Removed Malware via malwarebytes, want to check log

View previous topic View next topic Go down

Removed Malware via malwarebytes, want to check log

Post by caskaid on Thu 09 Sep 2010, 4:30 am

Removed a fake malware program with malwarebytes... antispy.exe. Want to check to see that all is well and no other stuff left behind. Thanks in advanced

Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:11 PM, on 9/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PrinterShare\paConsole.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\EloSrvce.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\WESAM HASHISH\Application Data\U3\000015672B631CE9\LaunchPad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PrinterShare] C:\Program Files\PrinterShare\paConsole.exe -minimized
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: PCCharge Payment Server.lnk = C:\Program Files\Active-Charge\Active-Charge.Exe
O4 - Global Startup: Dinerware 2.8 Brain.lnk = C:\Program Files\Dinerware 2.8\Brain.exe
O4 - Global Startup: Dinerware 2.8 Workstation.lnk = C:\Program Files\Dinerware 2.8\Workstation.exe
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} (LogMeIn Rescue Applet Downloader) - [You must be registered and logged in to see this link.]
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - [You must be registered and logged in to see this link.]
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EloSystemService - Elo Touchsystems, Inc. - C:\WINDOWS\system32\EloSrvce.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

--
End of file - 6415 bytes

caskaid

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2009-03-06
Operating System : Windows XP

View user profile

Back to top Go down

Re: Removed Malware via malwarebytes, want to check log

Post by Belahzur on Thu 09 Sep 2010, 5:44 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

log

Post by caskaid on Thu 09 Sep 2010, 6:24 am

OTL logfile created on: 9/8/2010 3:13:37 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\WESAM HASHISH\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 43.88 Gb Free Space | 58.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 5.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 3.81 Gb Total Space | 3.10 Gb Free Space | 81.22% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: POS1
Current User Name: WESAM HASHISH
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/08 15:11:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WESAM HASHISH\Desktop\OTL.exe
PRC - [2010/07/28 08:23:20 | 001,107,456 | ---- | M] (PrinterAnywhere) -- C:\Program Files\PrinterShare\paConsole.exe
PRC - [2010/06/02 16:06:20 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/06/02 16:06:14 | 000,378,248 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/01/27 12:22:02 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/01/27 12:22:02 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/12/18 05:25:12 | 029,181,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/10 09:29:47 | 000,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2006/12/11 12:20:18 | 004,603,904 | ---- | M] () -- C:\Documents and Settings\WESAM HASHISH\Application Data\U3\000015672B631CE9\LaunchPad.exe
PRC - [2006/10/20 19:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/05/01 04:07:44 | 000,843,776 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/03/23 06:20:46 | 000,045,056 | R--- | M] (Elo Touchsystems, Inc.) -- C:\WINDOWS\system32\EloSrvce.exe
PRC - [2006/01/02 18:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (SafeList) ==========

MOD - [2010/09/08 15:11:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WESAM HASHISH\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/02 16:06:20 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/27 12:22:02 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/12/18 05:25:12 | 029,181,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2007/02/10 09:29:47 | 000,242,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006/03/23 06:20:46 | 000,045,056 | R--- | M] (Elo Touchsystems, Inc.) [Auto | Running] -- C:\WINDOWS\system32\EloSrvce.exe -- (EloSystemService)
SRV - [2005/10/14 06:50:19 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\enkpp.sys -- (uashlb)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - [2010/06/02 16:06:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/01/27 12:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/01/27 12:22:02 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/12/24 06:40:12 | 000,080,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2008/12/16 07:10:34 | 000,070,016 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NmSerial.sys -- (nmserial)
DRV - [2008/04/13 14:36:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 14:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/13 16:12:34 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/06/25 16:39:22 | 000,027,136 | R--- | M] (Logic Controls, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LCILD.sys -- (LCILD)
DRV - [2007/02/15 22:59:56 | 001,754,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/09/14 05:45:38 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2006/05/22 10:40:54 | 000,230,400 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/05/17 05:03:24 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/23 06:13:44 | 000,066,048 | R--- | M] (Elo Touchsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EloUsb.Sys -- (EloUsb)
DRV - [2006/03/23 06:13:40 | 000,028,160 | R--- | M] (Elo Touchsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\elofiltr.sys -- (elomoufiltr)
DRV - [2006/03/17 12:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004/12/07 19:09:56 | 000,050,944 | R--- | M] (SIIG, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oxser.sys -- (oxser)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/05/31 06:00:50 | 000,016,384 | R--- | M] (SIIG, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oxmf.sys -- (oxmf)
DRV - [2004/05/31 06:00:50 | 000,004,992 | R--- | M] (SIIG, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oxmfuf.sys -- (Oxmfuf)
DRV - [2004/05/31 06:00:50 | 000,004,224 | R--- | M] (OEM) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oxmep.sys -- (oxmep)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [1997/06/12 11:53:18 | 000,026,304 | ---- | M] (MagTek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\magepnt.sys -- (MagEpNt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {6D486BA2-62F1-47D3-82D2-837A02570CF2}:1.9.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

FF - HKLM\software\mozilla\Firefox\extensions\\{6D486BA2-62F1-47D3-82D2-837A02570CF2}: C:\Documents and Settings\WESAM HASHISH\Local Settings\Application Data\{6D486BA2-62F1-47D3-82D2-837A02570CF2} [2010/08/28 00:08:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/07 16:28:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/07 16:28:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/07 17:02:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/09/07 16:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WESAM HASHISH\Application Data\Mozilla\Extensions
[2010/09/07 16:37:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WESAM HASHISH\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/07 21:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WESAM HASHISH\Application Data\Mozilla\Firefox\Profiles\acfuetq8.default\extensions
[2010/09/07 21:33:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\WESAM HASHISH\Application Data\Mozilla\Firefox\Profiles\acfuetq8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/07 21:38:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\WESAM HASHISH\Application Data\Mozilla\Firefox\Profiles\acfuetq8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/07 16:28:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [PrinterShare] C:\Program Files\PrinterShare\paConsole.exe (PrinterAnywhere)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dinerware 2.8 Brain.lnk = C:\Program Files\Dinerware 2.8\Brain.exe (Dinerware, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dinerware 2.8 Workstation.lnk = C:\Program Files\Dinerware 2.8\Workstation.exe (Dinerware, Inc.)
O4 - Startup: C:\Documents and Settings\WESAM HASHISH\Start Menu\Programs\Startup\PCCharge Payment Server.lnk = C:\Program Files\Active-Charge\Active-Charge.Exe (VeriFone, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} [You must be registered and logged in to see this link.] (LogMeIn Rescue Applet Downloader)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} [You must be registered and logged in to see this link.] (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} [You must be registered and logged in to see this link.] (Live365Player Class)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [You must be registered and logged in to see this link.] (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/12/11 16:03:59 | 000,000,277 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/09/07 16:48:44 | 000,009,530 | ---- | M] () - F:\autoprint-1.2-tb.xpi -- [ FAT32 ]
O33 - MountPoints2\{e19f2822-bab0-11df-9dfd-001d090811ce}\Shell - "" = AutoRun
O33 - MountPoints2\{e19f2822-bab0-11df-9dfd-001d090811ce}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e19f2822-bab0-11df-9dfd-001d090811ce}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/12/07 14:45:13 | 001,095,224 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/12/07 14:45:13 | 001,095,224 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/08 15:13:33 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WESAM HASHISH\Desktop\OTL.exe
[2010/09/08 13:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/09/08 13:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/09/08 13:44:56 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\WESAM HASHISH\Desktop\spybotsd162.exe
[2010/09/08 13:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/09/08 13:43:08 | 011,862,384 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\WESAM HASHISH\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2010/09/08 13:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/08 12:21:29 | 000,000,000 | ---D | C] -- C:\c5a380f1b0518d8852139004a841
[2010/09/08 12:18:45 | 000,000,000 | ---D | C] -- C:\7c29ecfd950b29db290b5ecda5
[2010/09/07 17:45:27 | 000,090,112 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst08.dll
[2010/09/07 17:29:43 | 000,278,528 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpgwiamd.dll
[2010/09/07 17:29:41 | 000,180,315 | ---- | C] (HP) -- C:\WINDOWS\System32\hpzsnt10.dll
[2010/09/07 17:29:40 | 000,344,064 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpzcon10.dll
[2010/09/07 17:29:40 | 000,196,608 | ---- | C] (HP) -- C:\WINDOWS\System32\hpzcoi10.dll
[2010/09/07 17:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010/09/07 17:02:16 | 006,876,688 | ---- | C] (Mozilla) -- C:\Documents and Settings\WESAM HASHISH\Desktop\Thunderbird Setup 2.0.0.24.exe
[2010/09/07 17:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WESAM HASHISH\Application Data\U3
[2010/09/07 16:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WESAM HASHISH\Local Settings\Application Data\Thunderbird
[2010/09/07 16:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WESAM HASHISH\Application Data\Thunderbird
[2010/09/07 16:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WESAM HASHISH\My Documents\Downloads
[2010/09/07 16:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WESAM HASHISH\Local Settings\Application Data\Mozilla
[2010/09/07 16:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WESAM HASHISH\Application Data\Mozilla
[2010/09/07 16:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/09/07 16:23:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\WESAM HASHISH\IECompatCache
[2010/09/07 14:44:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/09/03 17:44:22 | 000,000,000 | ---D | C] -- C:\EPSON Advanced Printer Driver
[2010/09/02 21:15:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\WESAM HASHISH\PrivacIE
[2010/09/02 17:57:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/02 17:57:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/09/02 17:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\PrinterShare
[2010/09/02 17:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrinterShare
[2010/09/02 17:12:31 | 094,519,280 | ---- | C] (Motorola ) -- C:\Documents and Settings\WESAM HASHISH\Desktop\MML_Installer-v1.2.1400.0.exe
[2010/09/02 16:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WESAM HASHISH\Local Settings\Application Data\Downloaded Installations
[2010/09/01 12:15:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/08/31 12:27:18 | 000,029,568 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2010/08/31 12:27:17 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2010/08/31 12:27:17 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2010/08/31 12:27:11 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2010/08/31 12:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WESAM HASHISH\Local Settings\Application Data\Deployment
[2010/08/30 11:47:46 | 012,402,120 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\WESAM HASHISH\Desktop\windows-kb890830-x64-v3.10.exe
[2010/08/29 22:46:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\WESAM HASHISH\IETldCache
[2010/08/29 22:38:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/29 22:33:54 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/29 22:33:53 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/29 22:33:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/29 22:33:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/29 16:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/08/29 14:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WESAM HASHISH\Application Data\Malwarebytes
[2010/08/29 14:25:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/29 14:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/29 14:25:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/29 14:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/29 14:25:10 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\WESAM HASHISH\Desktop\mbam-setup-1.46.exe
[2010/08/28 00:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WESAM HASHISH\Local Settings\Application Data\{6D486BA2-62F1-47D3-82D2-837A02570CF2}
[2010/08/27 13:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WESAM HASHISH\Local Settings\Application Data\Threat Expert
[2010/08/27 11:12:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/08/27 11:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/27 11:00:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/08/22 13:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/22 13:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/22 12:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/22 12:07:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/22 11:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WESAM HASHISH\Local Settings\Application Data\wrvgbyvpj
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/08 15:11:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WESAM HASHISH\Desktop\OTL.exe
[2010/09/08 14:57:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/09/08 14:44:28 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/08 14:39:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/08 14:38:58 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/09/08 14:38:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/08 14:38:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/08 14:38:52 | 1306,497,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/08 14:37:56 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\WESAM HASHISH\NTUSER.DAT
[2010/09/08 14:37:56 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\WESAM HASHISH\ntuser.ini
[2010/09/08 13:43:41 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/09/08 13:43:18 | 011,862,384 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\WESAM HASHISH\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2010/09/08 13:23:01 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/09/08 12:44:43 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/09/08 12:44:43 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/09/08 12:16:28 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\WESAM HASHISH\Desktop\spybotsd162.exe
[2010/09/08 10:04:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/09/08 10:04:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/09/08 10:04:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/09/08 10:04:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/09/08 10:04:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/09/08 10:04:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/09/08 10:04:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/09/08 10:04:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/09/08 10:04:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/09/08 10:04:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/09/08 10:04:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/09/07 23:09:16 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/09/07 22:37:28 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/09/07 21:04:52 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/09/07 21:04:52 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/09/07 21:04:52 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/09/07 21:04:52 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/09/07 21:04:52 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/09/07 21:04:51 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/09/07 17:51:32 | 000,103,509 | ---- | M] () -- C:\WINDOWS\hpoins04.dat
[2010/09/07 17:33:23 | 000,103,537 | ---- | M] () -- C:\WINDOWS\hpoins04.dat.temp
[2010/09/07 17:02:39 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\WESAM HASHISH\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/09/07 17:02:39 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2010/09/07 16:40:04 | 006,876,688 | ---- | M] (Mozilla) -- C:\Documents and Settings\WESAM HASHISH\Desktop\Thunderbird Setup 2.0.0.24.exe
[2010/09/07 16:28:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/09/07 16:28:13 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\WESAM HASHISH\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/07 16:28:13 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/07 14:51:11 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\WESAM HASHISH\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/07 14:17:31 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/03 14:32:38 | 057,655,296 | ---- | M] () -- C:\Documents and Settings\WESAM HASHISH\Desktop\APD_407EWM.exe
[2010/09/02 17:12:40 | 094,519,280 | ---- | M] (Motorola ) -- C:\Documents and Settings\WESAM HASHISH\Desktop\MML_Installer-v1.2.1400.0.exe
[2010/09/02 16:58:00 | 053,736,448 | ---- | M] () -- C:\Documents and Settings\WESAM HASHISH\Desktop\MOTOROLA MEDIA LINK.msi
[2010/09/02 16:57:47 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\WESAM HASHISH\Desktop\1033.MST
[2010/09/01 12:15:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/01 10:18:29 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Pxavacu.dat
[2010/09/01 10:18:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Fzaqagoxutuxu.bin
[2010/08/31 13:10:40 | 000,717,530 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2010/08/31 12:36:42 | 730,416,640 | ---- | M] () -- C:\Astor_Mediterranean_dinerwarex_20100831.bak
[2010/08/31 12:27:07 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/08/30 11:48:02 | 012,402,120 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\WESAM HASHISH\Desktop\windows-kb890830-x64-v3.10.exe
[2010/08/29 14:25:56 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/29 14:25:22 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\WESAM HASHISH\Desktop\mbam-setup-1.46.exe
[2010/08/27 10:15:32 | 000,002,848 | ---- | M] () -- C:\WINDOWS\ofadozotuqolezi.dll
[2010/08/23 17:02:32 | 000,002,848 | ---- | M] () -- C:\WINDOWS\ibatucigen.dll
[2010/08/23 12:01:20 | 000,002,848 | ---- | M] () -- C:\WINDOWS\utaximib.dll
[2010/08/23 09:59:20 | 000,002,848 | ---- | M] () -- C:\WINDOWS\eturujomurarana.dll
[2010/08/22 20:20:58 | 000,002,848 | ---- | M] () -- C:\WINDOWS\ederefube.dll
[2010/08/22 19:44:37 | 000,002,848 | ---- | M] () -- C:\WINDOWS\edalafoqipof.dll
[2010/08/22 17:42:37 | 000,002,848 | ---- | M] () -- C:\WINDOWS\ipadijiba.dll
[2010/08/22 17:15:20 | 000,002,848 | ---- | M] () -- C:\WINDOWS\iwuyitam.dll
[2010/08/22 11:57:17 | 000,002,848 | ---- | M] () -- C:\WINDOWS\efiweseb.dll
[2010/08/22 11:46:17 | 000,002,848 | ---- | M] () -- C:\WINDOWS\ixegufagel.dll
[2010/08/22 11:41:16 | 000,002,848 | ---- | M] () -- C:\WINDOWS\atoneseyomebuf.dll
[2010/08/13 10:34:05 | 000,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 09:52:35 | 000,724,726 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/13 09:52:35 | 000,595,406 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/13 09:52:35 | 000,135,618 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/09 19:51:06 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sonos Desktop Controller.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/08 13:48:52 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/08 13:43:41 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/09/07 21:04:52 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/09/07 21:04:52 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/09/07 21:04:52 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/09/07 21:04:51 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/09/07 21:04:51 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/09/07 21:04:51 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/09/07 21:04:51 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/09/07 21:04:51 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/09/07 21:04:50 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/09/07 21:04:50 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/09/07 21:04:50 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/09/07 21:04:50 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/09/07 21:04:50 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/09/07 21:04:49 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/09/07 21:04:49 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/09/07 21:04:49 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/09/07 21:04:49 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/09/07 21:04:49 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/09/07 21:04:48 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/09/07 21:04:48 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/09/07 21:04:48 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/09/07 21:04:48 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/09/07 21:04:47 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/09/07 21:04:44 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/09/07 17:37:16 | 000,103,537 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2010/09/07 17:37:16 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2010/09/07 17:29:57 | 000,103,509 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2010/09/07 17:29:57 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2010/09/07 17:02:39 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\WESAM HASHISH\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/09/07 17:02:39 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2010/09/07 16:28:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/07 16:28:13 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\WESAM HASHISH\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/07 16:28:13 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/03 14:32:36 | 057,655,296 | ---- | C] () -- C:\Documents and Settings\WESAM HASHISH\Desktop\APD_407EWM.exe
[2010/09/02 16:59:30 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\WESAM HASHISH\Desktop\1033.MST
[2010/09/02 16:59:27 | 053,736,448 | ---- | C] () -- C:\Documents and Settings\WESAM HASHISH\Desktop\MOTOROLA MEDIA LINK.msi
[2010/08/31 13:01:07 | 000,717,530 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2010/08/31 12:32:47 | 730,416,640 | ---- | C] () -- C:\Astor_Mediterranean_dinerwarex_20100831.bak
[2010/08/29 16:42:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/29 14:25:56 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/28 00:08:06 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Pxavacu.dat
[2010/08/28 00:08:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fzaqagoxutuxu.bin
[2010/08/27 12:04:48 | 1306,497,024 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/27 10:15:32 | 000,002,848 | ---- | C] () -- C:\WINDOWS\ofadozotuqolezi.dll
[2010/08/23 17:02:32 | 000,002,848 | ---- | C] () -- C:\WINDOWS\ibatucigen.dll
[2010/08/23 12:01:20 | 000,002,848 | ---- | C] () -- C:\WINDOWS\utaximib.dll
[2010/08/23 09:59:20 | 000,002,848 | ---- | C] () -- C:\WINDOWS\eturujomurarana.dll
[2010/08/22 20:20:58 | 000,002,848 | ---- | C] () -- C:\WINDOWS\ederefube.dll
[2010/08/22 19:44:37 | 000,002,848 | ---- | C] () -- C:\WINDOWS\edalafoqipof.dll
[2010/08/22 17:42:36 | 000,002,848 | ---- | C] () -- C:\WINDOWS\ipadijiba.dll
[2010/08/22 17:15:20 | 000,002,848 | ---- | C] () -- C:\WINDOWS\iwuyitam.dll
[2010/08/22 11:57:17 | 000,002,848 | ---- | C] () -- C:\WINDOWS\efiweseb.dll
[2010/08/22 11:46:17 | 000,002,848 | ---- | C] () -- C:\WINDOWS\ixegufagel.dll
[2010/08/22 11:41:16 | 000,002,848 | ---- | C] () -- C:\WINDOWS\atoneseyomebuf.dll
[2008/03/30 14:29:23 | 000,000,129 | ---- | C] () -- C:\WINDOWS\autosettle.ini
[2008/03/30 14:17:12 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BatchManager.ini
[2008/02/26 14:36:41 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/02/26 14:36:40 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/02/26 14:36:04 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/02/26 14:36:04 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/02/26 14:36:02 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/02/21 16:01:41 | 000,008,919 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/01/13 16:12:29 | 000,002,344 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/12/02 00:30:28 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2007/11/25 00:19:02 | 000,000,183 | ---- | C] () -- C:\WINDOWS\TMFLogo.INI
[2007/11/23 23:51:50 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\WESAM HASHISH\Local Settings\Application Data\fusioncache.dat
[2007/11/14 19:31:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/11/14 19:07:56 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/08/09 13:08:04 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2005/11/16 12:58:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TECK.dll
[2004/08/11 19:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/07/09 16:02:18 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2003/07/09 16:01:56 | 000,843,776 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[1999/01/31 16:21:02 | 000,409,600 | ---- | C] () -- C:\WINDOWS\System32\NOVA_API.dll
[1998/06/23 10:02:16 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\cmeparse.dll
[1998/04/08 09:30:06 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\tls704d.dll
[1998/03/03 16:43:52 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\ipinplus32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

caskaid

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2009-03-06
Operating System : Windows XP

View user profile

Back to top Go down

Re: Removed Malware via malwarebytes, want to check log

Post by Belahzur on Thu 09 Sep 2010, 6:41 am

Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

combofix log

Post by caskaid on Thu 09 Sep 2010, 7:34 am

ComboFix 10-09-08.01 - WESAM HASHISH 09/08/2010 16:08:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1246.695 [GMT -4:00]
Running from: c:\documents and settings\WESAM HASHISH\Desktop\combo-fix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\WESAM HASHISH\GoToAssistDownloadHelper.exe
c:\documents and settings\WESAM HASHISH\Local Settings\Application Data\{6D486BA2-62F1-47D3-82D2-837A02570CF2}
c:\documents and settings\WESAM HASHISH\Local Settings\Application Data\{6D486BA2-62F1-47D3-82D2-837A02570CF2}\chrome.manifest
c:\documents and settings\WESAM HASHISH\Local Settings\Application Data\{6D486BA2-62F1-47D3-82D2-837A02570CF2}\chrome\content\_cfg.js
c:\documents and settings\WESAM HASHISH\Local Settings\Application Data\{6D486BA2-62F1-47D3-82D2-837A02570CF2}\chrome\content\overlay.xul
c:\documents and settings\WESAM HASHISH\Local Settings\Application Data\{6D486BA2-62F1-47D3-82D2-837A02570CF2}\install.rdf
c:\windows\atoneseyomebuf.dll
c:\windows\edalafoqipof.dll
c:\windows\ederefube.dll
c:\windows\efiweseb.dll
c:\windows\eturujomurarana.dll
c:\windows\ibatucigen.dll
c:\windows\ipadijiba.dll
c:\windows\iwuyitam.dll
c:\windows\ixegufagel.dll
c:\windows\ofadozotuqolezi.dll
c:\windows\system32\Cache
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\utaximib.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-08 to 2010-09-08 )))))))))))))))))))))))))))))))
.

2010-09-08 18:37 . 2010-09-08 18:37 125056 ----a-w- c:\windows\system32\drivers\FTDISK.SYS
2010-09-08 17:45 . 2010-09-08 18:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-08 17:45 . 2010-09-08 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-08 17:43 . 2010-09-08 17:43 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-09-08 17:27 . 2010-09-08 17:27 -------- d-----w- c:\program files\Trend Micro
2010-09-08 16:21 . 2010-09-08 16:21 -------- d-----w- C:\c5a380f1b0518d8852139004a841
2010-09-08 16:18 . 2010-09-08 16:18 -------- d-----w- C:\7c29ecfd950b29db290b5ecda5
2010-09-07 22:14 . 2006-12-07 14:45 110592 ----a-w- c:\documents and settings\WESAM HASHISH\Application Data\U3\temp\cleanup.exe
2010-09-07 21:45 . 2004-06-22 15:05 90112 ----a-w- c:\windows\system32\hpovst08.dll
2010-09-07 21:29 . 2010-09-07 21:51 103509 ----a-w- c:\windows\hpoins04.dat
2010-09-07 21:29 . 2004-06-22 15:04 17176 ------w- c:\windows\hpomdl04.dat
2010-09-07 21:29 . 2004-06-22 18:16 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2010-09-07 21:29 . 2004-06-22 18:16 180315 ----a-w- c:\windows\system32\hpzsnt10.dll
2010-09-07 21:29 . 2004-06-22 18:16 196608 ----a-w- c:\windows\system32\hpzcoi10.dll
2010-09-07 21:29 . 2004-06-22 18:16 344064 ----a-w- c:\windows\system32\hpzcon10.dll
2010-09-07 21:02 . 2010-09-08 01:16 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-09-07 21:01 . 2006-12-07 14:45 3096576 ---ha-w- c:\documents and settings\WESAM HASHISH\Application Data\U3\temp\Launchpad Removal.exe
2010-09-07 21:01 . 2010-09-08 19:54 -------- d-----w- c:\documents and settings\WESAM HASHISH\Application Data\U3
2010-09-07 20:36 . 2010-09-07 21:02 -------- d-----w- c:\documents and settings\WESAM HASHISH\Local Settings\Application Data\Thunderbird
2010-09-07 20:36 . 2010-09-07 20:36 -------- d-----w- c:\documents and settings\WESAM HASHISH\Application Data\Thunderbird
2010-09-07 20:28 . 2010-09-07 20:28 0 ----a-w- c:\windows\nsreg.dat
2010-09-07 20:28 . 2010-09-07 20:28 -------- d-----w- c:\documents and settings\WESAM HASHISH\Local Settings\Application Data\Mozilla
2010-09-07 20:23 . 2010-09-07 20:23 -------- d-sh--w- c:\documents and settings\WESAM HASHISH\IECompatCache
2010-09-07 18:44 . 2010-09-07 18:47 -------- dc-h--w- c:\windows\ie8
2010-09-03 21:44 . 2010-09-03 21:44 -------- d-----w- C:\EPSON Advanced Printer Driver
2010-09-03 01:15 . 2010-09-03 01:15 -------- d-sh--w- c:\documents and settings\WESAM HASHISH\PrivacIE
2010-09-02 21:57 . 2010-09-02 21:58 -------- d-----w- c:\program files\Bonjour
2010-09-02 21:57 . 2010-09-02 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-09-02 21:56 . 2010-09-02 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\PrinterShare
2010-09-02 21:56 . 2010-09-02 21:56 -------- d-----w- c:\program files\PrinterShare
2010-09-02 20:58 . 2010-09-02 21:13 -------- d-----w- c:\documents and settings\WESAM HASHISH\Local Settings\Application Data\Downloaded Installations
2010-09-01 16:15 . 2010-09-01 16:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-08-31 16:27 . 2010-06-02 20:06 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-08-31 16:27 . 2010-06-02 20:06 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-08-31 16:27 . 2010-06-02 20:06 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-08-31 16:27 . 2010-01-27 16:22 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2010-08-31 16:27 . 2010-06-02 20:06 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-08-31 16:21 . 2010-08-31 16:25 -------- d-----w- c:\documents and settings\WESAM HASHISH\Local Settings\Application Data\Deployment
2010-08-31 15:50 . 2010-08-31 15:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-30 02:56 . 2010-08-30 02:56 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-08-30 02:46 . 2010-08-30 02:46 -------- d-sh--w- c:\documents and settings\WESAM HASHISH\IETldCache
2010-08-30 02:35 . 2010-08-30 02:35 503808 ----a-w- c:\documents and settings\WESAM HASHISH\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-544f27fb-n\msvcp71.dll
2010-08-30 02:35 . 2010-08-30 02:35 499712 ----a-w- c:\documents and settings\WESAM HASHISH\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-544f27fb-n\jmc.dll
2010-08-30 02:35 . 2010-08-30 02:35 348160 ----a-w- c:\documents and settings\WESAM HASHISH\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-544f27fb-n\msvcr71.dll
2010-08-30 02:35 . 2010-08-30 02:35 12800 ----a-w- c:\documents and settings\WESAM HASHISH\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7194bc56-n\decora-d3d.dll
2010-08-30 02:35 . 2010-08-30 02:35 61440 ----a-w- c:\documents and settings\WESAM HASHISH\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7194bc56-n\decora-sse.dll
2010-08-30 02:33 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-29 20:42 . 2010-09-01 16:15 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-29 18:26 . 2010-08-29 18:26 -------- d-----w- c:\documents and settings\WESAM HASHISH\Application Data\Malwarebytes
2010-08-29 18:25 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 18:25 . 2010-08-29 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-29 18:25 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-29 18:25 . 2010-08-29 18:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-28 04:08 . 2010-09-01 14:18 120 ----a-w- c:\windows\Pxavacu.dat
2010-08-28 04:08 . 2010-09-01 14:18 0 ----a-w- c:\windows\Fzaqagoxutuxu.bin
2010-08-27 17:24 . 2010-08-27 17:24 -------- d-----w- c:\documents and settings\WESAM HASHISH\Local Settings\Application Data\Threat Expert
2010-08-27 15:12 . 2010-09-08 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-08-27 15:12 . 2010-09-08 17:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-22 15:38 . 2010-08-27 15:54 -------- d-----w- c:\documents and settings\WESAM HASHISH\Local Settings\Application Data\wrvgbyvpj

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 18:39 . 2008-03-03 18:02 -------- d-----w- c:\program files\Dinerware 2.8
2010-09-08 18:39 . 2007-12-02 04:33 -------- d-----w- c:\program files\Active-Charge
2010-09-08 14:03 . 2008-01-24 18:12 -------- d-----w- c:\program files\LogMeIn
2010-09-08 03:21 . 2007-11-14 23:29 -------- d-----w- c:\program files\Google
2010-09-07 01:17 . 2007-12-14 02:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-07 01:13 . 2007-12-14 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-09-06 19:13 . 2007-11-14 23:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-03 18:39 . 2007-11-24 04:20 -------- d-----w- c:\program files\EPSON
2010-08-30 02:37 . 2007-11-14 23:22 -------- d-----w- c:\program files\Common Files\Java
2010-08-30 02:33 . 2007-11-14 23:22 -------- d-----w- c:\program files\Java
2010-08-09 23:51 . 2007-12-16 15:20 -------- d-----w- c:\program files\Sonos
2010-06-30 12:31 . 2004-08-11 23:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 18:57 . 2010-06-24 18:57 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb2EB.tmp.exe
2010-06-23 13:44 . 2004-08-11 23:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-11 23:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-11 23:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-11 23:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-11 23:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PrinterShare"="c:\program files\PrinterShare\paConsole.exe" [2010-07-28 1107456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\WESAM HASHISH\Start Menu\Programs\Startup\
PCCharge Payment Server.lnk - c:\program files\Active-Charge\Active-Charge.Exe [2007-12-2 17035264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dinerware 2.8 Brain.lnk - c:\program files\Dinerware 2.8\Brain.exe [2007-8-31 2606304]
Dinerware 2.8 Workstation.lnk - c:\program files\Dinerware 2.8\Workstation.exe [2007-8-31 3286240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-02 20:06 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dinerware 2.8\\Brain.exe"=
"c:\\Program Files\\Sonos\\sonos.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Active-Charge\\Active-Charge.Exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\PrinterShare\\paConsole.exe"=

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [11/14/2007 7:08 PM 3456]
R1 oxmep;OXPCI support driver;c:\windows\system32\drivers\oxmep.sys [12/3/2007 8:52 PM 4224]
R1 oxmf;OXPCI Bus enumerator;c:\windows\system32\drivers\oxmf.sys [12/3/2007 8:51 PM 16384]
R1 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [12/3/2007 8:51 PM 50944]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/27/2010 12:22 PM 12856]
R3 NmPar;Unusable Parallel Port;c:\windows\system32\drivers\NmPar.sys [12/24/2008 6:40 AM 80256]
R3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [12/16/2008 7:10 AM 70016]
R3 Oxmfuf;Filter driver for OX16PCI95x ports;c:\windows\system32\drivers\oxmfuf.sys [12/3/2007 8:51 PM 4992]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S0 uashlb;uashlb;c:\windows\system32\drivers\enkpp.sys --> c:\windows\system32\drivers\enkpp.sys [?]
S3 elomoufiltr;ELO TouchSystems-SRV2;c:\windows\system32\drivers\elofiltr.sys [11/23/2007 11:57 PM 28160]
S3 EloUsb;ELO TouchSystems-SRV;c:\windows\system32\drivers\EloUsb.Sys [11/23/2007 11:57 PM 66048]
S3 LCILD;LCI USB Line Display Device driver;c:\windows\system32\drivers\LCILD.sys [11/24/2007 1:17 AM 27136]
S3 MagEpNt;MagEpNt;c:\windows\system32\drivers\magepnt.sys [12/2/2007 12:33 AM 26304]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-09-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = ;*.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\WESAM HASHISH\Application Data\Mozilla\Firefox\Profiles\acfuetq8.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-EloTouchscreen - c:\program files\elotouchsystems\EloSetup
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-08 16:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2010-09-08 16:31:34
ComboFix-quarantined-files.txt 2010-09-08 20:31

Pre-Run: 51,286,331,392 bytes free
Post-Run: 51,932,049,408 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 343E33EF96B50A09CD666B9FA55703DE

caskaid

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2009-03-06
Operating System : Windows XP

View user profile

Back to top Go down

Re: Removed Malware via malwarebytes, want to check log

Post by caskaid on Thu 09 Sep 2010, 8:37 am

Please let me know if there's other programs I have to run. Thanks.

caskaid

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2009-03-06
Operating System : Windows XP

View user profile

Back to top Go down

Re: Removed Malware via malwarebytes, want to check log

Post by Belahzur on Thu 09 Sep 2010, 10:18 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    File::
    c:\windows\Pxavacu.dat
    c:\windows\Fzaqagoxutuxu.bin

    Folder::
    c:\documents and settings\WESAM HASHISH\Local Settings\Application Data\wrvgbyvpj

    Driver::
    uashlb
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

combofix second log

Post by caskaid on Fri 10 Sep 2010, 3:56 am

ComboFix 10-09-08.01 - WESAM HASHISH 09/09/2010 12:30:07.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1246.368 [GMT -4:00]
Running from: F:\ComboFix.exe
Command switches used :: c:\documents and settings\WESAM HASHISH\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\windows\Fzaqagoxutuxu.bin"
"c:\windows\Pxavacu.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\WESAM HASHISH\Local Settings\Application Data\wrvgbyvpj
c:\windows\Fzaqagoxutuxu.bin
c:\windows\Pxavacu.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_uashlb


((((((((((((((((((((((((( Files Created from 2010-08-09 to 2010-09-09 )))))))))))))))))))))))))))))))
.

2010-09-08 18:37 . 2010-09-08 18:37 125056 ----a-w- c:\windows\system32\drivers\FTDISK.SYS
2010-09-08 17:45 . 2010-09-08 18:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-08 17:45 . 2010-09-08 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-08 17:43 . 2010-09-08 17:43 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-09-08 17:27 . 2010-09-08 17:27 -------- d-----w- c:\program files\Trend Micro
2010-09-08 16:21 . 2010-09-08 16:21 -------- d-----w- C:\c5a380f1b0518d8852139004a841
2010-09-08 16:18 . 2010-09-08 16:18 -------- d-----w- C:\7c29ecfd950b29db290b5ecda5
2010-09-07 22:14 . 2006-12-07 14:45 110592 ----a-w- c:\documents and settings\WESAM HASHISH\Application Data\U3\temp\cleanup.exe
2010-09-07 21:45 . 2004-06-22 15:05 90112 ----a-w- c:\windows\system32\hpovst08.dll
2010-09-07 21:29 . 2010-09-07 21:51 103509 ----a-w- c:\windows\hpoins04.dat
2010-09-07 21:29 . 2004-06-22 15:04 17176 ------w- c:\windows\hpomdl04.dat
2010-09-07 21:29 . 2004-06-22 18:16 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2010-09-07 21:29 . 2004-06-22 18:16 180315 ----a-w- c:\windows\system32\hpzsnt10.dll
2010-09-07 21:29 . 2004-06-22 18:16 196608 ----a-w- c:\windows\system32\hpzcoi10.dll
2010-09-07 21:29 . 2004-06-22 18:16 344064 ----a-w- c:\windows\system32\hpzcon10.dll
2010-09-07 21:02 . 2010-09-08 22:29 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-09-07 21:01 . 2006-12-07 14:45 3096576 ---ha-w- c:\documents and settings\WESAM HASHISH\Application Data\U3\temp\Launchpad Removal.exe
2010-09-07 21:01 . 2010-09-08 20:34 -------- d-----w- c:\documents and settings\WESAM HASHISH\Application Data\U3
2010-09-07 20:36 . 2010-09-07 21:02 -------- d-----w- c:\documents and settings\WESAM HASHISH\Local Settings\Application Data\Thunderbird
2010-09-07 20:36 . 2010-09-07 20:36 -------- d-----w- c:\documents and settings\WESAM HASHISH\Application Data\Thunderbird
2010-09-07 20:28 . 2010-09-07 20:28 0 ----a-w- c:\windows\nsreg.dat
2010-09-07 20:28 . 2010-09-07 20:28 -------- d-----w- c:\documents and settings\WESAM HASHISH\Local Settings\Application Data\Mozilla
2010-09-07 20:23 . 2010-09-07 20:23 -------- d-sh--w- c:\documents and settings\WESAM HASHISH\IECompatCache
2010-09-07 18:44 . 2010-09-07 18:47 -------- dc-h--w- c:\windows\ie8
2010-09-03 21:44 . 2010-09-03 21:44 -------- d-----w- C:\EPSON Advanced Printer Driver
2010-09-03 01:15 . 2010-09-03 01:15 -------- d-sh--w- c:\documents and settings\WESAM HASHISH\PrivacIE
2010-09-02 21:57 . 2010-09-02 21:58 -------- d-----w- c:\program files\Bonjour
2010-09-02 21:57 . 2010-09-02 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-09-02 21:56 . 2010-09-02 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\PrinterShare
2010-09-02 21:56 . 2010-09-02 21:56 -------- d-----w- c:\program files\PrinterShare
2010-09-02 20:58 . 2010-09-02 21:13 -------- d-----w- c:\documents and settings\WESAM HASHISH\Local Settings\Application Data\Downloaded Installations
2010-09-01 16:15 . 2010-09-01 16:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-08-31 16:27 . 2010-06-02 20:06 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-08-31 16:27 . 2010-06-02 20:06 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-08-31 16:27 . 2010-06-02 20:06 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-08-31 16:27 . 2010-01-27 16:22 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2010-08-31 16:27 . 2010-06-02 20:06 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-08-31 16:21 . 2010-08-31 16:25 -------- d-----w- c:\documents and settings\WESAM HASHISH\Local Settings\Application Data\Deployment
2010-08-31 15:50 . 2010-08-31 15:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-30 02:56 . 2010-08-30 02:56 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-08-30 02:46 . 2010-08-30 02:46 -------- d-sh--w- c:\documents and settings\WESAM HASHISH\IETldCache
2010-08-30 02:35 . 2010-08-30 02:35 503808 ----a-w- c:\documents and settings\WESAM HASHISH\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-544f27fb-n\msvcp71.dll
2010-08-30 02:35 . 2010-08-30 02:35 499712 ----a-w- c:\documents and settings\WESAM HASHISH\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-544f27fb-n\jmc.dll
2010-08-30 02:35 . 2010-08-30 02:35 348160 ----a-w- c:\documents and settings\WESAM HASHISH\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-544f27fb-n\msvcr71.dll
2010-08-30 02:35 . 2010-08-30 02:35 12800 ----a-w- c:\documents and settings\WESAM HASHISH\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7194bc56-n\decora-d3d.dll
2010-08-30 02:35 . 2010-08-30 02:35 61440 ----a-w- c:\documents and settings\WESAM HASHISH\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7194bc56-n\decora-sse.dll
2010-08-30 02:33 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-29 20:42 . 2010-09-01 16:15 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-29 18:26 . 2010-08-29 18:26 -------- d-----w- c:\documents and settings\WESAM HASHISH\Application Data\Malwarebytes
2010-08-29 18:25 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 18:25 . 2010-08-29 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-29 18:25 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-29 18:25 . 2010-08-29 18:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-27 17:24 . 2010-08-27 17:24 -------- d-----w- c:\documents and settings\WESAM HASHISH\Local Settings\Application Data\Threat Expert
2010-08-27 15:12 . 2010-09-08 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-08-27 15:12 . 2010-09-08 17:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 16:37 . 2008-03-03 18:02 -------- d-----w- c:\program files\Dinerware 2.8
2010-09-09 16:37 . 2007-12-02 04:33 -------- d-----w- c:\program files\Active-Charge
2010-09-09 04:06 . 2008-01-24 18:12 -------- d-----w- c:\program files\LogMeIn
2010-09-09 03:43 . 2007-11-14 23:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-08 03:21 . 2007-11-14 23:29 -------- d-----w- c:\program files\Google
2010-09-07 01:17 . 2007-12-14 02:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-07 01:13 . 2007-12-14 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-09-03 18:39 . 2007-11-24 04:20 -------- d-----w- c:\program files\EPSON
2010-08-30 02:37 . 2007-11-14 23:22 -------- d-----w- c:\program files\Common Files\Java
2010-08-30 02:33 . 2007-11-14 23:22 -------- d-----w- c:\program files\Java
2010-08-09 23:51 . 2007-12-16 15:20 -------- d-----w- c:\program files\Sonos
2010-06-30 12:31 . 2004-08-11 23:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 18:57 . 2010-06-24 18:57 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb2EB.tmp.exe
2010-06-23 13:44 . 2004-08-11 23:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-11 23:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-11 23:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-11 23:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-11 23:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PrinterShare"="c:\program files\PrinterShare\paConsole.exe" [2010-07-28 1107456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\WESAM HASHISH\Start Menu\Programs\Startup\
PCCharge Payment Server.lnk - c:\program files\Active-Charge\Active-Charge.Exe [2007-12-2 17035264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dinerware 2.8 Brain.lnk - c:\program files\Dinerware 2.8\Brain.exe [2007-8-31 2606304]
Dinerware 2.8 Workstation.lnk - c:\program files\Dinerware 2.8\Workstation.exe [2007-8-31 3286240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-02 20:06 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dinerware 2.8\\Brain.exe"=
"c:\\Program Files\\Sonos\\sonos.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Active-Charge\\Active-Charge.Exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\PrinterShare\\paConsole.exe"=

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [11/14/2007 7:08 PM 3456]
R1 oxmep;OXPCI support driver;c:\windows\system32\drivers\oxmep.sys [12/3/2007 8:52 PM 4224]
R1 oxmf;OXPCI Bus enumerator;c:\windows\system32\drivers\oxmf.sys [12/3/2007 8:51 PM 16384]
R1 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [12/3/2007 8:51 PM 50944]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/27/2010 12:22 PM 12856]
R3 elomoufiltr;ELO TouchSystems-SRV2;c:\windows\system32\drivers\elofiltr.sys [11/23/2007 11:57 PM 28160]
R3 EloUsb;ELO TouchSystems-SRV;c:\windows\system32\drivers\EloUsb.Sys [11/23/2007 11:57 PM 66048]
R3 NmPar;Unusable Parallel Port;c:\windows\system32\drivers\NmPar.sys [12/24/2008 6:40 AM 80256]
R3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [12/16/2008 7:10 AM 70016]
R3 Oxmfuf;Filter driver for OX16PCI95x ports;c:\windows\system32\drivers\oxmfuf.sys [12/3/2007 8:51 PM 4992]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 LCILD;LCI USB Line Display Device driver;c:\windows\system32\drivers\LCILD.sys [11/24/2007 1:17 AM 27136]
S3 MagEpNt;MagEpNt;c:\windows\system32\drivers\magepnt.sys [12/2/2007 12:33 AM 26304]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-09-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = ;*.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\WESAM HASHISH\Application Data\Mozilla\Firefox\Profiles\acfuetq8.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-09 12:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(2880)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\EloSrvce.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\EloDkMon.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Completion time: 2010-09-09 12:41:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-09 16:41
ComboFix2.txt 2010-09-08 20:31

Pre-Run: 51,413,663,744 bytes free
Post-Run: 51,450,445,824 bytes free

- - End Of File - - ADAA7F0B5373838C9799C967D9FAA4D0

caskaid

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2009-03-06
Operating System : Windows XP

View user profile

Back to top Go down

Re: Removed Malware via malwarebytes, want to check log

Post by Belahzur on Sat 11 Sep 2010, 11:39 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removed Malware via malwarebytes, want to check log

Post by Sponsored content Today at 12:43 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum