y.exe virus all over my computers!

View previous topic View next topic Go down

y.exe virus all over my computers!

Post by exti047 on Wed Aug 18, 2010 11:25 am

More y.exe woes. Don't know where this is coming from but on this computer it seems to effect the audio of the computer. It does not play an annoying song but deactivates the audio and slows my internet connection down.

Many thanks for any assistance and/or advice how to avoid in the future.

Thanks.

OTL Log


OTL logfile created on: 18/08/2010 11:40:01 p.m. - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\ilamadmin01\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 219.83 Gb Free Space | 73.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 220.00 Gb Total Space | 185.61 Gb Free Space | 84.37% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive J: | 220.00 Gb Total Space | 185.61 Gb Free Space | 84.37% Space Free | Partition Type: NTFS
Drive K: | 220.00 Gb Total Space | 185.61 Gb Free Space | 84.37% Space Free | Partition Type: NTFS
Drive L: | 220.00 Gb Total Space | 185.61 Gb Free Space | 84.37% Space Free | Partition Type: NTFS
Drive M: | 40.00 Gb Total Space | 17.20 Gb Free Space | 42.99% Space Free | Partition Type: NTFS
Drive S: | 220.00 Gb Total Space | 185.61 Gb Free Space | 84.37% Space Free | Partition Type: NTFS
Drive T: | 220.00 Gb Total Space | 185.61 Gb Free Space | 84.37% Space Free | Partition Type: NTFS

Computer Name: AH-ILAMADMIN01
Current User Name: ilamadmin01
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/18 23:15:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ilamadmin01\Desktop\OTL.com
PRC - [2010/08/16 08:29:51 | 000,060,928 | ---- | M] () -- C:\Program Files\Internet Explorer\y.exe
PRC - [2010/07/05 07:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/12/11 09:26:04 | 000,106,496 | ---- | M] () -- c:\Program Files\HIMSA\Noah Database Tools\NOAHDatabaseSchedulerService.exe
PRC - [2009/12/11 09:25:12 | 000,065,536 | ---- | M] (Himsa A/S) -- C:\Program Files\HIMSA\Noah Database Tools\NoahDatabaseTrayMenu.exe
PRC - [2009/12/11 09:00:12 | 000,020,480 | ---- | M] (HIMSA A/S) -- C:\Program Files\HIMSA\NOAH System\ExecutableFiles\NSAFiles\DBServerHostSvc.exe
PRC - [2009/11/13 14:38:51 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/05/27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/11/24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/29 23:23:56 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2007/03/26 08:54:58 | 000,212,992 | ---- | M] (PFU LIMITED) -- C:\Program Files\PFU\Error Recovery Guide\FTErGuid.exe
PRC - [2007/03/08 15:25:32 | 000,131,072 | ---- | M] (FUJITSU LIMITED) -- C:\WINDOWS\twain_32\Fjscan32\FjtwMkup.exe
PRC - [2007/03/08 15:23:04 | 000,045,056 | ---- | M] (PFU LIMITED) -- C:\WINDOWS\twain_32\Fjscan32\FJTWMKSV.exe
PRC - [2007/03/08 12:24:20 | 000,212,992 | ---- | M] (PFU LIMITED) -- C:\WINDOWS\twain_32\Fjscan32\SOP\FtLnSOP.exe
PRC - [2006/11/29 21:37:20 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2005/12/07 13:00:00 | 000,043,520 | ---- | M] (Sybase, Inc.) -- c:\unity\u5app\ASA\win32\dbeng7.exe
PRC - [2005/10/05 11:00:44 | 000,053,248 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
PRC - [2005/10/05 11:00:06 | 000,065,536 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
PRC - [2002/12/17 16:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$PHONAKGROUPDB\Binn\sqlservr.exe
PRC - [2002/12/17 16:23:32 | 000,074,308 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
PRC - [2002/04/12 12:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSVC01A.EXE
PRC - [2001/12/13 12:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSS01A.EXE


========== Modules (SafeList) ==========

MOD - [2010/08/18 23:15:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ilamadmin01\Desktop\OTL.com
MOD - [2010/07/05 09:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2008/07/25 10:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/11/29 21:41:44 | 000,077,824 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/11 09:26:04 | 000,106,496 | ---- | M] () [Auto | Running] -- c:\Program Files\HIMSA\Noah Database Tools\NOAHDatabaseSchedulerService.exe -- (NOAHDatabaseSchedulerService)
SRV - [2009/12/11 09:00:12 | 000,020,480 | ---- | M] (HIMSA A/S) [Auto | Running] -- C:\Program Files\HIMSA\NOAH System\ExecutableFiles\NSAFiles\DBServerHostSvc.exe -- (NOAHDatabaseServerHost)
SRV - [2009/05/27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$HIMSA) SQL Server (HIMSA)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/11/24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 21:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/03/08 15:23:04 | 000,045,056 | ---- | M] (PFU LIMITED) [Auto | Running] -- C:\WINDOWS\twain_32\Fjscan32\FJTWMKSV.exe -- (FJTWMKSV)
SRV - [2005/10/05 11:00:06 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Logitech\Easy Synchronization\servicestub.exe -- (Logitech Easy Synchronization)
SRV - [2002/12/17 16:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$PHONAKGROUPDB\Binn\sqlservr.exe -- (MSSQL$PHONAKGROUPDB)
SRV - [2002/12/17 16:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$PHONAKGROUPDB\Binn\sqlagent.EXE -- (SQLAgent$PHONAKGROUPDB)
SRV - [2002/04/12 12:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\frmupgr.sys -- (DFUBTUSB)
DRV - [2010/03/08 09:41:48 | 000,220,112 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/05/16 03:58:46 | 004,069,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 00:06:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/29 03:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/29 03:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/02/29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/10/29 18:48:13 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007/07/20 17:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/07/18 23:26:04 | 004,547,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/28 16:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/12/05 09:33:36 | 000,067,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/12/05 09:33:34 | 000,863,402 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/12/05 09:33:34 | 000,047,907 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/12/05 09:33:34 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/12/05 09:33:32 | 000,329,901 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/10/05 11:00:06 | 000,047,104 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vserial.sys -- (vserial)
DRV - [2005/10/05 11:00:06 | 000,018,167 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vsb.sys -- (vsbus)
DRV - [2004/10/15 03:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2001/08/17 13:12:24 | 000,003,168 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrParImg.sys -- (brparimg)
DRV - [2001/08/17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 13:12:20 | 000,060,416 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM)
DRV - [2001/08/17 13:12:20 | 000,011,008 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2001/08/17 13:12:18 | 000,039,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrParwdm.sys -- (BrParWdm)
DRV - [2001/08/17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.nz/"
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.8.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.4
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/22 17:26:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/22 17:26:28 | 000,000,000 | ---D | M]

[2008/11/16 14:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ilamadmin01\Application Data\Mozilla\Extensions
[2010/08/18 13:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ilamadmin01\Application Data\Mozilla\Firefox\Profiles\oxxwscsl.default\extensions
[2009/08/23 20:37:30 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\ilamadmin01\Application Data\Mozilla\Firefox\Profiles\oxxwscsl.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/07/16 12:54:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ilamadmin01\Application Data\Mozilla\Firefox\Profiles\oxxwscsl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/19 20:31:28 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\ilamadmin01\Application Data\Mozilla\Firefox\Profiles\oxxwscsl.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/08/23 20:37:29 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\ilamadmin01\Application Data\Mozilla\Firefox\Profiles\oxxwscsl.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010/08/18 13:29:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/07 08:13:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/18 23:32:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/18 23:31:55 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/08/22 11:36:03 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/08/22 11:36:03 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/08/22 11:36:03 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/08/22 11:36:03 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/07/31 10:52:40 | 000,162,910 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 Norton.com
O1 - Hosts: 127.0.0.1 help.norton.com
O1 - Hosts: 127.0.0.1 mail.norton.com
O1 - Hosts: 127.0.0.1 mail.norton.com
O1 - Hosts: 127.0.0.1 mx-buy1.norton.com
O1 - Hosts: 127.0.0.1 mx-buy2.norton.com
O1 - Hosts: 127.0.0.1 tus1smtinbpex01.symantec.com
O1 - Hosts: 127.0.0.1 excu-mxib-2.symantec.com
O1 - Hosts: 127.0.0.1 excu-mxib-1.symantec.com
O1 - Hosts: 127.0.0.1 tus1smtinbpex02.symantec.com
O1 - Hosts: 127.0.0.1 mail.panda-antivirus.no
O1 - Hosts: 127.0.0.1 panda-antivirus.no
O1 - Hosts: 127.0.0.1 pctools.com
O1 - Hosts: 127.0.0.1 forum.pctools.com
O1 - Hosts: 127.0.0.1 mail.pctools.com
O1 - Hosts: 127.0.0.1 free.avg.com
O1 - Hosts: 127.0.0.1 blog.avg.com
O1 - Hosts: 127.0.0.1 blogs.avg.com
O1 - Hosts: 127.0.0.1 gtm-nyc.avg.com
O1 - Hosts: 127.0.0.1 gtm-self.avg.com
O1 - Hosts: 127.0.0.1 avg.com
O1 - Hosts: 127.0.0.1 avast.com
O1 - Hosts: 127.0.0.1 blog.avast.com
O1 - Hosts: 127.0.0.1 forum.avast.com
O1 - Hosts: 3714 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe ()
O4 - HKLM..\Run: [FJTWAIN Setup] C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [FtLnSOP_setup] C:\WINDOWS\twain_32\Fjscan32\SOP\FtLnSOP.exe (PFU LIMITED)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Microsoft Updat] C:\Program Files\Internet Explorer\services.exe ()
O4 - HKLM..\Run: [muBlinder] C:\Documents and Settings\ilamadmin01\Desktop\muBlinder 3.61\muBlinder.exe (KRX)
O4 - HKLM..\Run: [NOAHDatabaseTrayMenu] c:\Program Files\HIMSA\Noah Database Tools\NoahDatabaseTrayMenu.exe (Himsa A/S)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Microsoft Updat] C:\Program Files\Internet Explorer\services.exe ()
O4 - HKLM..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Error Recovery Guide.lnk = C:\Program Files\PFU\Error Recovery Guide\FTErGuid.exe (PFU LIMITED)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\StartSHSDBs.lnk = C:\unity\u5app\StartSHSDBs.exe ()
O4 - Startup: C:\Documents and Settings\ilamadmin01\Start Menu\Programs\Startup\Microsoft.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.85.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hearingadv.local
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 () - [You must be registered and logged in to see this link.]
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {FE24CD78-7C63-465D-8787-4EDF7FC79895} - C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{21a9cdde-e1a0-11dc-ac89-001d7d988f0a}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{21a9cdde-e1a0-11dc-ac89-001d7d988f0a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{479b4442-e78d-11de-9670-001d7d988f0a}\Shell - "" = AutoRun
O33 - MountPoints2\{479b4442-e78d-11de-9670-001d7d988f0a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{479b4442-e78d-11de-9670-001d7d988f0a}\Shell\open\command - "" = E:\usb.exe -- File not found
O33 - MountPoints2\{48a2fe36-c020-11de-af54-001d7d988f0a}\Shell - "" = AutoRun
O33 - MountPoints2\{48a2fe36-c020-11de-af54-001d7d988f0a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{48a2fe36-c020-11de-af54-001d7d988f0a}\Shell\open\command - "" = F:\usb.exe -- File not found
O33 - MountPoints2\{50e2e6b4-03c1-11de-ae1c-001d7d988f0a}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2008/04/14 05:42:36 | 000,023,040 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{51c39b04-e4ef-11dd-ade3-001d7d988f0a}\Shell\AutoRun\command - "" = b0ykd.exe
O33 - MountPoints2\{51c39b04-e4ef-11dd-ade3-001d7d988f0a}\Shell\open\Command - "" = b0ykd.exe
O33 - MountPoints2\{a95352f9-0279-11df-969a-001d7d988f0a}\Shell - "" = AutoRun
O33 - MountPoints2\{a95352f9-0279-11df-969a-001d7d988f0a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a95352f9-0279-11df-969a-001d7d988f0a}\Shell\open\command - "" = E:\usb.exe -- File not found
O33 - MountPoints2\{f6f4ecdc-a1aa-11df-9782-001d7d988f0a}\Shell - "" = AutoRun
O33 - MountPoints2\{f6f4ecdc-a1aa-11df-9782-001d7d988f0a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f6f4ecdc-a1aa-11df-9782-001d7d988f0a}\Shell\open\command - "" = E:\usb.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/18 23:29:39 | 016,062,240 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\ilamadmin01\Desktop\jre-6u21-windows-i586.exe
[2010/08/18 23:15:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ilamadmin01\Desktop\OTL.com
[2010/08/18 19:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ilamadmin01\Desktop\Labels
[2010/08/15 22:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/08/15 21:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ilamadmin01\Desktop\Flash Drive
[2010/08/08 12:42:54 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/08 12:42:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/08 12:42:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/07 21:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\HA_Diary
[2010/07/31 10:50:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ilamadmin01\Desktop\!RnE - 2010.07.31 10.27.23 - Hans_Zimmer-Inception_(Music_From_The_Motion_Picture)-OST-2010-DOH
[2007/10/31 17:09:32 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2049/12/31 16:00:00 | 000,051,510 | ---- | M] () -- H:\My Documents\image00555.jpg
[2049/12/31 16:00:00 | 000,044,782 | ---- | M] () -- H:\My Documents\image00444.jpg
[2049/12/31 16:00:00 | 000,039,275 | ---- | M] () -- H:\My Documents\image00111.jpg
[2049/12/31 16:00:00 | 000,032,626 | ---- | M] () -- H:\My Documents\image00333.jpg
[2049/12/31 16:00:00 | 000,031,142 | ---- | M] () -- H:\My Documents\image00222.jpg
[2010/08/18 23:37:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{224D86AA-E48E-481B-9A44-DBBB59CDECE2}.job
[2010/08/18 23:35:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/18 23:35:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/18 23:34:43 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\ilamadmin01\NTUSER.DAT
[2010/08/18 23:34:43 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/08/18 23:34:41 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\ilamadmin01\ntuser.ini
[2010/08/18 23:31:54 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/18 23:31:54 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/18 23:31:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/18 23:31:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/18 23:31:54 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/18 23:29:54 | 016,062,240 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\ilamadmin01\Desktop\jre-6u21-windows-i586.exe
[2010/08/18 23:15:38 | 000,001,311 | ---- | M] () -- C:\Documents and Settings\ilamadmin01\Desktop\Patient Documents.lnk
[2010/08/18 23:15:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ilamadmin01\Desktop\OTL.com
[2010/08/18 23:11:10 | 000,156,329 | ---- | M] () -- C:\Documents and Settings\ilamadmin01\Desktop\JavaRa.zip
[2010/08/18 22:49:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/18 19:42:07 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/08/18 08:32:07 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/17 09:18:19 | 000,001,313 | ---- | M] () -- C:\Documents and Settings\ilamadmin01\Desktop\Clinical Documents.lnk
[2010/08/15 22:42:05 | 000,001,132 | ---- | M] () -- C:\Documents and Settings\ilamadmin01\Desktop\eBay.lnk
[2010/08/15 22:41:56 | 001,015,869 | ---- | M] () -- C:\Documents and Settings\ilamadmin01\Desktop\unlocker1.9.0.exe
[2010/08/15 22:13:55 | 003,292,339 | ---- | M] () -- C:\Documents and Settings\ilamadmin01\Desktop\Bed+Intruder+Band+Cover+-+North+Carolina+A&T+University+Marching+Band.mp3
[2010/08/15 21:28:24 | 006,848,159 | ---- | M] () -- C:\Documents and Settings\ilamadmin01\Desktop\Tay_Zonday_Chasing_Eden.mp3
[2010/08/09 18:11:42 | 000,099,328 | ---- | M] () -- C:\Documents and Settings\ilamadmin01\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/09 18:10:29 | 000,002,048 | -H-- | M] () -- H:\My Documents\Default.rdp
[2010/08/08 18:37:04 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\ilamadmin01\Desktop\redo.doc
[2010/08/07 21:58:30 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\ilamadmin01\Desktop\HA Diary.lnk
[2010/08/07 10:14:32 | 000,001,585 | ---- | M] () -- C:\Documents and Settings\ilamadmin01\Desktop\Remote Desktop Connection.lnk
[2010/08/05 18:43:13 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\ilamadmin01\Desktop\Letter.doc
[2010/08/05 12:30:32 | 000,000,597 | ---- | M] () -- C:\Documents and Settings\ilamadmin01\Desktop\Shortcut (2) to HAPL.lnk
[2010/08/04 16:15:49 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\ilamadmin01\Desktop\Microsoft Office Outlook 2003.lnk
[2010/08/02 11:32:46 | 000,000,465 | ---- | M] () -- C:\WINDOWS\brwmark.ini
[2010/07/31 10:52:28 | 001,440,256 | ---- | M] () -- C:\Documents and Settings\ilamadmin01\Start Menu\Programs\Startup\Microsoft.exe
[2010/07/30 10:11:32 | 000,626,176 | ---- | M] () -- C:\Documents and Settings\ilamadmin01\Desktop\File Rename.exe
[2010/07/26 11:25:19 | 000,548,808 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/26 11:25:19 | 000,105,692 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/18 23:11:06 | 000,156,329 | ---- | C] () -- C:\Documents and Settings\ilamadmin01\Desktop\JavaRa.zip
[2010/08/15 22:42:05 | 000,001,132 | ---- | C] () -- C:\Documents and Settings\ilamadmin01\Desktop\eBay.lnk
[2010/08/15 22:41:52 | 001,015,869 | ---- | C] () -- C:\Documents and Settings\ilamadmin01\Desktop\unlocker1.9.0.exe
[2010/08/15 21:29:31 | 006,848,159 | ---- | C] () -- C:\Documents and Settings\ilamadmin01\Desktop\Tay_Zonday_Chasing_Eden.mp3
[2010/08/15 21:29:31 | 003,292,339 | ---- | C] () -- C:\Documents and Settings\ilamadmin01\Desktop\Bed+Intruder+Band+Cover+-+North+Carolina+A&T+University+Marching+Band.mp3
[2010/08/09 00:56:23 | 000,001,585 | ---- | C] () -- C:\Documents and Settings\ilamadmin01\Desktop\Remote Desktop Connection.lnk
[2010/08/08 18:37:04 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\ilamadmin01\Desktop\redo.doc
[2010/08/07 21:58:29 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\ilamadmin01\Desktop\HA Diary.lnk
[2010/08/05 12:30:32 | 000,000,597 | ---- | C] () -- C:\Documents and Settings\ilamadmin01\Desktop\Shortcut (2) to HAPL.lnk
[2010/07/31 10:52:40 | 001,440,256 | ---- | C] () -- C:\Documents and Settings\ilamadmin01\Start Menu\Programs\Startup\Microsoft.exe
[2010/01/27 12:30:37 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\brfxdial.dll
[2009/11/09 12:27:20 | 000,002,668 | ---- | C] () -- C:\WINDOWS\ScandAllPro.INI
[2009/06/24 20:17:28 | 000,000,608 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\T2
[2009/06/24 20:17:28 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2009/05/03 22:34:26 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/05/03 22:34:26 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/05/03 22:34:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/05/03 22:34:24 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/03 22:34:24 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/03 22:34:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/05/03 22:34:22 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/04/12 21:00:00 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BO8440.ini
[2009/04/12 20:59:59 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/04/12 13:48:48 | 000,002,461 | ---- | C] () -- C:\WINDOWS\FiScn.ini
[2009/02/01 10:58:09 | 000,038,512 | ---- | C] () -- C:\Documents and Settings\ilamadmin01\Application Data\Comma Separated Values (Windows).ADR
[2008/09/13 17:05:53 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\QL57F.DLL
[2008/09/13 17:05:52 | 000,000,971 | ---- | C] () -- C:\WINDOWS\System32\QL57L.INI
[2008/08/25 17:55:01 | 000,000,267 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2008/08/25 17:54:56 | 000,000,465 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2008/08/25 17:54:56 | 000,000,078 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/08/25 17:54:06 | 000,002,723 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2008/08/07 03:38:36 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/05/08 10:20:16 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2008/03/26 11:28:40 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/03/10 12:16:54 | 000,000,222 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2008/02/14 09:26:47 | 000,000,070 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
[2008/02/14 08:46:17 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\Dtctrace.dll
[2008/01/28 21:28:47 | 000,000,511 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2008/01/28 21:28:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SetScan.ini
[2008/01/28 21:23:15 | 000,000,757 | R--- | C] () -- C:\WINDOWS\FJTWSTI.INI
[2008/01/28 21:23:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi60Fex0C0A.dll
[2008/01/28 21:23:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi60Fex0410.dll
[2008/01/28 21:23:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi60Fex040C.dll
[2008/01/28 21:23:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi60Fex0407.dll
[2008/01/28 21:23:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0C0A.dll
[2008/01/28 21:23:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0410.dll
[2008/01/28 21:23:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex040C.dll
[2008/01/28 21:23:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0407.dll
[2008/01/28 21:23:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0C0A.dll
[2008/01/28 21:23:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0410.dll
[2008/01/28 21:23:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex040C.dll
[2008/01/28 21:23:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0407.dll
[2008/01/28 21:23:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0C0A.dll
[2008/01/28 21:23:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0419.dll
[2008/01/28 21:23:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0410.dll
[2008/01/28 21:23:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex040C.dll
[2008/01/28 21:23:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0409.dll
[2008/01/28 21:23:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi60Fex0409.dll
[2008/01/28 21:23:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0409.dll
[2008/01/28 21:23:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0409.dll
[2008/01/28 21:23:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0412.dll
[2008/01/28 21:23:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0411.dll
[2008/01/28 21:23:12 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi60Fex0804.dll
[2008/01/28 21:23:12 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi60Fex0411.dll
[2008/01/28 21:23:12 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0804.dll
[2008/01/28 21:23:12 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0411.dll
[2008/01/28 21:23:12 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0804.dll
[2008/01/28 21:23:12 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0411.dll
[2008/01/28 21:23:12 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0804.dll
[2008/01/28 21:23:11 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex.dll
[2008/01/28 21:23:11 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0407.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0C0A.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0419.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0410.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex040C.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0409.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0407.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0C0A.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0419.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0410.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex040C.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0409.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0407.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex0C0A.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex0410.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex040C.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex0409.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex0407.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex0C0A.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex0410.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex040C.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex0407.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex0C0A.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex0410.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex040C.dll
[2008/01/28 21:23:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex0407.dll
[2008/01/28 21:23:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0412.dll
[2008/01/28 21:23:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0411.dll
[2008/01/28 21:23:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0412.dll
[2008/01/28 21:23:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0411.dll
[2008/01/28 21:23:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex0411.dll
[2008/01/28 21:23:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0c0a.dll
[2008/01/28 21:23:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0410.dll
[2008/01/28 21:23:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex040C.dll
[2008/01/28 21:23:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0409.dll
[2008/01/28 21:23:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0407.dll
[2008/01/28 21:23:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex0409.dll
[2008/01/28 21:23:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex0C0A.dll
[2008/01/28 21:23:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex0410.dll
[2008/01/28 21:23:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex040C.dll
[2008/01/28 21:23:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex0409.dll
[2008/01/28 21:23:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex0407.dll
[2008/01/28 21:23:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex0409.dll
[2008/01/28 21:23:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0804.dll
[2008/01/28 21:23:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0804.dll
[2008/01/28 21:23:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex0804.dll
[2008/01/28 21:23:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0804.dll
[2008/01/28 21:23:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0411.dll
[2008/01/28 21:23:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex0804.dll
[2008/01/28 21:23:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex0411.dll
[2008/01/28 21:23:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex0804.dll
[2008/01/28 21:23:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex0411.dll
[2008/01/28 21:23:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex0804.dll
[2008/01/28 21:23:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex0411.dll
[2008/01/28 21:23:10 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex.dll
[2008/01/28 21:23:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex0C0A.dll
[2008/01/28 21:23:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex0410.dll
[2008/01/28 21:23:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex040C.dll
[2008/01/28 21:23:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex0407.dll
[2008/01/28 21:23:10 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex0C0A.dll
[2008/01/28 21:23:10 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex0410.dll
[2008/01/28 21:23:10 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex040C.dll
[2008/01/28 21:23:10 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex0409.dll
[2008/01/28 21:23:10 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex0407.dll
[2008/01/28 21:23:10 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex0409.dll
[2008/01/28 21:23:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex0804.dll
[2008/01/28 21:23:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex0411.dll
[2008/01/28 21:23:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex0804.dll
[2008/01/28 21:23:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex0411.dll
[2008/01/19 12:20:17 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\ilamadmin01\Application Data\$_hpcst$.hpc
[2008/01/19 12:18:22 | 000,000,094 | ---- | C] () -- C:\WINDOWS\family.ini
[2007/12/18 19:26:58 | 000,099,328 | ---- | C] () -- C:\Documents and Settings\ilamadmin01\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/25 16:06:21 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/17 12:48:34 | 000,000,083 | ---- | C] () -- C:\WINDOWS\AURICAL.INI
[2007/11/03 13:08:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\MARK.dll
[2007/11/03 13:08:41 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ConfTree.dll
[2007/11/03 12:55:07 | 000,000,907 | ---- | C] () -- C:\WINDOWS\connexx.ini
[2007/11/03 12:55:07 | 000,000,127 | ---- | C] () -- C:\WINDOWS\hipro.ini
[2007/11/03 12:54:25 | 000,000,817 | ---- | C] () -- C:\WINDOWS\unity.ini
[2007/11/03 12:54:25 | 000,000,040 | ---- | C] () -- C:\WINDOWS\cdctrl.ini
[2007/11/03 12:54:05 | 000,000,055 | ---- | C] () -- C:\WINDOWS\sat.ini
[2007/11/03 12:53:18 | 000,000,334 | ---- | C] () -- C:\WINDOWS\UIpref.ini
[2007/10/31 17:11:10 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\NoahAUDPrintHelper.dll
[2007/10/31 17:10:13 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\ilamadmin01\Local Settings\Application Data\fusioncache.dat
[2007/10/31 17:08:51 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\LaPack64.dll
[2007/10/31 12:44:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/10/29 19:03:58 | 000,000,836 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/15 15:10:08 | 000,000,032 | R--- | C] () -- C:\WINDOWS\MESWBOX.INI
[2006/11/29 21:24:10 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/17 10:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 10:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2005/01/17 07:10:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2004/08/09 07:00:42 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
< End of report >

exti047
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-08-16
OS OS : XP pro
Points Points : 23141
# Likes # Likes : 0

View user profile

Back to top Go down

Re: y.exe virus all over my computers!

Post by Dr Jay on Wed Aug 18, 2010 6:29 pm

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: y.exe virus all over my computers!

Post by exti047 on Fri Aug 20, 2010 6:19 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000c1e8d

Kernel Drivers (total 131):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltmgr.sys
0xB9ED9000 sr.sys
0xB9EC2000 KSecDD.sys
0xB9EAF000 WudfPf.sys
0xB9E22000 Ntfs.sys
0xB9DF5000 NDIS.sys
0xB9DDB000 Mup.sys
0xB96FB000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB9287000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB9273000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB924B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB9217000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xBA420000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB91F3000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xBA428000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xBA430000 \SystemRoot\System32\DRIVERS\fdc.sys
0xBA138000 \SystemRoot\System32\DRIVERS\serial.sys
0xB9D9B000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB91DF000 \SystemRoot\System32\DRIVERS\parport.sys
0xBA148000 \SystemRoot\System32\DRIVERS\imapi.sys
0xBA158000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xBA168000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB91BC000 \SystemRoot\System32\DRIVERS\ks.sys
0xB90ED000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xBA733000 \SystemRoot\System32\DRIVERS\audstub.sys
0xBA178000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xB9D93000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB90D6000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xBA188000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xBA198000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xBA438000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB90C5000 \SystemRoot\System32\DRIVERS\psched.sys
0xBA1A8000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xBA440000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xBA448000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB9095000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xBA1B8000 \SystemRoot\System32\DRIVERS\termdd.sys
0xBA450000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xBA458000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBA5E6000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB9037000 \SystemRoot\System32\DRIVERS\update.sys
0xB96C9000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xBA460000 \SystemRoot\system32\DRIVERS\vsb.sys
0xACFC6000 \SystemRoot\system32\drivers\btaudio.sys
0xACFA2000 \SystemRoot\system32\drivers\portcls.sys
0xBA1E8000 \SystemRoot\system32\drivers\drmk.sys
0xBA1F8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xACF60000 \SystemRoot\system32\drivers\AtiHdmi.sys
0xACAE7000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xBA218000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xBA5EE000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xBA468000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xBA5F6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA786000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5F8000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA478000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA480000 \SystemRoot\System32\drivers\vga.sys
0xBA5FA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5FC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA488000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA490000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA5A4000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xACA8C000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xACA33000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xAC9E3000 \SystemRoot\System32\DRIVERS\netbt.sys
0xAC9BD000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xBA248000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xAC99B000 \SystemRoot\System32\drivers\afd.sys
0xBA258000 \SystemRoot\System32\DRIVERS\netbios.sys
0xAC970000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xAC900000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBA278000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA298000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xACF9A000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xACF86000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xBA2A8000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xACF82000 \SystemRoot\system32\DRIVERS\BrScnUsb.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xAC85D000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xACF7A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB96C1000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xBA340000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xAC845000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA614000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xACAD7000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA358000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA79F000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF068000 \SystemRoot\System32\ati2cqag.dll
0xBF107000 \SystemRoot\System32\atikvmag.dll
0xBF18C000 \SystemRoot\System32\atiok3x2.dll
0xBF1EC000 \SystemRoot\System32\ati3duag.dll
0xBF4C6000 \SystemRoot\System32\ativvaxx.dll
0xA9CFC000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA99CF000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xBA5D2000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA9888000 \SystemRoot\System32\DRIVERS\srv.sys
0xA97F0000 \SystemRoot\System32\DRIVERS\secdrv.sys
0xBA408000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xA91AD000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA9198000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9440000 \SystemRoot\system32\drivers\sysaudio.sys
0xA90AA000 \SystemRoot\system32\drivers\kmixer.sys
0xA8E5F000 \SystemRoot\System32\Drivers\HTTP.sys
0xA8735000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
612 C:\WINDOWS\system32\smss.exe
680 csrss.exe
720 C:\WINDOWS\system32\winlogon.exe
764 C:\WINDOWS\system32\services.exe
776 C:\WINDOWS\system32\lsass.exe
960 C:\WINDOWS\system32\ati2evxx.exe
976 C:\WINDOWS\system32\svchost.exe
1044 svchost.exe
1148 C:\WINDOWS\system32\svchost.exe
1172 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
1192 C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
1216 C:\WINDOWS\system32\svchost.exe
1360 svchost.exe
1436 svchost.exe
1520 C:\WINDOWS\system32\BRSVC01A.EXE
1536 C:\WINDOWS\system32\BRSS01A.EXE
1544 C:\WINDOWS\system32\spoolsv.exe
1652 svchost.exe
1728 svchost.exe
1772 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
1820 C:\WINDOWS\twain_32\Fjscan32\FJTWMKSV.exe
1856 C:\Program Files\Java\jre6\bin\jqs.exe
1884 C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
1908 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
1912 C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
1936 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
1988 C:\Program Files\Microsoft SQL Server\MSSQL$PHONAKGROUPDB\Binn\sqlservr.exe
504 C:\Program Files\HIMSA\Noah Database Tools\NOAHDatabaseSchedulerService.exe
528 C:\Program Files\HIMSA\NOAH System\ExecutableFiles\NSAFiles\DBServerHostSvc.exe
660 sqlbrowser.exe
840 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
1032 C:\WINDOWS\system32\svchost.exe
1108 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1348 C:\WINDOWS\system32\wuauclt.exe
1844 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2436 alg.exe
2704 C:\WINDOWS\system32\ati2evxx.exe
3180 C:\WINDOWS\explorer.exe
3700 C:\WINDOWS\RTHDCPL.exe
3864 C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
3928 C:\Program Files\HIMSA\Noah Database Tools\NoahDatabaseTrayMenu.exe
3972 C:\WINDOWS\twain_32\Fjscan32\SOP\FtLnSOP.exe
4012 C:\WINDOWS\twain_32\Fjscan32\FjtwMkup.exe
4056 C:\WINDOWS\system32\rundll32.exe
4064 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
380 C:\Program Files\Internet Explorer\services.exe
500 C:\Program Files\Unlocker\UnlockerAssistant.exe
640 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1096 C:\WINDOWS\system32\ctfmon.exe
1100 C:\Program Files\DNA\btdna.exe
2020 C:\Program Files\Skype\Phone\Skype.exe
2368 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
2068 C:\Program Files\PFU\Error Recovery Guide\FTErGuid.exe
2656 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
2640 C:\Program Files\Logitech\SetPoint\SetPoint.exe
2636 C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
2844 C:\unity\u5app\ASA\win32\dbeng7.exe
2852 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
248 C:\Program Files\Skype\Plugin Manager\skypePM.exe
1620 C:\Program Files\Internet Explorer\y.exe
2000 C:\Program Files\Internet Explorer\y.exe
3564 wmiprvse.exe
2356 C:\Documents and Settings\ilamadmin01\Desktop\MBR\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3320620AS, Rev: 3.AAK

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

exti047
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-08-16
OS OS : XP pro
Points Points : 23141
# Likes # Likes : 0

View user profile

Back to top Go down

Re: y.exe virus all over my computers!

Post by Dr Jay on Fri Aug 20, 2010 8:52 am

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: y.exe virus all over my computers!

Post by exti047 on Sat Aug 21, 2010 1:38 am

ComboFix 10-08-19.02 - ilamadmin01 21/08/2010 13:32:32.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.64.1033.18.2046.1340 [GMT 12:00]
Running from: c:\documents and settings\ilamadmin01\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Help\Tours\mmTour\tour.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-07-21 to 2010-08-21 )))))))))))))))))))))))))))))))
.

2010-08-20 05:57 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-15 10:42 . 2010-08-15 10:42 -------- d-----w- c:\program files\Unlocker
2010-08-07 09:58 . 2010-08-08 12:51 -------- d-----w- c:\program files\HA_Diary
2010-08-03 20:49 . 2010-08-03 20:49 61440 ----a-w- c:\documents and settings\ilamadmin01\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5f9c2ae8-n\decora-sse.dll
2010-08-03 20:49 . 2010-08-03 20:49 503808 ----a-w- c:\documents and settings\ilamadmin01\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-53cc19d2-n\msvcp71.dll
2010-08-03 20:49 . 2010-08-03 20:49 499712 ----a-w- c:\documents and settings\ilamadmin01\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-53cc19d2-n\jmc.dll
2010-08-03 20:49 . 2010-08-03 20:49 348160 ----a-w- c:\documents and settings\ilamadmin01\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-53cc19d2-n\msvcr71.dll
2010-08-03 20:49 . 2010-08-03 20:49 12800 ----a-w- c:\documents and settings\ilamadmin01\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5f9c2ae8-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 01:34 . 2008-03-25 23:26 -------- d-----w- c:\documents and settings\ilamadmin01\Application Data\Skype
2010-08-21 01:30 . 2009-06-05 23:17 -------- d-----w- c:\documents and settings\ilamadmin01\Application Data\DNA
2010-08-21 01:10 . 2008-03-25 23:28 -------- d-----w- c:\documents and settings\ilamadmin01\Application Data\skypePM
2010-08-21 01:10 . 2009-06-05 23:17 -------- d-----w- c:\program files\DNA
2010-08-20 06:21 . 2009-07-30 06:13 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-20 06:17 . 2008-11-16 02:52 169936 ----a-w- c:\documents and settings\ilamadmin01\Application Data\Mozilla\Firefox\Profiles\oxxwscsl.default\FlashGot.exe
2010-08-18 11:32 . 2007-12-26 02:01 -------- d-----w- c:\program files\Java
2010-08-18 11:31 . 2010-07-06 20:13 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-15 09:36 . 2009-06-10 08:37 -------- d-----w- c:\program files\Windows Live Safety Center
2010-08-08 00:43 . 2007-12-26 02:00 -------- d-----w- c:\program files\Common Files\Java
2010-07-25 23:27 . 2008-07-28 09:59 -------- d-----w- c:\program files\Windows Desktop Search
2010-07-14 01:52 . 2009-02-13 06:17 -------- d-----r- c:\program files\Skype
2010-07-14 01:52 . 2010-07-14 01:52 -------- d-----w- c:\program files\Common Files\Skype
2010-07-14 01:52 . 2008-03-25 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-07 21:09 . 2010-07-06 20:29 34 ----a-w- c:\windows\system32\BD7440N.DAT
2010-07-07 04:19 . 2007-10-31 00:28 -------- d-----w- c:\program files\Symantec
2010-07-07 04:19 . 2007-10-31 00:28 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-07 04:19 . 2007-10-31 00:28 -------- d-----w- c:\program files\Symantec AntiVirus
2010-07-07 04:19 . 2007-10-31 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-03 23:59 . 2010-07-03 23:59 -------- d-----w- c:\documents and settings\hearing.HEARINGADV\Application Data\Windows Desktop Search
2010-07-03 23:59 . 2010-07-03 23:59 -------- d-----w- c:\documents and settings\hearing.HEARINGADV\Application Data\Logitech
2010-07-03 23:58 . 2010-07-03 23:58 -------- d-----w- c:\documents and settings\hearing.HEARINGADV\Application Data\Windows Small Business Server
2010-07-03 06:56 . 2007-10-31 00:45 -------- d-----w- c:\program files\Microsoft.NET
2010-07-02 04:24 . 2009-05-06 23:04 -------- d-----w- c:\documents and settings\ilamadmin01\Application Data\MSN6
2010-07-01 21:37 . 2010-07-01 21:37 -------- d-----w- c:\documents and settings\ilamadmin01\Application Data\Windows Small Business Server
2010-07-01 21:37 . 2010-07-01 21:37 -------- d-----w- c:\program files\Windows Small Business Server
2010-07-01 01:25 . 2007-10-31 05:10 134 ----a-w- c:\documents and settings\ilamadmin01\Local Settings\Application Data\fusioncache.dat
2010-06-30 22:59 . 2010-06-30 22:59 -------- d-----w- c:\documents and settings\administrator.HEARINGADV\Application Data\Windows Desktop Search
2010-06-30 22:59 . 2010-06-30 22:59 -------- d-----w- c:\documents and settings\administrator.HEARINGADV\Application Data\Logitech
2010-06-30 22:37 . 2010-06-30 22:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2010-06-30 12:31 . 2002-08-29 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2002-08-29 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2002-08-29 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2002-08-29 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2007-10-29 06:21 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2002-08-29 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-05-25 20:30 . 2010-05-25 20:30 503808 ----a-w- c:\documents and settings\ilamadmin01\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6554b02a-n\msvcp71.dll
2010-05-25 20:30 . 2010-05-25 20:30 499712 ----a-w- c:\documents and settings\ilamadmin01\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6554b02a-n\jmc.dll
2010-05-25 20:30 . 2010-05-25 20:30 348160 ----a-w- c:\documents and settings\ilamadmin01\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6554b02a-n\msvcr71.dll
2010-05-25 20:30 . 2010-05-25 20:30 61440 ----a-w- c:\documents and settings\ilamadmin01\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-27e0a0c1-n\decora-sse.dll
2010-05-25 20:30 . 2010-05-25 20:30 12800 ----a-w- c:\documents and settings\ilamadmin01\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-27e0a0c1-n\decora-d3d.dll
2009-06-24 08:17 . 2009-06-24 08:17 604 ---ha-w- c:\program files\STLL Notifier
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-28 76304]
"Easy Synchronization"="c:\program files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-04 53248]
"NOAHDatabaseTrayMenu"="c:\program files\himsa\Noah Database Tools\NoahDatabaseTrayMenu.exe" [2009-12-10 65536]
"FtLnSOP_setup"="c:\windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe" [2007-03-08 212992]
"FJTWAIN Setup"="c:\windows\Twain_32\fjscan32\FjtwMkup.exe" [2007-03-08 131072]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-28 76304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-13 248552]
"muBlinder"="c:\documents and settings\ilamadmin01\Desktop\muBlinder 3.61\muBlinder.exe" [2010-02-23 1462784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\ilamadmin01\Start Menu\Programs\Startup\
Microsoft.exe [2010-7-31 1440256]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 561213]
Error Recovery Guide.lnk - c:\program files\PFU\Error Recovery Guide\FTErGuid.exe [2008-1-28 212992]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-29 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-6-30 805392]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
StartSHSDBs.lnk - c:\unity\u5app\StartSHSDBs.exe [2007-11-3 7680]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "c:\program files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-10-04 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-01 14:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"\\\\server\\cashwin\\CashWin32.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2638:TCP"= 2638:TCP:ASA_DBE
"2638:UDP"= 2638:UDP:ASA_DBE
"49152:TCP"= 49152:TCP:ASA_DBE
"49152:UDP"= 49152:UDP:ASA_DBE
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 p.m. 130384]
R2 FJTWMKSV;FJTWMKSV;c:\windows\twain_32\Fjscan32\FJTWMKSV.exe [28/01/2008 9:23 p.m. 45056]
R2 MSSQL$HIMSA;SQL Server (HIMSA);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27/05/2009 2:27 a.m. 29262680]
R2 MSSQL$PHONAKGROUPDB;MSSQL$PHONAKGROUPDB;c:\program files\Microsoft SQL Server\MSSQL$PHONAKGROUPDB\Binn\sqlservr.exe -sPHONAKGROUPDB --> c:\program files\Microsoft SQL Server\MSSQL$PHONAKGROUPDB\Binn\sqlservr.exe -sPHONAKGROUPDB [?]
R2 NOAHDatabaseSchedulerService;NOAHDatabaseSchedulerService;c:\program files\HIMSA\Noah Database Tools\NOAHDatabaseSchedulerService.exe [31/10/2007 5:10 p.m. 106496]
R2 NOAHDatabaseServerHost;NOAH Database Server Host;c:\program files\HIMSA\NOAH System\ExecutableFiles\NSAFiles\DBServerHostSvc.exe [31/10/2007 5:10 p.m. 20480]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [25/08/2008 5:54 p.m. 2944]
S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [26/08/2008 5:37 p.m. 3168]
S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [26/08/2008 5:37 p.m. 39552]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [25/08/2008 5:54 p.m. 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [25/08/2008 5:54 p.m. 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [25/08/2008 5:54 p.m. 10368]
S3 SQLAgent$PHONAKGROUPDB;SQLAgent$PHONAKGROUPDB;c:\program files\Microsoft SQL Server\MSSQL$PHONAKGROUPDB\Binn\sqlagent.EXE -i PHONAKGROUPDB --> c:\program files\Microsoft SQL Server\MSSQL$PHONAKGROUPDB\Binn\sqlagent.EXE -i PHONAKGROUPDB [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [30/08/2002 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 p.m. 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-08-21 c:\windows\Tasks\User_Feed_Synchronization-{224D86AA-E48E-481B-9A44-DBBB59CDECE2}.job
- c:\windows\system32\msfeedssync.exe [2007-10-29 16:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\ilamadmin01\Application Data\Mozilla\Firefox\Profiles\oxxwscsl.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-21 13:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-934257754-1511539342-3304095921-1169\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a8,83,1b,7d,28,44,5f,92,31,ff,5f,51,07,a7,e5,26,ed,cf,4b,bf,48,02,c9,
e3,79,13,cb,e2,b1,fe,a8,2e,b2,db,d4,07,d4,cc,52,df,b7,ee,9e,66,ac,4b,84,f6,\
"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(4400)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-21 13:35:49
ComboFix-quarantined-files.txt 2010-08-21 01:35

Pre-Run: 239,276,863,488 bytes free
Post-Run: 239,231,135,744 bytes free

- - End Of File - - D2A38660C4C2BB7EF2675BC2CC3AC547

exti047
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-08-16
OS OS : XP pro
Points Points : 23141
# Likes # Likes : 0

View user profile

Back to top Go down

Re: y.exe virus all over my computers!

Post by Dr Jay on Sat Aug 21, 2010 5:59 am

Please download [You must be registered and logged in to see this link.] and save it to your Desktop. Do NOT perform a scan yet

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.
    If so, click it, then click the next icon right below and select Move incurable.
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: y.exe virus all over my computers!

Post by exti047 on Sun Aug 22, 2010 6:09 am

Awesome - FIXED! Many thanks!

CashManager12Update.EXE\data007;C:\Backup\Apps\Cash Manager Update\CashManager12Update.EXE;Tool.Keylog.101;;
CashManager12Update.EXE;C:\Backup\Apps\Cash Manager Update;Container contains infected objects;Moved.;
CMW15up.EXE\data007;C:\Backup\Documents and Settings\Administrator\Desktop\Info For Allan\Cash Manager 2010\CMW15up.EXE;Tool.Keylog.101;;
CMW15up.EXE;C:\Backup\Documents and Settings\Administrator\Desktop\Info For Allan\Cash Manager 2010;Container contains infected objects;Moved.;
isCMRunning.dll;C:\Backup\Documents and Settings\Administrator\Local Settings\Temp;Tool.Keylog.101;Deleted.;
1DD80000.VBN;C:\Backup\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Tool.ShowPass.26;Incurable.Moved.;
CMW15up.EXE\data007;C:\Backup\Patient Documents\JG's ACC\Cash Manager 2010\CMW15up.EXE;Tool.Keylog.101;;
CMW15up.EXE;C:\Backup\Patient Documents\JG's ACC\Cash Manager 2010;Container contains infected objects;Moved.;
CashManager12Update.EXE\data007;C:\Backup\Temp\Old Clinical Documents\Clinical Documents 8 May 08\CashManager12Update.EXE;Tool.Keylog.101;;
CashManager12Update.EXE;C:\Backup\Temp\Old Clinical Documents\Clinical Documents 8 May 08;Container contains infected objects;Moved.;
d2.exe;C:\Program Files\Internet Explorer;BackDoor.Siggen.25182;Deleted.;
ce monde absurde english.mp3;C:\Program Files\LimeWire;Trojan.WMALoader;Cured.;
A0140025.EXE\data007;C:\System Volume Information\_restore{72F9608B-BE22-430B-8586-563A699C4AB1}\RP847\A0140025.EXE;Tool.Keylog.101;;
A0140025.EXE;C:\System Volume Information\_restore{72F9608B-BE22-430B-8586-563A699C4AB1}\RP847;Container contains infected objects;Moved.;
A0140026.EXE\data007;C:\System Volume Information\_restore{72F9608B-BE22-430B-8586-563A699C4AB1}\RP847\A0140026.EXE;Tool.Keylog.101;;
A0140026.EXE;C:\System Volume Information\_restore{72F9608B-BE22-430B-8586-563A699C4AB1}\RP847;Container contains infected objects;Moved.;
A0140028.EXE\data007;C:\System Volume Information\_restore{72F9608B-BE22-430B-8586-563A699C4AB1}\RP848\A0140028.EXE;Tool.Keylog.101;;
A0140028.EXE;C:\System Volume Information\_restore{72F9608B-BE22-430B-8586-563A699C4AB1}\RP848;Container contains infected objects;Moved.;
A0140030.EXE\data007;C:\System Volume Information\_restore{72F9608B-BE22-430B-8586-563A699C4AB1}\RP848\A0140030.EXE;Tool.Keylog.101;;
A0140030.EXE;C:\System Volume Information\_restore{72F9608B-BE22-430B-8586-563A699C4AB1}\RP848;Container contains infected objects;Moved.;
A0140032.exe;C:\System Volume Information\_restore{72F9608B-BE22-430B-8586-563A699C4AB1}\RP848;BackDoor.Siggen.25182;Deleted.;

exti047
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-08-16
OS OS : XP pro
Points Points : 23141
# Likes # Likes : 0

View user profile

Back to top Go down

Re: y.exe virus all over my computers!

Post by Dr Jay on Mon Aug 23, 2010 7:09 am

Hiya! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Security Check

Please download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran TFC
  • Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum