 am

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

brahm13
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-05-26
OS OS : xp
Points Points : 24026
# Likes # Likes : 0

View user profile

Back to top Go down

Solved extras log 3

Post by brahm13 on Thu May 27, 2010 2:36 am

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/26/2010 5:14:55 PM | Computer Name = MARKR | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/26/2010 5:19:13 PM | Computer Name = MARKR | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

brahm13
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-05-26
OS OS : xp
Points Points : 24026
# Likes # Likes : 0

View user profile

Back to top Go down

Solved extras log 4 attached

Post by brahm13 on Thu May 27, 2010 2:40 am

I can't seem to get it to post almost anything right now - it keeps telling me that there are connection problems, but it seems to be working otherwise. I'll try attaching it as a txt file - I hope this is ok, otherwise the log will be in about 8 more posts.

brahm13
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-05-26
OS OS : xp
Points Points : 24026
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Multiple trojans, virus, and exploits , worst problem is search engine redirecti

Post by Belahzur on Thu May 27, 2010 8:48 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {2EF37A01-884F-11d5-AC99-B112050ECB4F} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved log fix

Post by brahm13 on Thu May 27, 2010 10:04 pm

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EF37A01-884F-11d5-AC99-B112050ECB4F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EF37A01-884F-11d5-AC99-B112050ECB4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.

OTL by OldTimer - Version 3.2.5.0 log created on 05272010_170226

brahm13
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-05-26
OS OS : xp
Points Points : 24026
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Multiple trojans, virus, and exploits , worst problem is search engine redirecti

Post by Belahzur on Fri May 28, 2010 5:55 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved malwarebytes log

Post by brahm13 on Fri May 28, 2010 10:34 pm

Just like last time we scanned it (about a week ago), malwarebytes found nothing. We had even done the full scan at that time. Here is the log from today:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4152

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/28/2010 3:13:35 PM
mbam-log-2010-05-28 (15-13-35).txt

Scan type: Quick scan
Objects scanned: 166723
Time elapsed: 47 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

brahm13
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-05-26
OS OS : xp
Points Points : 24026
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Multiple trojans, virus, and exploits , worst problem is search engine redirecti

Post by Belahzur on Sat May 29, 2010 9:18 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) SE Runtime Environment 6 Update 1
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 7
    Java(TM) 6 Update 11

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe that you downloaded to install the newest version.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved eset log

Post by brahm13 on Sat May 29, 2010 10:52 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c10c6f0adc59d6479ca358dc9625d69f
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-05-29 10:48:33
# local_time=2010-05-29 05:48:33 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777175 100 0 520434 520434 0 0
# compatibility_mode=5891 16776533 100 100 0 15305093 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 75 70 57173555 117856859 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0

brahm13
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-05-26
OS OS : xp
Points Points : 24026
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Multiple trojans, virus, and exploits , worst problem is search engine redirecti

Post by Belahzur on Sun May 30, 2010 10:03 pm

Hello.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Multiple trojans, virus, and exploits , worst problem is search engine redirecti

Post by brahm13 on Wed Jun 02, 2010 11:33 am

I did another scan on Microsoft Security essentials, and it removed a trojan downloader, disinfected alureon.h, and removed an exploit from Java. However, I did a search again this morning, and it still redirected me to other sites, so that virus must be still hiding out somewhere.

brahm13
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-05-26
OS OS : xp
Points Points : 24026
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Multiple trojans, virus, and exploits , worst problem is search engine redirecti

Post by Belahzur on Wed Jun 02, 2010 8:33 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Multiple trojans, virus, and exploits , worst problem is search engine redirecti

Post by brahm13 on Wed Jun 02, 2010 10:45 pm

ComboFix 10-06-02.01 - Brenda 06/02/2010 17:10:25.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.408 [GMT -5:00]
Running from: c:\documents and settings\Brenda\Desktop\combo-fix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Brenda\Application Data\.#
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\customer_cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\heart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\plates.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\tray.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_diner.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_dish_dropoff_1_snd.oggc:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd1.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd2.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd3.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd4.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\dinerdash2.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.5.inf
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\areabomb.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\beetlezap.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bonusrow.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bonustimer.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bucketfilled.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\clearpyramid.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1a.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1b.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1c.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2a.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2b.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2c.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\colorchain.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\dialogbox.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\drumbeat.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\fillrow.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\gateopen.oggc:\windows\Downloaded Program Files\TriJinx.1.0.0.55\strings.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\TriJinx.exe
c:\windows\MailSwitch.ocx
c:\windows\system32\Data

Infected copy of c:\windows\system32\drivers\disk.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-05-02 to 2010-06-02 )))))))))))))))))))))))))))))))
.

2010-06-02 18:54 . 2010-06-02 18:58 -------- d-----w- C:\All other Misc files created before June 2010
2010-06-02 11:46 . 2010-06-02 11:47 -------- d-----w- C:\DECCHECK
2010-06-02 04:54 . 2010-06-02 04:54 36352 ----a-w- c:\windows\system32\drivers\pchbkwka.sys
2010-05-31 12:34 . 2010-05-31 12:34 -------- d-----w- c:\documents and settings\Brenda\Local Settings\Application Data\PCHealth
2010-05-31 12:34 . 2010-05-31 12:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-05-29 23:19 . 2010-05-29 23:29 -------- d-----w- c:\documents and settings\Brenda\Local Settings\Application Data\nos
2010-05-29 23:19 . 2010-05-29 23:19 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-05-29 22:46 . 2010-05-29 22:46 -------- d-----w- c:\program files\ESET
2010-05-29 22:39 . 2010-05-29 22:39 -------- d-----w- c:\program files\Common Files\Java
2010-05-29 22:38 . 2010-05-29 22:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-29 22:36 . 2010-05-29 22:36 -------- d-----w- c:\program files\Java
2010-05-28 00:43 . 2010-05-28 00:43 23552 ----a-w- c:\windows\xobglu32.dll
2010-05-28 00:43 . 2010-05-28 00:43 63488 ----a-w- c:\windows\xobglu16.dll
2010-05-27 22:02 . 2010-05-27 22:02 -------- d-----w- C:\_OTL
2010-05-26 18:46 . 2010-05-27 02:46 -------- d-----w- c:\windows\system32\MpEngineStore
2010-05-26 18:28 . 2010-05-26 18:28 -------- d-----w- C:\7e96eceef3e83ddda1c06f471906d6
2010-05-26 18:11 . 2010-05-21 19:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 02:08 . 2010-05-26 02:09 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-25 11:24 . 2010-05-25 11:24 -------- d-----w- c:\documents and settings\Brenda\Local Settings\Application Data\The Weather Channel
2010-05-24 18:27 . 2010-05-26 18:10 -------- d-----w- c:\program files\Windows Live Safety Center
2010-05-24 12:42 . 2010-05-24 12:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-23 20:55 . 2010-05-23 20:55 -------- d-----w- C:\$AVG
2010-05-23 00:14 . 2010-05-23 00:19 -------- d-----w- c:\program files\ATT-PRT22-WISE
2010-05-23 00:14 . 2010-05-23 00:14 -------- d-----w- c:\program files\ATT
2010-05-22 22:14 . 2010-05-22 22:14 -------- d-----w- c:\program files\AVG
2010-05-22 22:13 . 2010-06-01 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-22 20:04 . 2010-05-22 20:04 -------- d-----w- c:\documents and settings\Brenda\Application Data\Malwarebytes
2010-05-22 20:04 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-22 20:04 . 2010-05-22 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-22 20:04 . 2010-05-22 20:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-22 20:04 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-21 21:59 . 2010-05-21 21:59 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-05-19 17:15 . 2010-05-19 17:15 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2010-05-19 17:15 . 2010-05-19 17:15 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-05-19 17:15 . 2010-05-19 17:15 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-05-17 20:12 . 2010-05-17 20:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 13:13 . 2009-02-06 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-29 23:21 . 2009-02-07 00:09 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-28 17:34 . 2007-05-09 12:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-28 16:52 . 2009-05-27 00:51 -------- d-----w- c:\program files\Megaplex Madness - Now Playing
2010-05-28 01:20 . 2006-11-29 02:16 -------- d-----w- c:\program files\Fizzball
2010-05-27 01:25 . 2007-03-11 17:06 36772214 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-05-25 00:30 . 2009-01-05 00:15 -------- d-----w- c:\program files\Paint.NET
2010-05-25 00:26 . 2007-05-18 17:52 -------- d--h--w- c:\documents and settings\Brenda\Application Data\Move Networks
2010-05-24 21:28 . 2010-01-27 20:50 -------- d-----w- c:\program files\Encore
2010-05-24 19:46 . 2009-01-02 18:57 -------- d-----w- c:\program files\RealArcade
2010-05-24 19:45 . 2007-01-10 23:49 -------- d-----w- c:\program files\Dolphin
2010-05-24 19:29 . 2005-05-25 21:22 -------- d-----w- c:\program files\The Learning Company
2010-05-24 19:19 . 2003-02-01 15:19 -------- d-----w- c:\program files\Hasbro Interactive
2010-05-23 11:43 . 2006-04-20 16:48 -------- d-----w- c:\program files\Common Files\Motive
2010-05-23 00:14 . 2006-04-20 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2010-05-22 21:37 . 2003-01-20 02:56 -------- d-----w- c:\program files\Yahoo!
2010-05-22 21:37 . 2006-04-20 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2010-05-22 21:27 . 2006-04-20 17:13 -------- d-----w- c:\program files\Common Files\Scanner
2010-05-21 21:48 . 2010-05-22 03:17 3886080 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-05-20 12:13 . 2006-04-20 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-05-14 00:58 . 2007-05-09 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-04-24 19:42 . 2007-11-19 15:42 32256 ---h--w- C:\~WRL2179.tmp
2010-04-24 19:42 . 2007-11-19 15:42 32768 ---h--w- C:\~WRL0256.tmp
2010-04-24 19:42 . 2007-11-19 15:42 32256 ---h--w- C:\~WRL0220.tmp
2010-03-27 15:10 . 2010-03-27 15:10 50354 ----a-w- c:\documents and settings\Brenda\Application Data\Facebook\uninstall.exe
2010-03-10 06:15 . 2002-02-26 20:58 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Brenda\Application Data\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Brenda\Application Data\Facebook\npfbplugin_1_0_3.dll
2008-03-08 21:09 . 2008-03-08 21:09 0 ----a-w- c:\program files\temp01
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2001-07-25 184376]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-06-20 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2002-12-03 212992]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 172032]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-08 77824]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-24 968696]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-30 185896]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2002-11-15 45056]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\XEROX\\NWWIA\\XrxFTPLt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S3 DSCVc;Video Capture;c:\windows\system32\DRIVERS\CoachVc.sys --> c:\windows\system32\DRIVERS\CoachVc.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2003-01-03 c:\windows\Tasks\FRU Task 2002-05-31 16:38ewlett-PackardeskjetD1F5C76C62909B80B7DD96D9CE9D83EC24F74D1377528048C4168AA70B210A5D320.job
- c:\program files\Hewlett-Packard\upapp\hpqfruv.exe [2002-05-31 15:38]

2002-11-19 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2001-08-18 00:12]

2010-06-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
Trusted Zone: christianbook.com\dlm
Trusted Zone: christianbook.com\drm
Trusted Zone: christianbook.com\www
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} - [You must be registered and logged in to see this link.]
DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - [You must be registered and logged in to see this link.]
DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} - [You must be registered and logged in to see this link.]
DPF: {74EF5274-F439-2168-B543-14745B625C72} - [You must be registered and logged in to see this link.]
DPF: {8ADC4409-4FBF-4224-B73F-2392C721BCB4} - [You must be registered and logged in to see this link.]
DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - [You must be registered and logged in to see this link.]
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - [You must be registered and logged in to see this link.]
DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} - [You must be registered and logged in to see this link.]
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - [You must be registered and logged in to see this link.]
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Brenda\Application Data\Mozilla\Firefox\Profiles\v8eddjxk.default\
FF - plugin: c:\documents and settings\Brenda\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Musicnotes\npmusicn.dll
FF - plugin: c:\program files\Musicnotes\NPSibelius.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-02 17:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????X:??????x??? ???X??? ??????? ???P????(?w'(?w????????????(???u??????w????????????0????$?w7(?w?o?wS??w???w????????????x'@?????????X????????"@?e?????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-06-02 17:34:47
ComboFix-quarantined-files.txt 2010-06-02 22:34

Pre-Run: 48,665,714,688 bytes free
Post-Run: 51,149,467,648 bytes free

- - End Of File - - F964E673EFBF3F1F07504A841180CFE2

brahm13
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-05-26
OS OS : xp
Points Points : 24026
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Multiple trojans, virus, and exploits , worst problem is search engine redirecti

Post by Belahzur on Thu Jun 03, 2010 9:48 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved windows reinstalled

Post by brahm13 on Sun Jun 06, 2010 2:11 am

It got to the point that we were rarely able to get on the internet any longer, and my husband needed to check his email daily, so we had to do something urgently. On Thursday, we finally just backed up everything essential and reinstalled windows. The updates from the last 8 years since we bought the computer are still loading a full day later, but the internet pop ups and re-directing is completely resolved (although internet explorer closes randomly, but I think it may be due to the updates). I want to thank you SO much for all of the effort that you put into this matter and for most likely helping us avoid an identity theft from some of the viruses and trojans. I will definitely recommend this site to anyone who is having similar issues. Thanks again!

brahm13
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-05-26
OS OS : xp
Points Points : 24026
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum