4 Trojan.Vundo.H and 1 Trojan.Vundo

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Coldplasma819 on Thu 05 Aug 2010, 3:03 pm

Keep in mind for the future that this issue is on my dad's computer, A WINDOWS XP SYSTEM.

Hello again! I am back, however this time I am on my dad's older computer. Having used Malwarebytes Anti-Malware in the process of fixing my computer, I thought about installing it on my dad's computer because his was known to run slow. Boy was he infected! After the quick scan was complete, I was prompted to restart, and I did. Below is the log from the Malwarebytes Anti-Malware quick scan:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4391

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/4/2010 11:41:11 PM
mbam-log-2010-08-04 (23-41-11).txt

Scan type: Quick scan
Objects scanned: 155442
Time elapsed: 14 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 11
Files Infected: 249

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5c47faf0-32a4-49c5-8280-82c57afc5f79} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pioogugq (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5c47faf0-32a4-49c5-8280-82c57afc5f79} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\retro64_loader.r64loader (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\retro64_loader.r64loader.1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{450b9e4d-4014-4de3-b34e-014a81468293} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{700016cf-23e4-16cb-9f2e-730a000091e1} (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{288c5f13-7e52-4ada-a32e-f5bf9d125f99} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{288c5f13-7e52-4ada-a32e-f5bf9d125f99} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5c47faf0-32a4-49c5-8280-82c57afc5f79} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ErrorRepairTool (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorRepairTool (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_RUNTIME (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\errorrepairtool (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\Logs (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200 (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\Results (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\Starware(2) (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\Starware(2)\Manager(2) (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Collin Ferraro\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\SYSTEM32\clbaclb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\Logs\2009-03-31 21-26-280.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\filelist.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-0.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-1.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-10.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-100.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-101.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-102.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-103.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-104.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-105.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-106.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-107.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-108.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-109.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-11.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-110.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-111.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-112.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-113.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-114.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-115.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-116.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-117.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-118.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-119.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-12.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-120.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-121.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-122.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-123.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-124.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-125.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-126.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-127.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-128.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-129.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-13.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-130.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-131.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-132.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-133.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-134.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-135.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-136.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-137.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-138.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-139.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-14.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-140.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-141.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-142.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-143.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-144.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-145.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-146.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-147.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-148.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-149.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-15.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-150.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-151.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-152.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-153.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-154.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-155.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-156.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-157.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-158.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-159.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-16.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-160.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-161.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-162.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-163.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-164.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-165.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-166.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-167.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-168.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-169.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-17.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-170.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-171.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-172.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-173.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-174.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-175.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-176.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-177.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-178.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-179.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-18.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-180.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-181.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-182.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-183.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-184.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-185.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-186.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-187.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-188.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-189.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-19.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-190.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-191.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-192.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-193.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-194.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-195.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-196.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-197.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-198.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-199.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-2.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-20.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-200.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-201.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-202.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-203.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-204.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-205.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-206.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-207.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-208.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-209.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-21.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-210.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-211.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-212.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-213.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-214.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-215.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-216.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-217.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-218.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-219.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-22.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-220.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-221.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-222.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-223.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-224.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-225.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-226.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-227.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-228.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-229.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-23.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-230.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-231.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-232.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-233.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-234.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-235.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-236.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-237.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-24.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-25.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-26.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-27.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-28.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-29.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-3.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-30.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-31.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-32.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-33.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-34.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-35.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-36.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-37.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-38.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-39.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-4.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-40.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-41.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-42.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-43.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-44.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-45.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-46.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-47.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-48.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-49.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-5.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-50.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-51.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-52.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-53.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-54.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-55.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-56.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-57.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-58.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-59.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-6.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-60.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-61.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-62.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-63.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-64.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-65.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-66.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-67.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-68.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-69.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-7.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-70.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-71.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-72.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-73.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-74.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-75.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-76.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-77.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-78.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-79.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-8.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-80.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-81.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-82.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-83.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-84.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-85.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-86.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-87.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-88.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-89.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-9.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-90.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-91.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-92.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-93.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-94.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-95.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-96.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-97.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-98.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\QuarantineW\2009-03-31 21-32-200\regb-99.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\Results\Evidence.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\Results\Junk.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\Results\Registry.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\ErrorRepairTool\Results\Update.db (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\Starware(2)\Manager(2)\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Joseph Ferraro\Application Data\Starware(2)\Manager(2)\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\02380600.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\ErrorRepairTool Scan.job (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.

Coldplasma819

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-07-28
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

2nd quick scan after the 1st

Post by Coldplasma819 on Thu 05 Aug 2010, 3:34 pm

I ran another quick scan shortly after the first one, here is the log:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4391

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/5/2010 12:21:13 AM
mbam-log-2010-08-05 (00-21-13).txt

Scan type: Quick scan
Objects scanned: 155194
Time elapsed: 13 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5c47faf0-32a4-49c5-8280-82c57afc5f79} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pioogugq (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5c47faf0-32a4-49c5-8280-82c57afc5f79} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5c47faf0-32a4-49c5-8280-82c57afc5f79} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\SYSTEM32\clbaclb.dll (Trojan.Vundo.H) -> Delete on reboot.

Coldplasma819

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-07-28
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Belahzur on Fri 06 Aug 2010, 7:37 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

OTL.Txt

Post by Coldplasma819 on Fri 06 Aug 2010, 9:09 am

OTL logfile created on: 8/5/2010 5:16:20 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Joseph Ferraro\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 235.00 Mb Available Physical Memory | 46.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.73 Gb Total Space | 81.80 Gb Free Space | 73.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FERRARO
Current User Name: Joseph Ferraro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/05 17:15:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joseph Ferraro\Desktop\OTL.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/12/08 21:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/08 20:22:24 | 005,134,864 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
PRC - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 19:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/11/22 21:58:48 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe
PRC - [2003/05/15 15:22:36 | 000,245,760 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2002/12/14 10:23:21 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2001/11/26 21:54:02 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2001/10/18 11:25:18 | 000,040,960 | ---- | M] (Jetsoft Development Company) -- C:\Program Files\LexmarkX83\ACMonitor_X83.exe
PRC - [2001/06/14 13:42:26 | 000,053,248 | ---- | M] (Jetsoft Development Company) -- C:\Program Files\LexmarkX83\AcBtnMgr_X83.exe


========== Modules (SafeList) ==========

MOD - [2010/08/05 17:15:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joseph Ferraro\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/08 20:22:22 | 000,068,112 | ---- | M] (McAfee) [On_Demand | Stopped] -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/11/22 21:58:48 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/05/03 13:29:42 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel(R)
SRV - [2001/11/26 21:54:02 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/06/13 15:24:13 | 002,155,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2007/04/03 16:14:41 | 000,012,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\lqfbwgno.sys -- (crexdgbw)
DRV - [2007/03/22 13:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\elagopro.sys -- (elagopro)
DRV - [2007/03/22 13:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\elaunidr.sys -- (elaunidr)
DRV - [2005/08/19 03:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/08/19 03:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/03/03 13:53:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/02/23 11:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/01/03 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/12/03 06:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/05/09 17:56:40 | 000,028,276 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2002/12/14 10:23:25 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2002/10/02 19:47:04 | 000,025,674 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/10/02 19:46:58 | 000,030,406 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/10/02 19:46:52 | 000,134,426 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/10/02 19:43:20 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2002/10/02 19:42:00 | 000,240,640 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/09/27 20:56:50 | 000,009,856 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2002/07/19 12:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/06/30 21:50:12 | 000,167,155 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2002/06/30 21:49:46 | 001,172,416 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2002/06/30 21:45:12 | 000,594,832 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2002/05/03 13:30:08 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG)
DRV - [2001/09/27 12:58:20 | 000,028,396 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 15:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_V124.sys -- (V124)
DRV - [2001/08/17 15:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 15:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 15:28:10 | 000,073,279 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SPKP.sys -- (SpeakerPhone)
DRV - [2001/08/17 15:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 15:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 15:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 15:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 15:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 15:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_BSC2.sys -- (basic2)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/27 16:55:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/13 12:44:30 | 000,000,000 | ---D | M]

[2010/01/16 22:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Ferraro\Application Data\Mozilla\Extensions
[2010/01/16 22:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph Ferraro\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2004/08/02 13:44:08 | 000,000,738 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: () - {5C47FAF0-32A4-49C5-8280-82C57AFC5F79} - C:\WINDOWS\SYSTEM32\clbaclb.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Lexmark X83 Button Manager] C:\Program Files\LexmarkX83\AcBtnMgr_X83.exe (Jetsoft Development Company)
O4 - HKLM..\Run: [Lexmark X83 Button Monitor] C:\Program Files\LexmarkX83\ACMonitor_X83.exe (Jetsoft Development Company)
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\printray.exe (Lexmark)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [sr1exe] C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe (Dell)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} [You must be registered and logged in to see this link.] (GameDesire Card Games)
O16 - DPF: {1C855A0E-34AF-4660-A2FD-66A82A57D14B} [You must be registered and logged in to see this link.] (XExcuter Class)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} [You must be registered and logged in to see this link.] (Malicious Software Removal Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} [You must be registered and logged in to see this link.] (ZoneIntro Class)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} [You must be registered and logged in to see this link.] (Toontown Installer ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\pioogugq: DllName - clbaclb.dll - C:\WINDOWS\System32\clbaclb.dll ()
O24 - Desktop Components:0 () - [You must be registered and logged in to see this link.]
O24 - Desktop Components:1 () -
O24 - Desktop Components:2 () - [You must be registered and logged in to see this link.]
O24 - Desktop Components:3 () - [You must be registered and logged in to see this link.]
O24 - Desktop Components:4 () - [You must be registered and logged in to see this link.]
O24 - Desktop Components:5 () - [You must be registered and logged in to see this link.]
O24 - Desktop Components:6 () - [You must be registered and logged in to see this link.]
O24 - Desktop WallPaper: C:\Documents and Settings\Joseph Ferraro\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joseph Ferraro\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk C:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/05 17:15:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joseph Ferraro\Desktop\OTL.exe
[2010/08/04 23:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph Ferraro\Application Data\Malwarebytes
[2010/08/04 23:22:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/04 23:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/04 23:22:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/04 23:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/07 10:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph Ferraro\Desktop\New Folder
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/05 17:15:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joseph Ferraro\Desktop\OTL.exe
[2010/08/05 15:26:12 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/08/05 11:03:06 | 000,018,223 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/08/05 11:02:53 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/08/05 11:00:08 | 000,000,020 | ---- | M] () -- C:\WINDOWS\ACMonitor_X83.ini
[2010/08/05 10:59:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/05 10:59:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/08/05 10:59:50 | 535,896,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/05 00:42:10 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\Joseph Ferraro\ntuser.dat
[2010/08/05 00:42:10 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Joseph Ferraro\NTUSER.INI
[2010/08/04 23:22:52 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/04 22:52:53 | 000,000,244 | ---- | M] () -- C:\Documents and Settings\Joseph Ferraro\Desktop\craigslist binghamton classifieds for jobs, apartments, personals, for sale, services, community, and events.url
[2010/08/04 20:13:06 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B29DCEDC-0773-4FEA-9CC2-17D1DA75B21A}.job
[2010/07/27 02:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/21 12:34:37 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Joseph Ferraro\My Documents\401k request.doc
[2010/07/20 23:12:16 | 001,636,322 | -H-- | M] () -- C:\Documents and Settings\Joseph Ferraro\Local Settings\Application Data\IconCache.db
[2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/07/15 09:03:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/15 08:58:24 | 000,000,855 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/07/07 17:53:33 | 000,000,479 | ---- | M] () -- C:\Documents and Settings\Joseph Ferraro\Desktop\Power Commander 3 Usb.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2100/04/01 18:22:34 | 000,000,193 | ---- | C] () -- C:\WINDOWS\X83_DS.ini
[2100/02/24 15:15:04 | 000,000,821 | ---- | C] () -- C:\WINDOWS\Lexmark_ICM.ini
[2100/02/16 17:09:06 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\LXASUSCI.INI
[2010/08/04 23:22:52 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/04 22:52:53 | 000,000,244 | ---- | C] () -- C:\Documents and Settings\Joseph Ferraro\Desktop\craigslist binghamton classifieds for jobs, apartments, personals, for sale, services, community, and events.url
[2010/07/21 12:34:36 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Joseph Ferraro\My Documents\401k request.doc
[2010/07/07 17:53:33 | 000,000,479 | ---- | C] () -- C:\Documents and Settings\Joseph Ferraro\Desktop\Power Commander 3 Usb.lnk
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/01/30 22:02:38 | 000,054,608 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2007/05/04 20:10:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2007/04/21 18:46:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/04/12 10:41:53 | 000,001,224 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/04/06 13:49:53 | 000,114,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\WENCRNT4.sys
[2007/03/20 11:45:01 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\clbaclb.dll
[2007/03/20 11:45:00 | 000,012,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lqfbwgno.sys
[2006/07/25 15:25:33 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/04/19 08:45:38 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/18 11:05:43 | 000,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll
[2006/03/18 11:05:43 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll
[2006/03/18 11:05:43 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll
[2006/03/18 11:05:43 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2006/02/16 09:35:23 | 000,000,020 | ---- | C] () -- C:\WINDOWS\ACMonitor_X83.ini
[2006/01/25 19:51:30 | 000,000,194 | ---- | C] () -- C:\WINDOWS\X83_DS(2).ini
[2005/04/16 13:42:21 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/04/09 20:58:21 | 000,000,035 | ---- | C] () -- C:\WINDOWS\WorldBuilder.INI
[2005/01/27 18:29:40 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/04 08:47:56 | 000,000,120 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2004/08/04 03:56:42 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 03:56:42 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 03:56:42 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 03:56:42 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 03:56:42 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2003/11/20 18:31:09 | 000,000,231 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/11/20 18:31:07 | 000,000,108 | ---- | C] () -- C:\WINDOWS\ka.ini
[2003/08/31 14:09:08 | 000,000,157 | ---- | C] () -- C:\WINDOWS\disney.ini
[2003/08/31 14:09:00 | 000,000,187 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2003/03/30 16:37:21 | 000,000,078 | ---- | C] () -- C:\WINDOWS\TONKA.INI
[2003/02/09 17:24:56 | 000,002,369 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/12/30 20:31:07 | 000,000,078 | ---- | C] () -- C:\WINDOWS\psuite.ini
[2002/12/30 20:04:22 | 000,004,672 | ---- | C] () -- C:\WINDOWS\System32\LXASUSCI.DLL
[2002/12/14 10:26:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/12/14 10:12:37 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/12/14 09:53:04 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/09 10:32:16 | 000,000,784 | ---- | C] () -- C:\WINDOWS\LRUN32.INI
[2002/09/09 10:28:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/02/06 11:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 17:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2001/10/25 14:20:09 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXASICO.DLL
[2001/10/25 14:20:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\LXASBCE.DLL
[2001/10/25 14:20:08 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/01/05 14:34:30 | 000,016,812 | ---- | C] () -- C:\WINDOWS\System32\lxas2kpm.dll
[2001/01/05 13:08:02 | 000,008,427 | ---- | C] () -- C:\WINDOWS\System32\lxas2kui.dll
[2000/10/24 10:08:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/10/24 10:08:33 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
< End of report >

Coldplasma819

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-07-28
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Extras.Txt

Post by Coldplasma819 on Fri 06 Aug 2010, 9:11 am

OTL Extras logfile created on: 8/5/2010 5:16:20 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Joseph Ferraro\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 235.00 Mb Available Physical Memory | 46.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.73 Gb Total Space | 81.80 Gb Free Space | 73.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FERRARO
Current User Name: Joseph Ferraro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2211:TCP" = 2211:TCP:*:Enabled:@xpsp2res.dll
"2128:TCP" = 2128:TCP:*:Enabled:@xpsp2res.dll
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Starcraft\starcraft.exe" = C:\Program Files\Starcraft\starcraft.exe:*:Disabled:Starcraft -- (Blizzard Entertainment)
"C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\game.dat" = C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\game.dat:*:Disabled:game -- ()
"C:\Program Files\GameHouse\Ricochet\Ricochet.exe" = C:\Program Files\GameHouse\Ricochet\Ricochet.exe:*:Disabled:Ricochet -- File not found
"C:\Program Files\Yahoo! Games\Final Drive Nitro\Racing.exe" = C:\Program Files\Yahoo! Games\Final Drive Nitro\Racing.exe:*:Disabled:Racing -- File not found
"C:\Program Files\City Interactive\WWII Pacific Heroes\pacific.exe" = C:\Program Files\City Interactive\WWII Pacific Heroes\pacific.exe:*:Disabled:pacific -- File not found
"C:\Program Files\Yahoo! Games\Phoenix Assault\Phoenix.exe" = C:\Program Files\Yahoo! Games\Phoenix Assault\Phoenix.exe:*:Disabled:Phoenix Assault -- File not found
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Kazaa\kazaa.exe" = C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa -- File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine -- File not found
"C:\Program Files\PANZERS - Phase2\Run\PANZERS_PHASE_2.EXE" = C:\Program Files\PANZERS - Phase2\Run\PANZERS_PHASE_2.EXE:*:Enabled:Codename Panzers Phase 2 -- File not found
"C:\Program Files\Microsoft Games\Halo Trial\halo.exe" = C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Disabled:Halo -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Halo\halo.exe" = C:\Program Files\Microsoft Games\Halo\halo.exe:*:Disabled:Halo -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Halo Custom Edition\haloce.exe" = C:\Program Files\Microsoft Games\Halo Custom Edition\haloce.exe:*:Disabled:Halo -- File not found
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Disabled:CoD2MP_s -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\UT2004Demo\System\UT2004.exe" = C:\UT2004Demo\System\UT2004.exe:*:Enabled:UT2004 -- File not found
"C:\Documents and Settings\Joseph Ferraro\Local Settings\Temporary Internet Files\Content.IE5\O1EFGHUJ\wowclient-downloader[1].exe" = C:\Documents and Settings\Joseph Ferraro\Local Settings\Temporary Internet Files\Content.IE5\O1EFGHUJ\wowclient-downloader[1].exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Documents and Settings\Joseph Ferraro\Local Settings\Temporary Internet Files\Content.IE5\0X2FGHMN\wowclient-downloader[1].exe" = C:\Documents and Settings\Joseph Ferraro\Local Settings\Temporary Internet Files\Content.IE5\0X2FGHMN\wowclient-downloader[1].exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Documents and Settings\Joseph Ferraro\Local Settings\Temp\Temporary Internet Files\Content.IE5\8XANO1QF\Office_Space.avi-downloader[1].exe" = C:\Documents and Settings\Joseph Ferraro\Local Settings\Temp\Temporary Internet Files\Content.IE5\8XANO1QF\Office_Space.avi-downloader[1].exe:*:Disabled:Blizzard Downloader -- File not found
"C:\World of Warcraft\BackgroundDownloader.exe" = C:\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Disabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Disabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe:*:Disabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe:*:Disabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe:*:Disabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Disabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Disabled:Blizzard Downloader -- File not found
"C:\WINDOWS\SYSTEM32\jkirsyie.exe" = C:\WINDOWS\SYSTEM32\jkirsyie.exe:*:Disabled:jkirsyie -- File not found
"C:\WINDOWS\system32\sysvx.exe" = C:\WINDOWS\system32\sysvx.exe:*:Enabled:enable -- File not found
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoWTest\WoW-0.2.0.7175-to-0.2.0.7187-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoWTest\WoW-0.2.0.7175-to-0.2.0.7187-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\UT2004\System\UT2004.exe" = C:\UT2004\System\UT2004.exe:*:Enabled:UT2004 -- File not found
"C:\Program Files\World of Warcraft\Repair.exe" = C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility -- File not found
"C:\Program Files\THQ\DarkCrusade\DarkCrusade.exe" = C:\Program Files\THQ\DarkCrusade\DarkCrusade.exe:*:Disabled:DarkCrusade -- File not found
"C:\Program Files\THQ\Dawn Of War\W40kWA.exe" = C:\Program Files\THQ\Dawn Of War\W40kWA.exe:*:Disabled:W40kWA -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel(R) PROSet II
"{04D8BFCA-5A75-45E1-9F74-A7E4405EAE28}" = ATI Catalyst Control Center
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Dell Modem-On-Hold
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55BC7EFA-D832-4EE3-9DEA-49B0C07539D9}" =
"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = MyDVD
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88A77307-828D-45AD-90A2-E018228B097F}" = Operation Blockade
"{88D5B052-13BF-44FE-8C17-AC416B323BFE}" = UT2004 Editor's Choice Edition Mod Installer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}" = HP Photosmart and Deskjet 7.0.A
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DCDC8E79-4600-4C02-9824-CD3BB8971D4E}" =
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}" = HLPCCTR
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL
"3DGroove" = 3D Groove Playback Engine
"Ad-aware 6 Personal" = Ad-aware 6 Personal
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"All ATI Software" = ATI - Software Uninstall Utility
"America Online us" = America Online
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0" = Conexant HSF V92 56K RTAD Speakerphone PCI Modem
"Cubis Gold" = Cubis Gold
"CursorCafeInstaller" = CursorCafe Installer
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"GameSpy Arcade" = GameSpy Arcade
"Halo" = Microsoft Halo
"Halo Trial" = Microsoft Halo Trial
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"Lexmark X83" = Lexmark X83
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MGI_PHOTOSUITE_V806" = MGI PhotoSuite 8.1 (Remove Only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Microsoft Press Interactive Training" = Microsoft Interactive Training
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Power Commander 3 Usb_is1" = Power Commander Control Center 3.2.0 (Test Build 1)
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer Basic
"Red Alert 2" = Command & Conquer Red Alert 2
"RogueRemover" = RogueRemover 1.18
"Roguescanfix_is1" = Roguescanfix 1.5
"SecurityScan_is1" = Winferno Security Scan
"Shockwave" = Shockwave
"Starcraft" = Starcraft
"TalonSoft's Divided Ground" = TalonSoft's Divided Ground
"Tiberian Sun" = Command & Conquer Tiberian Sun
"Unlocker" = Unlocker 1.7.2
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Winter 3D Screensaver_is1" = Winter 3D Screensaver 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/11/2010 6:07:08 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/11/2010 6:07:09 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/11/2010 6:07:09 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/11/2010 6:07:52 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/11/2010 6:07:52 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/3/2010 8:04:04 PM | Computer Name = FERRARO | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3296 (0xce0) Thread address : 0x12026890 Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\PROGRAM FILES\MCAFEE\MSC\MCSYNC.EXE

by System 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0)

5004(0)(0)

Error - 8/3/2010 9:19:15 PM | Computer Name = FERRARO | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x20000000.

Error - 8/5/2010 11:12:58 AM | Computer Name = FERRARO | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/5/2010 11:12:58 AM | Computer Name = FERRARO | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/5/2010 11:12:58 AM | Computer Name = FERRARO | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.


< End of report >

Coldplasma819

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-07-28
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Belahzur on Fri 06 Aug 2010, 10:09 am

Hello.
Nasty piece of malware you got there, not nicw.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Combo-Fix log

Post by Coldplasma819 on Sat 07 Aug 2010, 4:45 am

ComboFix 10-08-06.01 - Joseph Ferraro 08/06/2010 13:03:28.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.213 [GMT -4:00]
Running from: c:\documents and settings\Joseph Ferraro\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Collin Ferraro\error.log
c:\documents and settings\Joseph Ferraro\Application Data\Install.dat
c:\documents and settings\Joseph Ferraro\err.log
c:\windows\inf\dm.inf
c:\windows\inf\dm.PNF
c:\windows\Readme.txt
c:\windows\securea.html
c:\windows\system32\fonts
c:\windows\system32\fonts\ACADEMY_.PFB
c:\windows\system32\fonts\ACADEMY_.PFM
c:\windows\system32\fonts\ACADEMY_.TTF
c:\windows\system32\stera.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EXAMPLE
-------\Legacy_NDNET1


((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-08-05 03:25 . 2010-08-05 03:25 -------- d-----w- c:\documents and settings\Joseph Ferraro\Application Data\Malwarebytes
2010-08-05 03:22 . 2010-08-05 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-05 04:40 . 2010-01-17 02:54 -------- d-----w- c:\program files\LimeWire
2010-08-05 03:22 . 2010-08-05 03:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 22:32 . 2010-08-04 22:32 503808 ----a-w- c:\documents and settings\Joseph Ferraro\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-32145211-n\msvcp71.dll
2010-08-04 22:32 . 2010-08-04 22:32 12800 ----a-w- c:\documents and settings\Joseph Ferraro\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6971a8d6-n\decora-d3d.dll
2010-08-04 22:32 . 2010-08-04 22:32 499712 ----a-w- c:\documents and settings\Joseph Ferraro\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-32145211-n\jmc.dll
2010-08-04 22:32 . 2010-08-04 22:32 61440 ----a-w- c:\documents and settings\Joseph Ferraro\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6971a8d6-n\decora-sse.dll
2010-08-04 22:32 . 2010-08-04 22:32 348160 ----a-w- c:\documents and settings\Joseph Ferraro\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-32145211-n\msvcr71.dll
2010-07-30 13:06 . 2009-08-20 21:48 -------- d-----w- c:\program files\McAfee
2010-07-15 19:18 . 2009-08-20 21:50 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-14 14:31 . 2002-08-29 11:00 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-05-26 22:32 . 2010-05-26 22:32 503808 -c--a-w- c:\documents and settings\Joseph Ferraro\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7edf3228-n\msvcp71.dll
2010-05-26 22:32 . 2010-05-26 22:32 499712 -c--a-w- c:\documents and settings\Joseph Ferraro\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7edf3228-n\jmc.dll
2010-05-26 22:32 . 2010-05-26 22:32 348160 -c--a-w- c:\documents and settings\Joseph Ferraro\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7edf3228-n\msvcr71.dll
2010-05-26 22:32 . 2010-05-26 22:32 12800 -c--a-w- c:\documents and settings\Joseph Ferraro\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-35e1f059-n\decora-d3d.dll
2010-05-26 22:32 . 2010-05-26 22:32 61440 -c--a-w- c:\documents and settings\Joseph Ferraro\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-35e1f059-n\decora-sse.dll
2001-06-20 21:19 . 2001-06-19 21:34 40960 -c--a-w- c:\program files\ACMonitor_X83.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C47FAF0-32A4-49C5-8280-82C57AFC5F79}]
2008-05-16 21:56 79872 ------w- c:\windows\SYSTEM32\clbaclb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-05-15 245760]
"sr1exe"="c:\documents and settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe" [2003-05-15 106496]
"Lexmark X83 Button Monitor"="c:\progra~1\LEXMAR~1\ACMonitor_X83.exe" [2001-10-18 40960]
"Lexmark X83 Button Manager"="c:\progra~1\LEXMAR~1\AcBtnMgr_X83.exe" [2001-06-14 53248]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2001-10-25 36864]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2002-12-14 26112]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-31 57344]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-31 57344]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2008-05-16 21:56 79872 ------w- c:\windows\SYSTEM32\clbaclb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pioogugq]
2008-05-16 21:56 79872 ------w- c:\windows\SYSTEM32\clbaclb.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 7.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Joseph Ferraro^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\Joseph Ferraro\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-10-02 23:41 684032 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2002-08-15 00:22 28672 -c--a-r- c:\windows\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Manager]
2001-06-14 17:42 53248 ----a-w- c:\progra~1\LEXMAR~1\AcBtnMgr_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Monitor]
2001-10-18 15:25 40960 ----a-w- c:\progra~1\LEXMAR~1\ACMonitor_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-05-02 23:07 53248 -c----w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2003-03-28 22:20 143360 -c--a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2001-07-25 16:00 184376 -c--a-w- c:\program files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
2001-07-25 16:00 241714 -c--a-w- c:\program files\Microsoft Money\System\Activation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
2001-10-25 18:20 36864 ----a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\printray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2002-12-14 14:23 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows auto update]
2003-08-25 17:45 0 -c--a-w- c:\windows\SYSTEM32\msblast.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Starcraft\\starcraft.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2211:TCP"= 2211:TCP:@xpsp2res.dll
"2128:TCP"= 2128:TCP:@xpsp2res.dll
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 crexdgbw;Microsoft RPC API Helper;c:\windows\system32\drivers\lqfbwgno.sys --> c:\windows\system32\drivers\lqfbwgno.sys [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/20/2009 5:56 PM 93320]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/26/2007 12:06 PM 24652]
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\SYSTEM32\DRIVERS\usbscan.sys [8/19/2004 1:38 PM 15104]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
tcfdgrwo
.
Contents of the 'Scheduled Tasks' folder

2009-08-20 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-20 16:22]

2009-08-20 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-20 16:22]

2010-08-06 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-12-14 14:04]

2010-08-06 c:\windows\Tasks\User_Feed_Synchronization-{B29DCEDC-0773-4FEA-9CC2-17D1DA75B21A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {1C855A0E-34AF-4660-A2FD-66A82A57D14B} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-BullsEye Network - c:\program files\BullsEye Network\bin\bargains.exe
MSConfigStartUp-ClrSchLoader - c:\program files\ClearSearch\Loader.exe
MSConfigStartUp-Internet Optimizer - c:\program files\Internet Optimizer\optimize.exe
MSConfigStartUp-IST Service - c:\program files\ISTsvc\istsvc.exe
MSConfigStartUp-NAV Agent - c:\progra~1\NORTON~1\navapw32.exe
MSConfigStartUp-NvCplDaemon - c:\windows\System32\NvCpl.dll
MSConfigStartUp-NvMediaCenter - c:\windows\System32\NVMCTRAY.DLL
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-rb32 lptt01 - c:\program files\rb32\rb32.exe
MSConfigStartUp-Symantec NetDriver Monitor - c:\progra~1\Symantec\LIVEUP~1\SNDMon.EXE
MSConfigStartUp-updater - c:\program files\Common files\updater\wupdater.exe
MSConfigStartUp-UpdateStats - c:\program files\Media\Media\UpdateStats.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
AddRemove-TalonSoft's Divided Ground - c:\program files\TalonSoft\Divided Ground\Uninst.isu
AddRemove-WildTangent CDA - c:\program files\WildTangent\Apps\CDA\CDAUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-06 13:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???X???????????x???????????????????H???P???? ?w? ?w)??p????????(????????U?w????????????0??????w, ?w?M?wW??w???w)??p????????x'@?????????X????????"@?e?????
sr1exe = "c:\documents and settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe" ??????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\crexdgbw]
"ImagePath"="system32\drivers\lqfbwgno.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3324)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\wanmpsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-08-06 13:37:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-06 17:37

Pre-Run: 87,723,692,032 bytes free
Post-Run: 87,623,073,792 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=4 Default=4 Failed=3 LastKnownGood=2 Sets=1,2,3,4
- - End Of File - - ED8BAC188CC45964B6B9641E61ABE68C

Coldplasma819

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-07-28
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Belahzur on Sat 07 Aug 2010, 6:53 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C47FAF0-32A4-49C5-8280-82C57AFC5F79}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pioogugq]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows auto update]
    [-HKEY_LOCAL_MACHINE\System\ControlSet004\Services\crexdgbw]

    Driver::
    crexdgbw

    NetSvc::
    tcfdgrwo
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Coldplasma819 on Sat 07 Aug 2010, 8:33 am

ComboFix 10-08-06.01 - Joseph Ferraro 08/06/2010 16:05:30.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.200 [GMT -4:00]
Running from: c:\documents and settings\Joseph Ferraro\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Joseph Ferraro\Desktop\CFScript.txt.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CREXDGBW
-------\Service_crexdgbw


((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-08-05 03:25 . 2010-08-05 03:25 -------- d-----w- c:\documents and settings\Joseph Ferraro\Application Data\Malwarebytes
2010-08-05 03:22 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-05 03:22 . 2010-08-05 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-05 03:22 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-05 03:22 . 2010-08-05 03:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-05 04:40 . 2010-01-17 02:54 -------- d-----w- c:\program files\LimeWire
2010-07-30 13:06 . 2009-08-20 21:48 -------- d-----w- c:\program files\McAfee
2010-07-15 19:18 . 2009-08-20 21:50 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-14 14:31 . 2002-08-29 11:00 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2001-06-20 21:19 . 2001-06-19 21:34 40960 -c--a-w- c:\program files\ACMonitor_X83.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-05-15 245760]
"sr1exe"="c:\documents and settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe" [2003-05-15 106496]
"Lexmark X83 Button Monitor"="c:\progra~1\LEXMAR~1\ACMonitor_X83.exe" [2001-10-18 40960]
"Lexmark X83 Button Manager"="c:\progra~1\LEXMAR~1\AcBtnMgr_X83.exe" [2001-06-14 53248]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2001-10-25 36864]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2002-12-14 26112]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-31 57344]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-31 57344]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2008-05-16 21:56 79872 ------w- c:\windows\SYSTEM32\clbaclb.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 7.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Joseph Ferraro^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\Joseph Ferraro\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-10-02 23:41 684032 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2002-08-15 00:22 28672 -c--a-r- c:\windows\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Manager]
2001-06-14 17:42 53248 ----a-w- c:\progra~1\LEXMAR~1\AcBtnMgr_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Monitor]
2001-10-18 15:25 40960 ----a-w- c:\progra~1\LEXMAR~1\ACMonitor_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-05-02 23:07 53248 -c----w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2003-03-28 22:20 143360 -c--a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2001-07-25 16:00 184376 -c--a-w- c:\program files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
2001-07-25 16:00 241714 -c--a-w- c:\program files\Microsoft Money\System\Activation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
2001-10-25 18:20 36864 ----a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\printray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2002-12-14 14:23 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Starcraft\\starcraft.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2211:TCP"= 2211:TCP:@xpsp2res.dll
"2128:TCP"= 2128:TCP:@xpsp2res.dll
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/20/2009 5:56 PM 93320]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/26/2007 12:06 PM 24652]
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\SYSTEM32\DRIVERS\usbscan.sys [8/19/2004 1:38 PM 15104]
.
Contents of the 'Scheduled Tasks' folder

2009-08-20 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-20 16:22]

2009-08-20 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-20 16:22]

2010-08-06 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-12-14 14:04]

2010-08-06 c:\windows\Tasks\User_Feed_Synchronization-{B29DCEDC-0773-4FEA-9CC2-17D1DA75B21A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {1C855A0E-34AF-4660-A2FD-66A82A57D14B} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-06 16:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???X???????????x???????????????????H???P???? ?w? ?w)??p????????(????????U?w????????????0??????w, ?w?M?wW??w???w)??p????????x'@?????????X????????"@?e?????
sr1exe = "c:\documents and settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe" ??????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3288)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\wanmpsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-08-06 16:36:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-06 20:36
ComboFix2.txt 2010-08-06 17:37

Pre-Run: 87,635,066,880 bytes free
Post-Run: 87,620,300,800 bytes free

- - End Of File - - C2E22530BC7683818912B97F564CA84E

Coldplasma819

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-07-28
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Belahzur on Sat 07 Aug 2010, 8:49 am

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 20
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Coldplasma819 on Sat 07 Aug 2010, 10:18 am

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled\ deleted successfully.

OTL by OldTimer - Version 3.2.9.1 log created on 08062010_191722


Also, Internet Explorer seems to run a bit slow, but not very. Im wondering, could it be because how old this computer is? We got it back in uh... 02 or 01 I believe.

However then again, on my computer I run with Firefox, so maybe im just seeing the difference.

Coldplasma819

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-07-28
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Belahzur on Sat 07 Aug 2010, 11:22 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Wait, what?

Post by Coldplasma819 on Sat 07 Aug 2010, 11:48 am

Slight problem, whenever I go to run to input that command, "ComboFix /uninstall" I get an error reading the following: Windows cannot find ComboFix. Make sure you typed the name correctly, and then try again.

I also tried "Combo-Fix /uninstall" and got the same error.

Edit: I just noticed, Combofix is no longer on my desktop. But then again, earlier, I recieved a notification from McAfee saying it successfully removed a trojan, I didnt get to see it all, but I saw the word Artemis and ComboFix in it. Could McAfee have removed it? I know on my computer it didnt. I dont think theres much to worry about then, right? Its gone either way.

Coldplasma819

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-07-28
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Belahzur on Sun 08 Aug 2010, 1:46 am

Hello.
Yeah, Mcafee doesn't like Combofix, it's just a false positive, ignore it.

Can you run the ESET scan now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

One last thing...

Post by Coldplasma819 on Sun 08 Aug 2010, 4:27 am

Heh, sorry again for the delay, but can you recommend a good anti-virus? The subscription for McAfee just ran out on his computer, and we were talking about leaving it and possibly going to Kapersky? I havent heard much about that anti-virus, I know AVG is good, and I even saw you recommend Avira.

Coldplasma819

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-07-28
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Belahzur on Sun 08 Aug 2010, 4:31 am

Avira is much better than AVG to be honest, AVG is known for lots of false positives and has worst detection rates.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Coldplasma819 on Sun 08 Aug 2010, 6:11 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8c1751e5c7574445a47f659febf9bd74
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-08-07 06:43:36
# local_time=2010-08-07 02:43:36 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16776533 100 96 0 33211278 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=93686
# found=5
# cleaned=5
# scan_time=4059
C:\Downloads\ArmyMenRTS-dm[1].exe a variant of Win32/Adware.Trymedia application (cleaned by deleting - quarantined) 96300BCE68FB5477BCFE2104E6299E3C C
C:\Downloads\ArmyMenRTS-dm[2].exe a variant of Win32/Adware.Trymedia application (cleaned by deleting - quarantined) 96300BCE68FB5477BCFE2104E6299E3C C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP614\A0775082.exe a variant of Win32/Adware.Trymedia application (cleaned by deleting - quarantined) 96300BCE68FB5477BCFE2104E6299E3C C
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP614\A0775083.exe a variant of Win32/Adware.Trymedia application (cleaned by deleting - quarantined) 96300BCE68FB5477BCFE2104E6299E3C C
C:\WINDOWS\SYSTEM32\DRIVERS\lqfbwgno.sys Win32/Delf.NFO trojan (cleaned by deleting - quarantined) 3F47956275EFDD2556BB20C6FDD70721 C

Coldplasma819

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-07-28
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Belahzur on Mon 09 Aug 2010, 6:20 am

Hello.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.


How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Coldplasma819 on Tue 10 Aug 2010, 12:52 pm

Better! Much better! However just 10 minutes ago, I ran a malwarebytes quick scan and it came across a Trojan.Vundo. I removed it ( as far as I know ) and I was prompted to restart my computer, which I did.

Coldplasma819

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-07-28
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Belahzur on Wed 11 Aug 2010, 10:52 am

Can you post the log please? I'd like to know where it detected it.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Coldplasma819 on Wed 11 Aug 2010, 1:30 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4412

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/9/2010 9:41:21 PM
mbam-log-2010-08-09 (21-41-21).txt

Scan type: Quick scan
Objects scanned: 155236
Time elapsed: 11 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\clbaclb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Coldplasma819

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-07-28
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Did a second scan, its gone?

Post by Coldplasma819 on Wed 11 Aug 2010, 1:43 pm

Its gone?

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4417

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/10/2010 10:43:15 PM
mbam-log-2010-08-10 (22-43-15).txt

Scan type: Quick scan
Objects scanned: 155841
Time elapsed: 11 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Coldplasma819

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-07-28
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Belahzur on Thu 12 Aug 2010, 12:52 am

Yup, just a leftover file.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Coldplasma819 on Thu 12 Aug 2010, 6:47 am

Alright.

Also, what would you make of this? Today I turned on my computer ( my XPS 420, Vista ) and I was prompted to restart my computer because of windows updates. After the restart, I was unable to bring up Firefox, so I restarted again. I then tried bringing up MBAM, but it wouldnt come up, even though my cursor was at -busy- when on my desktop. After a while I got impatient and restarted again. I then came back on to have to fix my McAfee security settings, (because things were disabled, it randomly does that) and I brought up MBAM again to do a quick scan. Mid-scan however, MBAM froze. The scan took an overall 21 minutes and 16 seconds, however nothing was found. This is abnormal because updated quick scans finding nothing usually take 6-8 minutes.

Stutter maybe? Or.. what?

Coldplasma819

Newbie Surfer
Newbie Surfer

Posts : 46
Joined : 2010-07-28
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Belahzur on Thu 12 Aug 2010, 8:13 am

Can you run Combofix?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: 4 Trojan.Vundo.H and 1 Trojan.Vundo

Post by Sponsored content Today at 1:16 pm


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum