GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

4 Trojan.Vundo.H and 1 Trojan.Vundo

View previous topic View next topic Go down

4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Coldplasma819 on Thu Aug 05, 2010 4:03 am

Keep in mind for the future that this issue is on my dad's computer, A WINDOWS XP SYSTEM.

Hello again! I am back, however this time I am on my dad's older computer. Having used Malwarebytes Anti-Malware in the process of fixing my computer, I thought about installing it on my dad's computer because his was known to run slow. Boy was he infected! After the quick scan was complete, I was prompted to restart, and I did. Below is the log from the Malwarebytes Anti-Malware quick scan:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4391

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/4/2010 11:41:11 PM
mbam-log-2010-08-04 (23-41-11).txt

Scan type: Quick scan
Objects scanned: 155442
Time elapsed: 14 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 11
Files Infected: 249

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5c47faf0-32a4-49c5-8280-82c57afc5f79} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pioogugq (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5c47faf0-32a4-49c5-8280-82c57afc5f79} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\retro64_loader.r64loader (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\retro64_loader.r64loader.1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{450b9e4d-4014-4de3-b34e-014a81468293} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{700016cf-23e4-16cb-9f2e-730a000091e1} (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{288c5f13-7e52-4ada-a32e-f5bf9d125f99} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{288c5f13-7e52-4ada-a32e-f5bf9d125f99} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5c47faf0-32a4-49c5-8280-82c57afc5f79} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ErrorRepairTool (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorRepairTool (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_RUNTIME (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\errorrepairtool (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\Logs (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200 (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\Results (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\Starware(2) (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\Starware(2)\Manager(2) (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Collin Ferraro\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\SYSTEM32\clbaclb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\Logs\2009-03-31 21-26-280.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\filelist.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-0.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-1.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-10.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-100.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-101.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-102.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-103.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-104.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-105.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-106.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-107.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-108.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-109.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-11.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-110.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-111.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-112.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-113.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-114.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-115.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-116.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-117.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-118.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-119.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-12.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-120.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-121.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-122.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-123.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-124.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-125.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-126.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-127.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-128.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-129.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-13.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-130.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-131.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-132.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-133.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-134.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-135.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-136.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-137.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-138.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-139.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-14.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-140.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-141.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-142.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-143.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-144.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-145.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-146.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-147.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-148.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-149.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-15.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-150.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-151.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-152.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-153.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-154.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-155.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-156.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-157.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-158.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-159.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-16.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-160.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-161.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-162.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-163.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-164.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-165.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-166.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-167.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-168.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-169.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-17.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-170.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-171.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-172.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-173.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-174.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-175.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-176.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-177.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-178.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-179.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-18.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-180.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-181.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-182.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-183.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-184.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-185.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-186.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-187.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-188.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-189.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-19.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-190.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-191.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-192.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-193.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-194.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-195.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-196.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-197.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-198.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-199.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-2.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-20.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-200.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-201.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-202.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-203.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-204.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-205.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-206.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-207.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-208.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-209.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-21.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-210.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-211.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-212.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-213.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-214.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-215.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-216.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-217.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-218.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-219.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-22.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-220.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-221.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-222.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-223.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-224.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-225.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-226.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-227.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-228.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-229.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-23.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-230.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-231.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-232.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-233.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-234.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-235.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-236.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-237.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-24.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-25.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-26.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-27.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-28.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-29.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-3.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-30.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-31.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-32.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-33.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-34.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-35.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-36.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-37.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-38.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-39.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-4.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-40.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-41.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-42.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-43.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-44.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-45.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-46.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-47.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-48.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-49.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-5.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-50.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-51.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-52.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-53.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-54.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-55.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-56.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-57.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-58.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-59.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-6.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-60.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-61.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-62.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-63.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-64.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-65.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-66.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-67.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-68.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-69.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-7.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-70.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-71.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-72.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-73.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-74.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-75.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-76.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-77.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-78.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-79.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-8.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-80.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-81.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-82.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-83.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-84.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-85.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-86.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-87.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-88.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-89.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-9.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-90.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-91.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-92.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-93.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-94.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-95.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-96.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-97.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-98.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-99.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\Results\Evidence.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\Results\Junk.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\Results\Registry.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\Results\Update.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\Starware(2)\Manager(2)\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\Starware(2)\Manager(2)\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\02380600.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\ErrorRepairTool Scan.job (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.

Coldplasma819
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2010-07-28
Gender : Male
OS : Windows Vista Home Premium

View user profile

Back to top Go down

2nd quick scan after the 1st

Post by Coldplasma819 on Thu Aug 05, 2010 4:34 am

I ran another quick scan shortly after the first one, here is the log:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4391

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/5/2010 12:21:13 AM
mbam-log-2010-08-05 (00-21-13).txt

Scan type: Quick scan
Objects scanned: 155194
Time elapsed: 13 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5c47faf0-32a4-49c5-8280-82c57afc5f79} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pioogugq (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5c47faf0-32a4-49c5-8280-82c57afc5f79} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5c47faf0-32a4-49c5-8280-82c57afc5f79} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\SYSTEM32\clbaclb.dll (Trojan.Vundo.H) -> Delete on reboot.

Coldplasma819
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2010-07-28
Gender : Male
OS : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Belahzur on Thu Aug 05, 2010 8:37 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

OTL.Txt

Post by Coldplasma819 on Thu Aug 05, 2010 10:09 pm

OTL logfile created on: 8/5/2010 5:16:20 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Joseph Ferraro\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 235.00 Mb Available Physical Memory | 46.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.73 Gb Total Space | 81.80 Gb Free Space | 73.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FERRARO
Current User Name: Joseph Ferraro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/05 17:15:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joseph Ferraro\Desktop\OTL.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/12/08 21:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/08 20:22:24 | 005,134,864 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
PRC - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 19:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/11/22 21:58:48 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe
PRC - [2003/05/15 15:22:36 | 000,245,760 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2002/12/14 10:23:21 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2001/11/26 21:54:02 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2001/10/18 11:25:18 | 000,040,960 | ---- | M] (Jetsoft Development Company) -- C:\Program Files\LexmarkX83\ACMonitor_X83.exe
PRC - [2001/06/14 13:42:26 | 000,053,248 | ---- | M] (Jetsoft Development Company) -- C:\Program Files\LexmarkX83\AcBtnMgr_X83.exe


========== Modules (SafeList) ==========

MOD - [2010/08/05 17:15:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joseph Ferraro\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/08 20:22:22 | 000,068,112 | ---- | M] (McAfee) [On_Demand | Stopped] -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/11/22 21:58:48 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/05/03 13:29:42 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel(R)
SRV - [2001/11/26 21:54:02 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/06/13 15:24:13 | 002,155,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2007/04/03 16:14:41 | 000,012,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\lqfbwgno.sys -- (crexdgbw)
DRV - [2007/03/22 13:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\elagopro.sys -- (elagopro)
DRV - [2007/03/22 13:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\elaunidr.sys -- (elaunidr)
DRV - [2005/08/19 03:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/08/19 03:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/03/03 13:53:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/02/23 11:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/01/03 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/12/03 06:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/05/09 17:56:40 | 000,028,276 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2002/12/14 10:23:25 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2002/10/02 19:47:04 | 000,025,674 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/10/02 19:46:58 | 000,030,406 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/10/02 19:46:52 | 000,134,426 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/10/02 19:43:20 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2002/10/02 19:42:00 | 000,240,640 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/09/27 20:56:50 | 000,009,856 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2002/07/19 12:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/06/30 21:50:12 | 000,167,155 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2002/06/30 21:49:46 | 001,172,416 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2002/06/30 21:45:12 | 000,594,832 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2002/05/03 13:30:08 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG)
DRV - [2001/09/27 12:58:20 | 000,028,396 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 15:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_V124.sys -- (V124)
DRV - [2001/08/17 15:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 15:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 15:28:10 | 000,073,279 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SPKP.sys -- (SpeakerPhone)
DRV - [2001/08/17 15:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 15:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 15:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 15:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 15:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 15:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_BSC2.sys -- (basic2)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/27 16:55:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/13 12:44:30 | 000,000,000 | ---D | M]

[2010/01/16 22:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Ferraro\Application Data\Mozilla\Extensions
[2010/01/16 22:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Ferraro\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2004/08/02 13:44:08 | 000,000,738 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: () - {5C47FAF0-32A4-49C5-8280-82C57AFC5F79} - C:\WINDOWS\SYSTEM32\clbaclb.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Lexmark X83 Button Manager] C:\Program Files\LexmarkX83\AcBtnMgr_X83.exe (Jetsoft Development Company)
O4 - HKLM..\Run: [Lexmark X83 Button Monitor] C:\Program Files\LexmarkX83\ACMonitor_X83.exe (Jetsoft Development Company)
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\printray.exe (Lexmark)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [sr1exe] C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe (Dell)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} [You must be registered and logged in to see this link.] (GameDesire Card Games)
O16 - DPF: {1C855A0E-34AF-4660-A2FD-66A82A57D14B} [You must be registered and logged in to see this link.] (XExcuter Class)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} [You must be registered and logged in to see this link.] (Malicious Software Removal Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} [You must be registered and logged in to see this link.] (ZoneIntro Class)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} [You must be registered and logged in to see this link.] (Toontown Installer ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\pioogugq: DllName - clbaclb.dll - C:\WINDOWS\System32\clbaclb.dll ()
O24 - Desktop Components:0 () - [You must be registered and logged in to see this link.]
O24 - Desktop Components:1 () -
O24 - Desktop Components:2 () - [You must be registered and logged in to see this link.]
O24 - Desktop Components:3 () - [You must be registered and logged in to see this link.]
O24 - Desktop Components:4 () - [You must be registered and logged in to see this link.]
O24 - Desktop Components:5 () - [You must be registered and logged in to see this link.]
O24 - Desktop Components:6 () - [You must be registered and logged in to see this link.]
O24 - Desktop WallPaper: C:\Documents and Settings\Joseph Ferraro\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joseph Ferraro\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk C:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/05 17:15:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joseph Ferraro\Desktop\OTL.exe
[2010/08/04 23:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph Ferraro\Application Data\Malwarebytes
[2010/08/04 23:22:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/04 23:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/04 23:22:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/04 23:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/07 10:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph Ferraro\Desktop\New Folder
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/05 17:15:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joseph Ferraro\Desktop\OTL.exe
[2010/08/05 15:26:12 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/08/05 11:03:06 | 000,018,223 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/08/05 11:02:53 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/08/05 11:00:08 | 000,000,020 | ---- | M] () -- C:\WINDOWS\ACMonitor_X83.ini
[2010/08/05 10:59:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/05 10:59:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/08/05 10:59:50 | 535,896,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/05 00:42:10 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\Joseph Ferraro\ntuser.dat
[2010/08/05 00:42:10 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Joseph Ferraro\NTUSER.INI
[2010/08/04 23:22:52 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/04 22:52:53 | 000,000,244 | ---- | M] () -- C:\Documents and Settings\Joseph Ferraro\Desktop\craigslist binghamton classifieds for jobs, apartments, personals, for sale, services, community, and events.url
[2010/08/04 20:13:06 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B29DCEDC-0773-4FEA-9CC2-17D1DA75B21A}.job
[2010/07/27 02:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/21 12:34:37 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Joseph Ferraro\My Documents\401k request.doc
[2010/07/20 23:12:16 | 001,636,322 | -H-- | M] () -- C:\Documents and Settings\Joseph Ferraro\Local Settings\Application Data\IconCache.db
[2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/07/15 09:03:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/15 08:58:24 | 000,000,855 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/07/07 17:53:33 | 000,000,479 | ---- | M] () -- C:\Documents and Settings\Joseph Ferraro\Desktop\Power Commander 3 Usb.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2100/04/01 18:22:34 | 000,000,193 | ---- | C] () -- C:\WINDOWS\X83_DS.ini
[2100/02/24 15:15:04 | 000,000,821 | ---- | C] () -- C:\WINDOWS\Lexmark_ICM.ini
[2100/02/16 17:09:06 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\LXASUSCI.INI
[2010/08/04 23:22:52 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/04 22:52:53 | 000,000,244 | ---- | C] () -- C:\Documents and Settings\Joseph Ferraro\Desktop\craigslist binghamton classifieds for jobs, apartments, personals, for sale, services, community, and events.url
[2010/07/21 12:34:36 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Joseph Ferraro\My Documents\401k request.doc
[2010/07/07 17:53:33 | 000,000,479 | ---- | C] () -- C:\Documents and Settings\Joseph Ferraro\Desktop\Power Commander 3 Usb.lnk
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/01/30 22:02:38 | 000,054,608 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2007/05/04 20:10:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2007/04/21 18:46:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/04/12 10:41:53 | 000,001,224 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/04/06 13:49:53 | 000,114,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\WENCRNT4.sys
[2007/03/20 11:45:01 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\clbaclb.dll
[2007/03/20 11:45:00 | 000,012,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lqfbwgno.sys
[2006/07/25 15:25:33 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/04/19 08:45:38 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/18 11:05:43 | 000,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll
[2006/03/18 11:05:43 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll
[2006/03/18 11:05:43 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll
[2006/03/18 11:05:43 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2006/02/16 09:35:23 | 000,000,020 | ---- | C] () -- C:\WINDOWS\ACMonitor_X83.ini
[2006/01/25 19:51:30 | 000,000,194 | ---- | C] () -- C:\WINDOWS\X83_DS(2).ini
[2005/04/16 13:42:21 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/04/09 20:58:21 | 000,000,035 | ---- | C] () -- C:\WINDOWS\WorldBuilder.INI
[2005/01/27 18:29:40 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/04 08:47:56 | 000,000,120 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2004/08/04 03:56:42 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 03:56:42 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 03:56:42 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 03:56:42 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 03:56:42 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2003/11/20 18:31:09 | 000,000,231 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/11/20 18:31:07 | 000,000,108 | ---- | C] () -- C:\WINDOWS\ka.ini
[2003/08/31 14:09:08 | 000,000,157 | ---- | C] () -- C:\WINDOWS\disney.ini
[2003/08/31 14:09:00 | 000,000,187 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2003/03/30 16:37:21 | 000,000,078 | ---- | C] () -- C:\WINDOWS\TONKA.INI
[2003/02/09 17:24:56 | 000,002,369 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/12/30 20:31:07 | 000,000,078 | ---- | C] () -- C:\WINDOWS\psuite.ini
[2002/12/30 20:04:22 | 000,004,672 | ---- | C] () -- C:\WINDOWS\System32\LXASUSCI.DLL
[2002/12/14 10:26:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/12/14 10:12:37 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/12/14 09:53:04 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/09 10:32:16 | 000,000,784 | ---- | C] () -- C:\WINDOWS\LRUN32.INI
[2002/09/09 10:28:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/02/06 11:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 17:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2001/10/25 14:20:09 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXASICO.DLL
[2001/10/25 14:20:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\LXASBCE.DLL
[2001/10/25 14:20:08 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/01/05 14:34:30 | 000,016,812 | ---- | C] () -- C:\WINDOWS\System32\lxas2kpm.dll
[2001/01/05 13:08:02 | 000,008,427 | ---- | C] () -- C:\WINDOWS\System32\lxas2kui.dll
[2000/10/24 10:08:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/10/24 10:08:33 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
< End of report >

Coldplasma819
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2010-07-28
Gender : Male
OS : Windows Vista Home Premium

View user profile

Back to top Go down

Extras.Txt

Post by Coldplasma819 on Thu Aug 05, 2010 10:11 pm

OTL Extras logfile created on: 8/5/2010 5:16:20 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Joseph Ferraro\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 235.00 Mb Available Physical Memory | 46.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.73 Gb Total Space | 81.80 Gb Free Space | 73.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FERRARO
Current User Name: Joseph Ferraro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2211:TCP" = 2211:TCP:*:Enabled:@xpsp2res.dll
"2128:TCP" = 2128:TCP:*:Enabled:@xpsp2res.dll
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Starcraft\starcraft.exe" = C:\Program Files\Starcraft\starcraft.exe:*:Disabled:Starcraft -- (Blizzard Entertainment)
"C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\game.dat" = C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\game.dat:*:Disabled:game -- ()
"C:\Program Files\GameHouse\Ricochet\Ricochet.exe" = C:\Program Files\GameHouse\Ricochet\Ricochet.exe:*:Disabled:Ricochet -- File not found
"C:\Program Files\Yahoo! Games\Final Drive Nitro\Racing.exe" = C:\Program Files\Yahoo! Games\Final Drive Nitro\Racing.exe:*:Disabled:Racing -- File not found
"C:\Program Files\City Interactive\WWII Pacific Heroes\pacific.exe" = C:\Program Files\City Interactive\WWII Pacific Heroes\pacific.exe:*:Disabled:pacific -- File not found
"C:\Program Files\Yahoo! Games\Phoenix Assault\Phoenix.exe" = C:\Program Files\Yahoo! Games\Phoenix Assault\Phoenix.exe:*:Disabled:Phoenix Assault -- File not found
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Kazaa\kazaa.exe" = C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa -- File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine -- File not found
"C:\Program Files\PANZERS - Phase2\Run\PANZERS_PHASE_2.EXE" = C:\Program Files\PANZERS - Phase2\Run\PANZERS_PHASE_2.EXE:*:Enabled:Codename Panzers Phase 2 -- File not found
"C:\Program Files\Microsoft Games\Halo Trial\halo.exe" = C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Disabled:Halo -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Halo\halo.exe" = C:\Program Files\Microsoft Games\Halo\halo.exe:*:Disabled:Halo -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Halo Custom Edition\haloce.exe" = C:\Program Files\Microsoft Games\Halo Custom Edition\haloce.exe:*:Disabled:Halo -- File not found
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Disabled:CoD2MP_s -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\UT2004Demo\System\UT2004.exe" = C:\UT2004Demo\System\UT2004.exe:*:Enabled:UT2004 -- File not found
"C:\Documents and Settings\Joseph Ferraro\Local Settings\Temporary Internet Files\Content.IE5\O1EFGHUJ\wowclient-downloader[1].exe" = C:\Documents and Settings\Joseph Ferraro\Local Settings\Temporary Internet Files\Content.IE5\O1EFGHUJ\wowclient-downloader[1].exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Documents and Settings\Joseph Ferraro\Local Settings\Temporary Internet Files\Content.IE5\0X2FGHMN\wowclient-downloader[1].exe" = C:\Documents and Settings\Joseph Ferraro\Local Settings\Temporary Internet Files\Content.IE5\0X2FGHMN\wowclient-downloader[1].exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Documents and Settings\Joseph Ferraro\Local Settings\Temp\Temporary Internet Files\Content.IE5\8XANO1QF\Office_Space.avi-downloader[1].exe" = C:\Documents and Settings\Joseph Ferraro\Local Settings\Temp\Temporary Internet Files\Content.IE5\8XANO1QF\Office_Space.avi-downloader[1].exe:*:Disabled:Blizzard Downloader -- File not found
"C:\World of Warcraft\BackgroundDownloader.exe" = C:\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Disabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Disabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe:*:Disabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe:*:Disabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe:*:Disabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Disabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Disabled:Blizzard Downloader -- File not found
"C:\WINDOWS\SYSTEM32\jkirsyie.exe" = C:\WINDOWS\SYSTEM32\jkirsyie.exe:*:Disabled:jkirsyie -- File not found
"C:\WINDOWS\system32\sysvx.exe" = C:\WINDOWS\system32\sysvx.exe:*:Enabled:enable -- File not found
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoWTest\WoW-0.2.0.7175-to-0.2.0.7187-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoWTest\WoW-0.2.0.7175-to-0.2.0.7187-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\UT2004\System\UT2004.exe" = C:\UT2004\System\UT2004.exe:*:Enabled:UT2004 -- File not found
"C:\Program Files\World of Warcraft\Repair.exe" = C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility -- File not found
"C:\Program Files\THQ\DarkCrusade\DarkCrusade.exe" = C:\Program Files\THQ\DarkCrusade\DarkCrusade.exe:*:Disabled:DarkCrusade -- File not found
"C:\Program Files\THQ\Dawn Of War\W40kWA.exe" = C:\Program Files\THQ\Dawn Of War\W40kWA.exe:*:Disabled:W40kWA -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel(R) PROSet II
"{04D8BFCA-5A75-45E1-9F74-A7E4405EAE28}" = ATI Catalyst Control Center
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Dell Modem-On-Hold
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55BC7EFA-D832-4EE3-9DEA-49B0C07539D9}" =
"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = MyDVD
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88A77307-828D-45AD-90A2-E018228B097F}" = Operation Blockade
"{88D5B052-13BF-44FE-8C17-AC416B323BFE}" = UT2004 Editor's Choice Edition Mod Installer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}" = HP Photosmart and Deskjet 7.0.A
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DCDC8E79-4600-4C02-9824-CD3BB8971D4E}" =
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}" = HLPCCTR
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL
"3DGroove" = 3D Groove Playback Engine
"Ad-aware 6 Personal" = Ad-aware 6 Personal
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"All ATI Software" = ATI - Software Uninstall Utility
"America Online us" = America Online
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0" = Conexant HSF V92 56K RTAD Speakerphone PCI Modem
"Cubis Gold" = Cubis Gold
"CursorCafeInstaller" = CursorCafe Installer
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"GameSpy Arcade" = GameSpy Arcade
"Halo" = Microsoft Halo
"Halo Trial" = Microsoft Halo Trial
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"Lexmark X83" = Lexmark X83
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MGI_PHOTOSUITE_V806" = MGI PhotoSuite 8.1 (Remove Only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Microsoft Press Interactive Training" = Microsoft Interactive Training
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Power Commander 3 Usb_is1" = Power Commander Control Center 3.2.0 (Test Build 1)
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer Basic
"Red Alert 2" = Command & Conquer Red Alert 2
"RogueRemover" = RogueRemover 1.18
"Roguescanfix_is1" = Roguescanfix 1.5
"SecurityScan_is1" = Winferno Security Scan
"Shockwave" = Shockwave
"Starcraft" = Starcraft
"TalonSoft's Divided Ground" = TalonSoft's Divided Ground
"Tiberian Sun" = Command & Conquer Tiberian Sun
"Unlocker" = Unlocker 1.7.2
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Winter 3D Screensaver_is1" = Winter 3D Screensaver 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/11/2010 6:07:08 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/11/2010 6:07:09 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/11/2010 6:07:09 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/11/2010 6:07:52 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/11/2010 6:07:52 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/3/2010 8:04:04 PM | Computer Name = FERRARO | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3296 (0xce0) Thread address : 0x12026890 Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\PROGRAM FILES\MCAFEE\MSC\MCSYNC.EXE

by System 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0)

5004(0)(0)

Error - 8/3/2010 9:19:15 PM | Computer Name = FERRARO | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x20000000.

Error - 8/5/2010 11:12:58 AM | Computer Name = FERRARO | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/5/2010 11:12:58 AM | Computer Name = FERRARO | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/5/2010 11:12:58 AM | Computer Name = FERRARO | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.


< End of report >

Coldplasma819
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2010-07-28
Gender : Male
OS : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Belahzur on Thu Aug 05, 2010 11:09 pm

Hello.
Nasty piece of malware you got there, not nicw.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Combo-Fix log

Post by Coldplasma819 on Fri Aug 06, 2010 5:45 pm

ComboFix 10-08-06.01 - Joseph Ferraro 08/06/2010 13:03:28.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.213 [GMT -4:00]
Running from: c:\documents and settings\Joseph Ferraro\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Collin Ferraro\error.log
c:\documents and settings\Joseph Ferraro\Application Data\Install.dat
c:\documents and settings\Joseph Ferraro\err.log
c:\windows\inf\dm.inf
c:\windows\inf\dm.PNF
c:\windows\Readme.txt
c:\windows\securea.html
c:\windows\system32\fonts
c:\windows\system32\fonts\ACADEMY_.PFB
c:\windows\system32\fonts\ACADEMY_.PFM
c:\windows\system32\fonts\ACADEMY_.TTF
c:\windows\system32\stera.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EXAMPLE
-------\Legacy_NDNET1


((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-08-05 03:25 . 2010-08-05 03:25 -------- d-----w- c:\documents and settings\Joseph Ferraro\Application Data\Malwarebytes
2010-08-05 03:22 . 2010-08-05 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-05 04:40 . 2010-01-17 02:54 -------- d-----w- c:\program files\LimeWire
2010-08-05 03:22 . 2010-08-05 03:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 22:32 . 2010-08-04 22:32 503808 ----a-w- c:\documents and settings\Joseph Ferraro\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-32145211-n\msvcp71.dll
2010-08-04 22:32 . 2010-08-04 22:32 12800 ----a-w- c:\documents and settings\Joseph Ferraro\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6971a8d6-n\decora-d3d.dll
2010-08-04 22:32 . 2010-08-04 22:32 499712 ----a-w- c:\documents and settings\Joseph Ferraro\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-32145211-n\jmc.dll
2010-08-04 22:32 . 2010-08-04 22:32 61440 ----a-w- c:\documents and settings\Joseph Ferraro\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6971a8d6-n\decora-sse.dll
2010-08-04 22:32 . 2010-08-04 22:32 348160 ----a-w- c:\documents and settings\Joseph Ferraro\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-32145211-n\msvcr71.dll
2010-07-30 13:06 . 2009-08-20 21:48 -------- d-----w- c:\program files\McAfee
2010-07-15 19:18 . 2009-08-20 21:50 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-14 14:31 . 2002-08-29 11:00 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-05-26 22:32 . 2010-05-26 22:32 503808 -c--a-w- c:\documents and settings\Joseph Ferraro\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7edf3228-n\msvcp71.dll
2010-05-26 22:32 . 2010-05-26 22:32 499712 -c--a-w- c:\documents and settings\Joseph Ferraro\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7edf3228-n\jmc.dll
2010-05-26 22:32 . 2010-05-26 22:32 348160 -c--a-w- c:\documents and settings\Joseph Ferraro\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7edf3228-n\msvcr71.dll
2010-05-26 22:32 . 2010-05-26 22:32 12800 -c--a-w- c:\documents and settings\Joseph Ferraro\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-35e1f059-n\decora-d3d.dll
2010-05-26 22:32 . 2010-05-26 22:32 61440 -c--a-w- c:\documents and settings\Joseph Ferraro\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-35e1f059-n\decora-sse.dll
2001-06-20 21:19 . 2001-06-19 21:34 40960 -c--a-w- c:\program files\ACMonitor_X83.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C47FAF0-32A4-49C5-8280-82C57AFC5F79}]
2008-05-16 21:56 79872 ------w- c:\windows\SYSTEM32\clbaclb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-05-15 245760]
"sr1exe"="c:\documents and settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe" [2003-05-15 106496]
"Lexmark X83 Button Monitor"="c:\progra~1\LEXMAR~1\ACMonitor_X83.exe" [2001-10-18 40960]
"Lexmark X83 Button Manager"="c:\progra~1\LEXMAR~1\AcBtnMgr_X83.exe" [2001-06-14 53248]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2001-10-25 36864]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2002-12-14 26112]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-31 57344]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-31 57344]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2008-05-16 21:56 79872 ------w- c:\windows\SYSTEM32\clbaclb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pioogugq]
2008-05-16 21:56 79872 ------w- c:\windows\SYSTEM32\clbaclb.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 7.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Joseph Ferraro^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\Joseph Ferraro\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-10-02 23:41 684032 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2002-08-15 00:22 28672 -c--a-r- c:\windows\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Manager]
2001-06-14 17:42 53248 ----a-w- c:\progra~1\LEXMAR~1\AcBtnMgr_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Monitor]
2001-10-18 15:25 40960 ----a-w- c:\progra~1\LEXMAR~1\ACMonitor_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-05-02 23:07 53248 -c----w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2003-03-28 22:20 143360 -c--a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2001-07-25 16:00 184376 -c--a-w- c:\program files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
2001-07-25 16:00 241714 -c--a-w- c:\program files\Microsoft Money\System\Activation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
2001-10-25 18:20 36864 ----a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\printray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2002-12-14 14:23 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows auto update]
2003-08-25 17:45 0 -c--a-w- c:\windows\SYSTEM32\msblast.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Starcraft\\starcraft.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2211:TCP"= 2211:TCP:@xpsp2res.dll
"2128:TCP"= 2128:TCP:@xpsp2res.dll
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 crexdgbw;Microsoft RPC API Helper;c:\windows\system32\drivers\lqfbwgno.sys --> c:\windows\system32\drivers\lqfbwgno.sys [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/20/2009 5:56 PM 93320]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/26/2007 12:06 PM 24652]
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\SYSTEM32\DRIVERS\usbscan.sys [8/19/2004 1:38 PM 15104]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
tcfdgrwo
.
Contents of the 'Scheduled Tasks' folder

2009-08-20 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-20 16:22]

2009-08-20 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-20 16:22]

2010-08-06 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-12-14 14:04]

2010-08-06 c:\windows\Tasks\User_Feed_Synchronization-{B29DCEDC-0773-4FEA-9CC2-17D1DA75B21A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {1C855A0E-34AF-4660-A2FD-66A82A57D14B} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-BullsEye Network - c:\program files\BullsEye Network\bin\bargains.exe
MSConfigStartUp-ClrSchLoader - c:\program files\ClearSearch\Loader.exe
MSConfigStartUp-Internet Optimizer - c:\program files\Internet Optimizer\optimize.exe
MSConfigStartUp-IST Service - c:\program files\ISTsvc\istsvc.exe
MSConfigStartUp-NAV Agent - c:\progra~1\NORTON~1\navapw32.exe
MSConfigStartUp-NvCplDaemon - c:\windows\System32\NvCpl.dll
MSConfigStartUp-NvMediaCenter - c:\windows\System32\NVMCTRAY.DLL
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-rb32 lptt01 - c:\program files\rb32\rb32.exe
MSConfigStartUp-Symantec NetDriver Monitor - c:\progra~1\Symantec\LIVEUP~1\SNDMon.EXE
MSConfigStartUp-updater - c:\program files\Common files\updater\wupdater.exe
MSConfigStartUp-UpdateStats - c:\program files\Media\Media\UpdateStats.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
AddRemove-TalonSoft's Divided Ground - c:\program files\TalonSoft\Divided Ground\Uninst.isu
AddRemove-WildTangent CDA - c:\program files\WildTangent\Apps\CDA\CDAUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-06 13:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???X???????????x???????????????????H???P???? ?w? ?w)??p????????(????????U?w????????????0??????w, ?w?M?wW??w???w)??p????????x'@?????????X????????"@?e?????
sr1exe = "c:\documents and settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe" ??????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\crexdgbw]
"ImagePath"="system32\drivers\lqfbwgno.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3324)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\wanmpsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-08-06 13:37:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-06 17:37

Pre-Run: 87,723,692,032 bytes free
Post-Run: 87,623,073,792 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=4 Default=4 Failed=3 LastKnownGood=2 Sets=1,2,3,4
- - End Of File - - ED8BAC188CC45964B6B9641E61ABE68C

Coldplasma819
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2010-07-28
Gender : Male
OS : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Belahzur on Fri Aug 06, 2010 7:53 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C47FAF0-32A4-49C5-8280-82C57AFC5F79}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pioogugq]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows auto update]
    [-HKEY_LOCAL_MACHINE\System\ControlSet004\Services\crexdgbw]

    Driver::
    crexdgbw

    NetSvc::
    tcfdgrwo
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Coldplasma819 on Fri Aug 06, 2010 9:33 pm

ComboFix 10-08-06.01 - Joseph Ferraro 08/06/2010 16:05:30.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.200 [GMT -4:00]
Running from: c:\documents and settings\Joseph Ferraro\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Joseph Ferraro\Desktop\CFScript.txt.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CREXDGBW
-------\Service_crexdgbw


((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-08-05 03:25 . 2010-08-05 03:25 -------- d-----w- c:\documents and settings\Joseph Ferraro\Application Data\Malwarebytes
2010-08-05 03:22 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-05 03:22 . 2010-08-05 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-05 03:22 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-05 03:22 . 2010-08-05 03:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-05 04:40 . 2010-01-17 02:54 -------- d-----w- c:\program files\LimeWire
2010-07-30 13:06 . 2009-08-20 21:48 -------- d-----w- c:\program files\McAfee
2010-07-15 19:18 . 2009-08-20 21:50 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-14 14:31 . 2002-08-29 11:00 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2001-06-20 21:19 . 2001-06-19 21:34 40960 -c--a-w- c:\program files\ACMonitor_X83.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-05-15 245760]
"sr1exe"="c:\documents and settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe" [2003-05-15 106496]
"Lexmark X83 Button Monitor"="c:\progra~1\LEXMAR~1\ACMonitor_X83.exe" [2001-10-18 40960]
"Lexmark X83 Button Manager"="c:\progra~1\LEXMAR~1\AcBtnMgr_X83.exe" [2001-06-14 53248]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2001-10-25 36864]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2002-12-14 26112]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-31 57344]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-31 57344]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2008-05-16 21:56 79872 ------w- c:\windows\SYSTEM32\clbaclb.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 7.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Joseph Ferraro^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\Joseph Ferraro\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-10-02 23:41 684032 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2002-08-15 00:22 28672 -c--a-r- c:\windows\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Manager]
2001-06-14 17:42 53248 ----a-w- c:\progra~1\LEXMAR~1\AcBtnMgr_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Monitor]
2001-10-18 15:25 40960 ----a-w- c:\progra~1\LEXMAR~1\ACMonitor_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-05-02 23:07 53248 -c----w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2003-03-28 22:20 143360 -c--a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2001-07-25 16:00 184376 -c--a-w- c:\program files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
2001-07-25 16:00 241714 -c--a-w- c:\program files\Microsoft Money\System\Activation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
2001-10-25 18:20 36864 ----a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\printray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2002-12-14 14:23 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Starcraft\\starcraft.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2211:TCP"= 2211:TCP:@xpsp2res.dll
"2128:TCP"= 2128:TCP:@xpsp2res.dll
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/20/2009 5:56 PM 93320]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/26/2007 12:06 PM 24652]
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\SYSTEM32\DRIVERS\usbscan.sys [8/19/2004 1:38 PM 15104]
.
Contents of the 'Scheduled Tasks' folder

2009-08-20 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-20 16:22]

2009-08-20 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-20 16:22]

2010-08-06 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-12-14 14:04]

2010-08-06 c:\windows\Tasks\User_Feed_Synchronization-{B29DCEDC-0773-4FEA-9CC2-17D1DA75B21A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {1C855A0E-34AF-4660-A2FD-66A82A57D14B} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-06 16:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???X???????????x???????????????????H???P???? ?w? ?w)??p????????(????????U?w????????????0??????w, ?w?M?wW??w???w)??p????????x'@?????????X????????"@?e?????
sr1exe = "c:\documents and settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe" ??????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3288)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\wanmpsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-08-06 16:36:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-06 20:36
ComboFix2.txt 2010-08-06 17:37

Pre-Run: 87,635,066,880 bytes free
Post-Run: 87,620,300,800 bytes free

- - End Of File - - C2E22530BC7683818912B97F564CA84E

Coldplasma819
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2010-07-28
Gender : Male
OS : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Belahzur on Fri Aug 06, 2010 9:49 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 20
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Coldplasma819 on Fri Aug 06, 2010 11:18 pm

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled\ deleted successfully.

OTL by OldTimer - Version 3.2.9.1 log created on 08062010_191722


Also, Internet Explorer seems to run a bit slow, but not very. Im wondering, could it be because how old this computer is? We got it back in uh... 02 or 01 I believe.

However then again, on my computer I run with Firefox, so maybe im just seeing the difference.

Coldplasma819
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2010-07-28
Gender : Male
OS : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Belahzur on Sat Aug 07, 2010 12:22 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Wait, what?

Post by Coldplasma819 on Sat Aug 07, 2010 12:48 am

Slight problem, whenever I go to run to input that command, "ComboFix /uninstall" I get an error reading the following: Windows cannot find ComboFix. Make sure you typed the name correctly, and then try again.

I also tried "Combo-Fix /uninstall" and got the same error.

Edit: I just noticed, Combofix is no longer on my desktop. Whoa! But then again, earlier, I recieved a notification from McAfee saying it successfully removed a trojan, I didnt get to see it all, but I saw the word Artemis and ComboFix in it. Could McAfee have removed it? I know on my computer it didnt. I dont think theres much to worry about then, right? Its gone either way. Let me think

Coldplasma819
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2010-07-28
Gender : Male
OS : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Belahzur on Sat Aug 07, 2010 2:46 pm

Hello.
Yeah, Mcafee doesn't like Combofix, it's just a false positive, ignore it.

Can you run the ESET scan now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

One last thing...

Post by Coldplasma819 on Sat Aug 07, 2010 5:27 pm

:smile2: Heh, sorry again for the delay, but can you recommend a good anti-virus? The subscription for McAfee just ran out on his computer, and we were talking about leaving it and possibly going to Kapersky? I havent heard much about that anti-virus, I know AVG is good, and I even saw you recommend Avira.

Coldplasma819
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2010-07-28
Gender : Male
OS : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Belahzur on Sat Aug 07, 2010 5:31 pm

Avira is much better than AVG to be honest, AVG is known for lots of false positives and has worst detection rates.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Coldplasma819 on Sat Aug 07, 2010 7:11 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8c1751e5c7574445a47f659febf9bd74
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-08-07 06:43:36
# local_time=2010-08-07 02:43:36 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16776533 100 96 0 33211278 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=93686
# found=5
# cleaned=5
# scan_time=4059
C:\Downloads\ArmyMenRTS-dm[1].exe a variant of Win32/Adware.Trymedia application (cleaned by deleting - quarantined) 96300BCE68FB5477BCFE2104E6299E3C C
C:\Downloads\ArmyMenRTS-dm[2].exe a variant of Win32/Adware.Trymedia application (cleaned by deleting - quarantined) 96300BCE68FB5477BCFE2104E6299E3C C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP614\A0775082.exe a variant of Win32/Adware.Trymedia application (cleaned by deleting - quarantined) 96300BCE68FB5477BCFE2104E6299E3C C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP614\A0775083.exe a variant of Win32/Adware.Trymedia application (cleaned by deleting - quarantined) 96300BCE68FB5477BCFE2104E6299E3C C
C:\WINDOWS\SYSTEM32\DRIVERS\lqfbwgno.sys Win32/Delf.NFO trojan (cleaned by deleting - quarantined) 3F47956275EFDD2556BB20C6FDD70721 C

Coldplasma819
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2010-07-28
Gender : Male
OS : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Belahzur on Sun Aug 08, 2010 7:20 pm

Hello.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.


How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Coldplasma819 on Tue Aug 10, 2010 1:52 am

Better! Much better! However just 10 minutes ago, I ran a malwarebytes quick scan and it came across a Trojan.Vundo. Suspect I removed it ( as far as I know ) and I was prompted to restart my computer, which I did.

Coldplasma819
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2010-07-28
Gender : Male
OS : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Belahzur on Tue Aug 10, 2010 11:52 pm

Can you post the log please? I'd like to know where it detected it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Coldplasma819 on Wed Aug 11, 2010 2:30 am

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4412

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/9/2010 9:41:21 PM
mbam-log-2010-08-09 (21-41-21).txt

Scan type: Quick scan
Objects scanned: 155236
Time elapsed: 11 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\clbaclb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Coldplasma819
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2010-07-28
Gender : Male
OS : Windows Vista Home Premium

View user profile

Back to top Go down

Did a second scan, its gone?

Post by Coldplasma819 on Wed Aug 11, 2010 2:43 am

Its gone? Let me think

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4417

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/10/2010 10:43:15 PM
mbam-log-2010-08-10 (22-43-15).txt

Scan type: Quick scan
Objects scanned: 155841
Time elapsed: 11 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Coldplasma819
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2010-07-28
Gender : Male
OS : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Belahzur on Wed Aug 11, 2010 1:52 pm

Yup, just a leftover file. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Coldplasma819 on Wed Aug 11, 2010 7:47 pm

Alright.

Also, what would you make of this? Today I turned on my computer ( my XPS 420, Vista ) and I was prompted to restart my computer because of windows updates. After the restart, I was unable to bring up Firefox, so I restarted again. I then tried bringing up MBAM, but it wouldnt come up, even though my cursor was at -busy- when on my desktop. After a while I got impatient and restarted again. I then came back on to have to fix my McAfee security settings, (because things were disabled, it randomly does that) and I brought up MBAM again to do a quick scan. Mid-scan however, MBAM froze. The scan took an overall 21 minutes and 16 seconds, however nothing was found. Roger that This is abnormal because updated quick scans finding nothing usually take 6-8 minutes.

Stutter maybe? Or.. what? Let me think

Coldplasma819
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2010-07-28
Gender : Male
OS : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Belahzur on Wed Aug 11, 2010 9:13 pm

Can you run Combofix?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Coldplasma819 on Wed Aug 11, 2010 9:28 pm

I dont have it installed on my computer, (XPS 420, Vista)

I was instructed to remove it during my PC cleaning.

Coldplasma819
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2010-07-28
Gender : Male
OS : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Coldplasma819 on Thu Aug 12, 2010 9:07 pm

I dont quite understand why it does this. I turned my computer on, but it went idle for maybe an hour because I went to do something. When I came back, I started up the game Starcraft II, in which it started freezing. Ok? So I went to desktop and tried bringing up Firefox to come here, I only double clicked firefox once, and I had to wait maybe atleast 3 minutes for it to actually come up. During these "freezes" or wait times, my pc makes a pattern with it's loading sounds, and the little activity light on my PC's tower lights up fully and stays like that.

Here is that little light im talking about, if you dont know:

[You must be registered and logged in to see this link.]

The little cylinder on the left.

Edit: I just did a MBAM quick scan, the updated scan took 7 minutes and 58 seconds, finding nothing. What the heck is goin on? Indifferent or Blank

Coldplasma819
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2010-07-28
Gender : Male
OS : Windows Vista Home Premium

View user profile

Back to top Go down

Topic has changed now to my XPS 420 going slow and freezing. (Vista)

Post by Coldplasma819 on Fri Aug 13, 2010 5:12 am

Ok this is VERY frustrating. Evil or enraged

My computer is going slow, and whenever im on Starcraft II, I freeze often and lose connection to their online, (battle.net).

Just now, I lagged out of battle.net, exited Starcraft and tried coming here to post, but instead it took so long to load the task bar, and it froze, that I tried ctrl alt delt in pure frustration to bring up task manager, in which I went to a black screen where I was met with a window with an error saying, "Logon process has failed to create the security options dialog.

Failure - Security Options"

This has been happening alot lately, and it is becoming very annoying Evil or enraged

Coldplasma819
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2010-07-28
Gender : Male
OS : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Belahzur on Fri Aug 13, 2010 10:01 pm

The slowness could be explained by the lack of memory. This machine only has 512mb of memory, when for computer programs nowadays to run smoothly, you need at least 1gb+


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Should I make a new thread?

Post by Coldplasma819 on Fri Aug 13, 2010 10:24 pm

Sorry if this is confusing. I'm talking about my computer, not my dad's. His is all set, however mine (the XPS 420 Windows Vista) is going slow and freezing. It's even doing it at desktop when nothing is running. My computer goes into a pattern of loading sounds that loop, and I can't bring anything up, including firefox. Sad tearing

My computer is an XPS 420 with Windows Vista Home Premium, and it has 3070MB of Ram.

I had similar problems not too long ago that were caused by adware and a couple trojans, which were removed when I was being helped by Chris (Crush) 2 weeks ago. But MBAM isnt picking up anything now, so I have no idea what the problem could be.

Coldplasma819
Novice
Novice

Status :
Online
Offline

Posts : 46
Joined : 2010-07-28
Gender : Male
OS : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Belahzur on Sat Aug 14, 2010 10:24 pm

Hello.
If this is a different machine than the one we was working on, please open a new topic for it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum