Internet Explorer Script Error and ui.mevio.com virus??

by furyofdawolfx on Wed 20 Apr 2011, 2:13 am

Hello everyone,

I recently got the windows recovery virus but managed to clean it up manually (in my dell inspiron laptop). I thought everything was safe, but an "Internet Explorer Script Error" keeps popping up saying that "an error has occurred in the script on this page." and gives the URL: [You must be registered and logged in to see this link.] and other random mevio links, like ww.mevio.com/channels/.....

Also, when I go to certain websites (like this one), I am directed to other websites. I did a scan with malwarebytes recently and managed to detect and ret rid of a few things. As of right now, Malwarebytes and Spybot does not detect anything. Here are my logs:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:32:16 AM, on 4/19/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\Explorer.EXE
C:\WINDOWS2\system32\rundll32.exe
C:\WINDOWS2\system32\RUNDLL32.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS2\OEM02Mon.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS2\system32\nvsvc32.exe
C:\WINDOWS2\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS2\system32\wscntfy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
From Jijack this:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS2\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS2\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS2\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS2\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS2\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS2\OEM02Mon.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [DLADiag] C:\WINDOWS2\DLADiag.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS2\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS2\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\system32\nvsvc32.exe
O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\WINDOWS2\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)

--
End of file - 6556 bytes

and just in case you want to see it, here are my logs from Malwarebytes earlier when I was able to detect infected areas:
Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702

4/17/2011 7:30:07 PM
mbam-log-2011-04-17 (19-30-07).txt

Scan type: Full Scan (C:\|)
Objects scanned: 255238
Time elapsed: 2 hour(s), 35 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

4/19/2011 12:24:16 AM
mbam-log-2011-04-19 (00-24-16).txt

Scan type: Quick scan
Objects scanned: 152783
Time elapsed: 10 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\antonio\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\antonio\Local Settings\Temp\ip5uen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\antonio\Local Settings\Temp\ffbkr.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\antonio\Local Settings\Temp\a8g19648.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Thanks

by furyofdawolfx on Wed 20 Apr 2011, 2:14 am

the link I am redirected to when going to GeekPolice is "autoelectric.us/

by **Belahzur** on Wed 20 Apr 2011, 6:56 am

Hello.

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

by furyofdawolfx on Wed 20 Apr 2011, 7:44 am

OTL logfile created on: 4/19/2011 4:10:30 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 642.00 Mb Available Physical Memory | 63.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS2 | %ProgramFiles% = C:\Program Files
Drive C: | 105.97 Gb Total Space | 13.41 Gb Free Space | 12.66% Space Free | Partition Type: NTFS

Computer Name: ANTONIO-LAPTOP | User Name: Antonio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/19 16:08:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\OTL.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/07/03 14:57:38 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/05/10 01:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS2\OEM02Mon.exe
PRC - [2007/04/16 16:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2004/08/03 18:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/04/19 16:08:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\OTL.exe
MOD - [2004/08/03 18:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)

========== Driver Services (SafeList) ==========

DRV - [2007/10/11 01:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/12 20:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/07/16 22:26:46 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/07/16 22:26:46 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/07/16 22:26:46 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/07/10 16:22:22 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS2\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/10 16:22:20 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS2\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/10 16:22:18 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS2\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/06/08 01:00:02 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\OEM02Afx.sys -- (OEM02Afx)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/05 18:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/21 04:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/18 15:17:40 | 000,033,592 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\WINDOWS2\system32\drivers\DLADHK_M.SYS -- (DLADHK_M)
DRV - [2006/08/11 12:35:20 | 000,013,688 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS2\system32\drivers\DLADiagM.SYS -- (DLADiagM)
DRV - [2006/08/11 12:35:18 | 000,030,744 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS2\system32\drivers\DLAPMonM.SYS -- (DLAPMonM)
DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS2\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS2\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS2\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[2011/04/19 00:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS2\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DLADiag] File not found
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS2\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS2\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS2\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS2\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS2\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS2\System32\nwiz.exe ()
O4 - HKLM..\Run: [OEM02Mon.exe] C:\WINDOWS2\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS2\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS2\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS2\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/03 18:56:48 | 000,588,800 | RH-- | M] (Microsoft Corporation) - C:\AUTOCHK.EXE -- [ NTFS ]
O32 - AutoRun File - [2004/08/03 18:56:48 | 000,188,711 | RH-- | M] () - C:\AUTOCONV.EX_ -- [ NTFS ]
O32 - AutoRun File - [2001/08/23 08:00:00 | 000,029,413 | RH-- | M] () - C:\AUTODISC.DL_ -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | RH-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/08/23 08:00:00 | 000,000,860 | RH-- | M] () - C:\AUTOEXEC.NT_ -- [ NTFS ]
O32 - AutoRun File - [2004/08/03 18:56:48 | 000,580,608 | RH-- | M] (Microsoft Corporation) - C:\AUTOFMT.EXE -- [ NTFS ]
O32 - AutoRun File - [2004/08/03 18:56:48 | 000,005,630 | RH-- | M] () - C:\AUTOLFN.EX_ -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/19 16:09:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\OTL.exe
[2011/04/18 02:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Recent
[2011/04/17 21:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Application Data\U3
[3 C:\WINDOWS2\*.tmp files -> C:\WINDOWS2\*.tmp -> ]
[1 C:\WINDOWS2\System32\*.tmp files -> C:\WINDOWS2\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/19 16:11:04 | 000,392,332 | ---- | M] () -- C:\WINDOWS2\System32\perfh009.dat
[2011/04/19 16:11:04 | 000,058,866 | ---- | M] () -- C:\WINDOWS2\System32\perfc009.dat
[2011/04/19 16:09:50 | 000,028,029 | ---- | M] () -- C:\WINDOWS2\System32\nvModes.001
[2011/04/19 16:08:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\OTL.exe
[2011/04/19 16:06:27 | 000,169,472 | ---- | M] () -- C:\WINDOWS2\System32\nvapps.xml
[2011/04/19 16:06:25 | 000,000,884 | ---- | M] () -- C:\WINDOWS2\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/19 16:06:22 | 000,002,048 | ---- | M] () -- C:\WINDOWS2\bootstat.dat
[2011/04/19 13:48:05 | 000,000,888 | ---- | M] () -- C:\WINDOWS2\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/19 13:31:01 | 000,001,406 | -HS- | M] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\a27kergolj662qtpkf4m1urlv21e5m4i5l4ibv
[2011/04/19 13:31:01 | 000,001,406 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\a27kergolj662qtpkf4m1urlv21e5m4i5l4ibv
[2011/04/19 10:32:03 | 000,002,475 | ---- | M] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\HiJackThis.lnk
[2011/04/18 23:55:47 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\Adobe Reader X.lnk
[2011/04/18 21:12:35 | 000,000,405 | RH-- | M] () -- C:\boot.ini
[2011/04/17 21:12:22 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\iExplore.exe
[2011/04/17 16:47:22 | 000,000,328 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\18145076
[2011/04/17 02:41:56 | 000,159,744 | ---- | M] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/14 20:07:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS2\System32\wpa.dbl
[2011/04/03 23:08:49 | 000,002,139 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\iTunes.lnk
[3 C:\WINDOWS2\*.tmp files -> C:\WINDOWS2\*.tmp -> ]
[1 C:\WINDOWS2\System32\*.tmp files -> C:\WINDOWS2\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/19 13:30:54 | 000,001,406 | -HS- | C] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\a27kergolj662qtpkf4m1urlv21e5m4i5l4ibv
[2011/04/19 13:30:54 | 000,001,406 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\a27kergolj662qtpkf4m1urlv21e5m4i5l4ibv
[2011/04/17 21:17:35 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\iExplore.exe
[2011/04/17 16:47:22 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\18145076
[2010/10/17 01:05:33 | 000,014,976 | ---- | C] () -- C:\WINDOWS2\System32\drivers\SBKUPNT.SYS
[2010/10/17 01:05:33 | 000,013,312 | ---- | C] () -- C:\WINDOWS2\System32\DEVLOAD.EXE
[2010/10/17 01:05:31 | 000,000,543 | ---- | C] () -- C:\WINDOWS2\SWISV3.INI
[2010/10/17 01:05:20 | 000,000,288 | ---- | C] () -- C:\WINDOWS2\SKNIFE.INI
[2010/10/17 01:04:45 | 000,002,799 | ---- | C] () -- C:\WINDOWS2\SKLANG.INI
[2010/10/03 00:07:04 | 000,000,042 | ---- | C] () -- C:\WINDOWS2\wininit.ini
[2010/10/02 23:57:23 | 000,198,144 | ---- | C] () -- C:\WINDOWS2\System32\_psisdecd.dll
[2010/10/02 14:47:05 | 000,000,076 | ---- | C] () -- C:\WINDOWS2\CT4CET.bin
[2010/09/28 19:58:52 | 000,001,917 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\LUInstall.LiveUpdate
[2010/09/26 19:28:10 | 000,000,379 | ---- | C] () -- C:\WINDOWS2\ODBC.INI
[2010/09/26 10:43:09 | 000,159,744 | ---- | C] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/26 10:11:30 | 000,028,029 | ---- | C] () -- C:\WINDOWS2\System32\nvModes.dat
[2010/09/26 09:51:40 | 001,626,112 | ---- | C] () -- C:\WINDOWS2\System32\nwiz.exe
[2010/09/26 09:51:39 | 001,703,936 | ---- | C] () -- C:\WINDOWS2\System32\nvwdmcpl.dll
[2010/09/26 09:51:39 | 001,019,904 | ---- | C] () -- C:\WINDOWS2\System32\nvwimg.dll
[2010/09/26 09:51:37 | 000,466,944 | ---- | C] () -- C:\WINDOWS2\System32\nvshell.dll
[2010/09/26 09:51:35 | 001,482,752 | ---- | C] () -- C:\WINDOWS2\System32\nview.dll
[2010/09/26 09:51:34 | 001,339,392 | ---- | C] () -- C:\WINDOWS2\System32\nvdspsch.exe
[2010/09/26 09:51:28 | 000,442,368 | ---- | C] () -- C:\WINDOWS2\System32\nvappbar.exe
[2010/09/26 09:51:26 | 000,425,984 | ---- | C] () -- C:\WINDOWS2\System32\keystone.exe
[2010/09/19 22:47:22 | 000,002,048 | ---- | C] () -- C:\WINDOWS2\bootstat.dat
[2010/09/19 22:20:23 | 000,021,640 | ---- | C] () -- C:\WINDOWS2\System32\emptyregdb.dat
[2010/09/19 16:30:26 | 000,004,205 | ---- | C] () -- C:\WINDOWS2\ODBCINST.INI
[2010/09/19 16:26:57 | 000,244,720 | ---- | C] () -- C:\WINDOWS2\System32\FNTCACHE.DAT
[2010/05/24 15:33:00 | 001,529,856 | ---- | C] () -- C:\WINDOWS2\System32\ff_samplerate.dll
[2010/05/24 15:33:00 | 001,447,921 | ---- | C] () -- C:\WINDOWS2\System32\ffmpegmt.dll
[2010/05/24 15:33:00 | 000,810,113 | ---- | C] () -- C:\WINDOWS2\System32\xvidcore.dll
[2010/05/24 15:33:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS2\System32\ff_libfaad2.dll
[2010/05/24 15:33:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS2\System32\TomsMoComp_ff.dll
[2010/05/24 15:33:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS2\System32\ff_kernelDeint.dll
[2010/05/24 15:33:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS2\System32\ff_libdts.dll
[2010/05/24 15:33:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS2\System32\ff_libmad.dll
[2010/05/24 15:33:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS2\System32\libmpeg2_ff.dll
[2010/05/24 15:33:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS2\System32\ff_liba52.dll
[2010/05/24 15:33:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS2\System32\ff_tremor.dll
[2010/05/24 15:33:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS2\System32\ff_unrar.dll
[2010/05/19 16:59:20 | 000,150,528 | ---- | C] () -- C:\WINDOWS2\System32\mkx.dll
[2010/05/19 16:59:10 | 000,109,568 | ---- | C] () -- C:\WINDOWS2\System32\avi.dll
[2010/05/19 16:59:02 | 000,141,824 | ---- | C] () -- C:\WINDOWS2\System32\mp4.dll
[2010/05/19 16:58:52 | 000,123,392 | ---- | C] () -- C:\WINDOWS2\System32\ogm.dll
[2010/05/19 16:58:24 | 000,113,152 | ---- | C] () -- C:\WINDOWS2\System32\dsmux.exe
[2010/05/19 16:58:18 | 000,154,112 | ---- | C] () -- C:\WINDOWS2\System32\ts.dll
[2010/05/19 16:58:08 | 000,249,856 | ---- | C] () -- C:\WINDOWS2\System32\dxr.dll
[2010/05/19 16:57:42 | 000,097,792 | ---- | C] () -- C:\WINDOWS2\System32\avs.dll
[2010/05/19 16:57:38 | 000,137,728 | ---- | C] () -- C:\WINDOWS2\System32\mkv2vfr.exe
[2010/05/19 16:57:26 | 000,093,184 | ---- | C] () -- C:\WINDOWS2\System32\avss.dll
[2010/05/19 16:57:20 | 000,358,400 | ---- | C] () -- C:\WINDOWS2\System32\gdsmux.exe
[2010/05/19 16:55:40 | 000,080,384 | ---- | C] () -- C:\WINDOWS2\System32\mkzlib.dll
[2010/05/19 16:55:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS2\System32\mkunicode.dll
[2009/08/11 17:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS2\System32\ac3config.exe
[2009/06/07 12:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS2\System32\xvidvfw.dll
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS2\System32\mmfinfo.dll
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS2\System32\qt-dx331.dll
[2007/12/20 03:16:30 | 000,016,480 | ---- | C] () -- C:\WINDOWS2\System32\rixdicon.dll
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS2\System32\Registration.ini
[2006/11/02 12:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS2\System32\sherlock2.exe
[2004/08/03 19:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS2\System32\Dcache.bin
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS2\System32\secupd.dat
[2004/07/17 05:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS2\System32\drivers\secdrv.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS2\System32\OUTLPERF.INI
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS2\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS2\System32\mlang.dat
[2001/08/23 08:00:00 | 000,392,332 | ---- | C] () -- C:\WINDOWS2\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS2\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS2\System32\dssec.dat
[2001/08/23 08:00:00 | 000,058,866 | ---- | C] () -- C:\WINDOWS2\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS2\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS2\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS2\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS2\System32\noise.dat

< End of report >

by furyofdawolfx on Wed 20 Apr 2011, 7:44 am

OTL Extras logfile created on: 4/19/2011 4:10:30 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 642.00 Mb Available Physical Memory | 63.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS2 | %ProgramFiles% = C:\Program Files
Drive C: | 105.97 Gb Total Space | 13.41 Gb Free Space | 12.66% Space Free | Partition Type: NTFS

Computer Name: ANTONIO-LAPTOP | User Name: Antonio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"CompuApps SwissKnife V3" = CompuApps SwissKnife V3
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"FrostWire" = FrostWire 4.21.1
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.6
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"NVIDIA Drivers" = NVIDIA Drivers
"WIC" = Windows Imaging Component
"wxdevcpp" = wxDev-C++ Web-based Installer
"XP Codec Pack" = XP Codec Pack
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/1/2011 10:39:15 PM | Computer Name = ANTONIO-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/5/2011 12:13:15 AM | Computer Name = ANTONIO-LAPTOP | Source = Bonjour Service | ID = 100
Description = 224: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/9/2011 1:06:05 PM | Computer Name = ANTONIO-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10k.ocx, version 10.1.85.3, fault address 0x000e5652.

Error - 1/9/2011 11:16:20 PM | Computer Name = ANTONIO-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 11.0.5604.0, faulting module
winword.exe, version 11.0.5604.0, fault address 0x001951a9.

Error - 1/13/2011 1:39:21 PM | Computer Name = ANTONIO-LAPTOP | Source = Bonjour Service | ID = 100
Description = 240: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/14/2011 12:57:09 AM | Computer Name = ANTONIO-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/14/2011 12:57:28 AM | Computer Name = ANTONIO-LAPTOP | Source = Bonjour Service | ID = 100
Description = 244: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/17/2011 12:52:33 AM | Computer Name = ANTONIO-LAPTOP | Source = Bonjour Service | ID = 100
Description = 244: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/21/2011 9:25:25 PM | Computer Name = ANTONIO-LAPTOP | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.21:5353 25 21.0.168.192.in-addr.arpa.
PTR Jerrick-Es-iPhone.local.

Error - 1/21/2011 9:25:25 PM | Computer Name = ANTONIO-LAPTOP | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 22 21.0.168.192.in-addr.arpa.
PTR antonio-laptop.local.

[ System Events ]
Error - 4/18/2011 2:44:52 AM | Computer Name = ANTONIO-LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/18/2011 2:45:16 AM | Computer Name = ANTONIO-LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/18/2011 2:47:53 AM | Computer Name = ANTONIO-LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/18/2011 2:48:43 AM | Computer Name = ANTONIO-LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/18/2011 2:50:46 AM | Computer Name = ANTONIO-LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/18/2011 2:50:52 AM | Computer Name = ANTONIO-LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/18/2011 3:13:58 AM | Computer Name = ANTONIO-LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/18/2011 3:14:52 AM | Computer Name = ANTONIO-LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/18/2011 3:21:10 AM | Computer Name = ANTONIO-LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/19/2011 4:11:36 PM | Computer Name = ANTONIO-LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

< End of report >

by **Belahzur** on Thu 21 Apr 2011, 8:37 am

Hello.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
[2011/04/19 13:30:54 | 000,001,406 | -HS- | C] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\a27kergolj662qtpkf4m1urlv21e5m4i5l4ibv
[2011/04/19 13:30:54 | 000,001,406 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\a27kergolj662qtpkf4m1urlv21e5m4i5l4ibv
[2011/04/17 16:47:22 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\18145076

:commands
[emptytemp]
[reboot]
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

by furyofdawolfx on Thu 21 Apr 2011, 12:23 pm

All processes killed
========== OTL ==========
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\a27kergolj662qtpkf4m1urlv21e5m4i5l4ibv moved successfully.
C:\Documents and Settings\All Users.WINDOWS2\Application Data\a27kergolj662qtpkf4m1urlv21e5m4i5l4ibv moved successfully.
C:\Documents and Settings\All Users.WINDOWS2\Application Data\18145076 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: All Users.WINDOWS2

User: antonio
->Temp folder emptied: 280365030 bytes
->Temporary Internet Files folder emptied: 17101270 bytes
->Java cache emptied: 4719087 bytes
->Flash cache emptied: 467316 bytes

User: Antonio.ANTONIO-LAPTOP
->Temp folder emptied: 409486 bytes
->Temporary Internet Files folder emptied: 57509628 bytes
->Java cache emptied: 950123 bytes
->Flash cache emptied: 206397 bytes

User: ANTONI~1~ANT

User: Default User
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56504 bytes

User: Default User.WINDOWS2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 10405076 bytes
->Flash cache emptied: 861 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 38888184 bytes
->Flash cache emptied: 3811 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 394.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04202011_210758

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Also, a notepad document keeps popping out with this:

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787

Initially 2 of them came poped out but I was able to get rid of 1 by following instructions from this link: [You must be registered and logged in to see this link.]
Hope I can get rid of this.

by furyofdawolfx on Thu 21 Apr 2011, 1:24 pm

not sure if the last message was sent, but I got rid of the:

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787

but going to websites like this (with malware removal guides)in my laptop, still redirects me to other websites like flores.com or something random.

by **Belahzur** on Fri 22 Apr 2011, 6:45 am

Hello.

Download combofix from here
Link 1

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

by furyofdawolfx on Fri 22 Apr 2011, 2:37 pm

ComboFix 11-04-21.02 - Antonio 04/21/2011 23:20:45.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.777 [GMT -4:00]
Running from: c:\documents and settings\Antonio.ANTONIO-LAPTOP\Desktop\Combo-Fix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\invokesi.exe
c:\documents and settings\Antonio.ANTONIO-LAPTOP\Desktop\Internet Explorer.lnk
c:\documents and settings\Antonio.ANTONIO-LAPTOP\Templates\a27kergolj662qtpkf4m1urlv21e5m4i5l4ibv
C:\hosts
.
Infected copy of c:\windows2\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2011-03-22 to 2011-04-22 )))))))))))))))))))))))))))))))
.
.
2011-04-21 01:07 . 2011-04-21 01:07 -------- d-----w- C:\_OTL
2011-04-18 01:15 . 2011-04-18 01:16 -------- d-----w- c:\documents and settings\Antonio.ANTONIO-LAPTOP\Application Data\U3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 08:00 . 2007-05-24 13:03 17920 c:\dell\E-Center\bak\EULALauncher.exe
.
2007-05-11 09:06 . 2007-05-11 09:06 40048 c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
2010-06-17 06:24 . 2010-06-17 06:24 40368 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
2006-10-03 17:37 . 2006-10-03 17:37 81920 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
.
2006-10-03 17:35 . 2006-10-03 17:35 221184 c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
.
2003-09-14 02:36 . 2003-09-14 02:36 50688 c:\program files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe
.
2006-11-05 17:22 . 2006-11-05 17:22 221184 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe
.
2007-12-20 07:45 . 2007-07-27 22:43 118784 c:\program files\Dell\Dell Webcam Manager\bak\DellWMgr.exe
2010-10-02 18:45 . 2007-07-27 20:43 118784 c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
2007-12-20 07:56 . 2007-04-16 22:10 184320 c:\program files\Dell\MediaDirect\bak\PCMService.exe
2010-10-03 03:56 . 2007-04-16 20:10 184320 c:\program files\Dell\MediaDirect\PCMService.exe
.
2007-12-20 07:43 . 2007-07-03 19:57 1228800 c:\program files\Dell\QuickSet\bak\quickset.exe
2010-03-10 18:13 . 2007-07-03 18:57 1228800 c:\program files\Dell\QuickSet\quickset.exe
.
2007-10-10 00:56 . 2007-10-10 00:56 202544 c:\program files\Dell Support Center\bin\bak\sprtcmd.exe
2009-05-21 14:55 . 2009-05-21 14:55 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe
.
2007-10-10 00:57 . 2007-10-10 00:57 16384 c:\program files\Dell Support Center\gs_agent\custom\bak\dsca.exe
.
2007-12-20 08:00 . 2007-12-20 08:00 1838592 c:\program files\Google\Google Desktop Search\bak\GoogleDesktop.exe
.
2007-07-25 22:30 . 2007-07-25 22:30 974848 c:\program files\Intel\Wireless\Bin\bak\ifrmewrk.exe
.
2007-07-25 22:32 . 2007-07-25 22:32 823296 c:\program files\Intel\Wireless\Bin\bak\ZCfgSvc.exe
.
2006-08-17 15:00 . 2006-08-17 15:00 1116920 c:\program files\Roxio\Drag-to-Disc\bak\DrgToDsc.exe
.
2007-12-20 07:16 . 2007-07-10 04:21 851968 c:\program files\Synaptics\SynTP\bak\SynTPEnh.exe
.
2007-11-09 01:18 . 2006-11-21 19:02 1807960 c:\program files\Trend Micro\Internet Security 14\bak\pccguide.exe
.
2008-01-26 05:38 . 2007-08-30 22:43 4670704 c:\program files\Yahoo!\Messenger\bak\YahooMessenger.exe
2008-03-02 04:15 . 2007-08-30 22:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
2007-12-20 07:17 . 2007-08-28 20:54 36864 c:\windows\bak\OEM02Mon.exe
.
2004-08-10 18:51 . 2004-08-04 11:00 15360 c:\windows\system32\bak\ctfmon.exe
2004-08-10 18:51 . 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe
.
2006-11-02 20:05 . 2006-11-02 20:05 282624 c:\windows\system32\bak\KADxMain.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"NvCplDaemon"="c:\windows2\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NvMediaCenter"="c:\windows2\system32\NvMcTray.dll" [2008-02-22 86016]
"SigmatelSysTrayApp"="%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe" [N/A]
"IMJPMIG8.1"="c:\windows2\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows2\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows2\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows2\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"OEM02Mon.exe"="c:\windows2\OEM02Mon.exe" [2007-05-10 36864]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"DLADiag"="c:\windows2\DLADiag.EXE" [N/A]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\documents and settings\antonio\Start Menu\Programs\Startup\
Warner Bros.lnk - c:\program files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [2010-7-3 142336]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
.
R1 DLADiagM;DLADiagM;c:\windows2\system32\drivers\DLADiagM.SYS [10/3/2010 12:07 AM 13688]
R1 DLAPMonM;DLAPMonM;c:\windows2\system32\drivers\DLAPMonM.SYS [10/3/2010 12:07 AM 30744]
R2 SBKUPNT;SBKUPNT;c:\windows2\system32\drivers\SBKUPNT.SYS [10/17/2010 1:05 AM 14976]
S1 DLADHK_M;DLADHK_M;c:\windows2\system32\drivers\DLADHK_M.SYS [10/3/2010 12:07 AM 33592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 8:11 PM 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows2\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows2\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2010-09-29 c:\windows2\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-04-22 c:\windows2\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 00:11]
.
2011-04-21 c:\windows2\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 00:11]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Xvid_is1 - c:\program files\Xvid\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-04-21 23:26
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS2\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS2\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-04-21 23:28:28
ComboFix-quarantined-files.txt 2011-04-22 03:28
.
Pre-Run: 14,774,804,480 bytes free
Post-Run: 14,739,546,112 bytes free
.
- - End Of File - - 8CF4DB12EF43C991DD7FEDE954C9E140

by furyofdawolfx on Fri 22 Apr 2011, 3:24 pm

Hello,

As of right now, everythingseems to be back to normal after running ComboFix. It's only been about an hour, but I no longer get any internet script errors and I am no longer redirected to random websites when going to sites with malware removal guides. Is there anything else I should do to make sure it will stay this way? I just got a copy of comodo 4.0 and will probably install it tomorrow.
So if there is any other scans I should do, please let me know. I really apreciate the help

-Wolf

by **Belahzur** on Sat 23 Apr 2011, 7:05 am

Hello.
Nearly done, just have to deal with an annoying file infector.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
KILLALL:: AWF:: c:\dell\E-Center\bak\EULALauncher.exe c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe c:\program files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe c:\program files\Dell\Dell Webcam Manager\bak\DellWMgr.exe c:\program files\Dell\MediaDirect\bak\PCMService.exe c:\program files\Dell\QuickSet\bak\quickset.exe c:\program files\Dell Support Center\bin\bak\sprtcmd.exe c:\program files\Dell Support Center\gs_agent\custom\bak\dsca.exe c:\program files\Google\Google Desktop Search\bak\GoogleDesktop.exe c:\program files\Intel\Wireless\Bin\bak\ifrmewrk.exe c:\program files\Intel\Wireless\Bin\bak\ZCfgSvc.exe c:\program files\Roxio\Drag-to-Disc\bak\DrgToDsc.exe c:\program files\Synaptics\SynTP\bak\SynTPEnh.exe c:\program files\Trend Micro\Internet Security 14\bak\pccguide.exe c:\program files\Yahoo!\Messenger\bak\YahooMessenger.exe c:\windows\bak\OEM02Mon.exe c:\windows\system32\bak\ctfmon.exe c:\windows\system32\bak\KADxMain.exe
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

by furyofdawolfx on Sat 23 Apr 2011, 10:13 am

ComboFix 11-04-22.01 - Antonio 04/22/2011 18:25:41.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.699 [GMT -4:00]
Running from: c:\documents and settings\Antonio.ANTONIO-LAPTOP\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Antonio.ANTONIO-LAPTOP\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-03-22 to 2011-04-22 )))))))))))))))))))))))))))))))
.
.
2011-04-21 01:07 . 2011-04-21 01:07 -------- d-----w- C:\_OTL
2011-04-18 01:15 . 2011-04-18 01:16 -------- d-----w- c:\documents and settings\Antonio.ANTONIO-LAPTOP\Application Data\U3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-22 22:32 . 2011-04-22 22:32 16384 c:\windows2\temp\Perflib_Perfdata_6a0.dat
+ 2001-08-23 12:00 . 2011-04-22 21:50 58866 c:\windows2\system32\perfc009.dat
- 2001-08-23 12:00 . 2011-04-22 03:21 58866 c:\windows2\system32\perfc009.dat
+ 2001-08-23 12:00 . 2011-04-22 21:50 392332 c:\windows2\system32\perfh009.dat
- 2001-08-23 12:00 . 2011-04-22 03:21 392332 c:\windows2\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"NvCplDaemon"="c:\windows2\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NvMediaCenter"="c:\windows2\system32\NvMcTray.dll" [2008-02-22 86016]
"IMJPMIG8.1"="c:\windows2\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows2\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows2\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows2\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"OEM02Mon.exe"="c:\windows2\OEM02Mon.exe" [2007-05-10 36864]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\documents and settings\antonio\Start Menu\Programs\Startup\
Warner Bros.lnk - c:\program files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [2010-7-3 142336]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
.
R1 DLADiagM;DLADiagM;c:\windows2\system32\drivers\DLADiagM.SYS [10/3/2010 12:07 AM 13688]
R1 DLAPMonM;DLAPMonM;c:\windows2\system32\drivers\DLAPMonM.SYS [10/3/2010 12:07 AM 30744]
R2 SBKUPNT;SBKUPNT;c:\windows2\system32\drivers\SBKUPNT.SYS [10/17/2010 1:05 AM 14976]
S1 DLADHK_M;DLADHK_M;c:\windows2\system32\drivers\DLADHK_M.SYS [10/3/2010 12:07 AM 33592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 8:11 PM 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows2\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows2\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2010-09-29 c:\windows2\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-04-22 c:\windows2\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 00:11]
.
2011-04-22 c:\windows2\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 00:11]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
HKLM-Run-DLADiag - c:\windows2\DLADiag.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-04-22 18:32
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS2\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS2\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2784)
c:\windows2\system32\ieframe.dll
c:\windows2\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows2\system32\rundll32.exe
c:\windows2\system32\RUNDLL32.EXE
c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows2\system32\nvsvc32.exe
c:\windows2\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\\?\c:\windows2\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-04-22 18:36:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-22 22:36
ComboFix2.txt 2011-04-22 03:28
.
Pre-Run: 14,689,079,296 bytes free
Post-Run: 14,727,966,720 bytes free
.
- - End Of File - - 2F9D7709D968CCB781160FEAF5A12D50

by **Belahzur** on Sun 24 Apr 2011, 6:58 am

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

by furyofdawolfx on Sun 24 Apr 2011, 9:43 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=a15170fa456ed14893db49d48eb960ce
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-23 09:38:05
# local_time=2011-04-23 05:38:05 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 104535595 104535595 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=113257
# found=28
# cleaned=28
# scan_time=3840
C:\Documents and Settings\antonio\Desktop\media.player.codec.pack.v3.9.6.setup.exe Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\antonio\Local Settings\Application Data\iepqwrfmp\yghbmqpuqiw.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{0BC7B696-48BC-4B67-B004-BEAA157F7FC8}\RP164\A0019020.exe a variant of Win32/Kryptik.MSP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{0BC7B696-48BC-4B67-B004-BEAA157F7FC8}\RP164\A0019021.exe a variant of Win32/Kryptik.MSP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{0BC7B696-48BC-4B67-B004-BEAA157F7FC8}\RP165\A0019160.exe Win32/TrojanDownloader.FakeAlert.AQI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{0BC7B696-48BC-4B67-B004-BEAA157F7FC8}\RP165\A0019161.exe Win32/TrojanDownloader.FakeAlert.AQI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{0BC7B696-48BC-4B67-B004-BEAA157F7FC8}\RP165\A0019162.exe Win32/TrojanDownloader.FakeAlert.AQI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{0BC7B696-48BC-4B67-B004-BEAA157F7FC8}\RP165\A0019163.exe Win32/TrojanDownloader.FakeAlert.BDN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{0BC7B696-48BC-4B67-B004-BEAA157F7FC8}\RP165\A0019164.exe Win32/TrojanDownloader.FakeAlert.BDN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{0BC7B696-48BC-4B67-B004-BEAA157F7FC8}\RP165\A0019165.exe Win32/TrojanDownloader.FakeAlert.BDN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{0BC7B696-48BC-4B67-B004-BEAA157F7FC8}\RP165\A0019166.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{0BC7B696-48BC-4B67-B004-BEAA157F7FC8}\RP165\A0019167.exe a variant of Win32/Cimag.DJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{0BC7B696-48BC-4B67-B004-BEAA157F7FC8}\RP166\A0020418.sys Win32/Olmasco.E trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{0BC7B696-48BC-4B67-B004-BEAA157F7FC8}\RP167\A0020683.exe Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{0BC7B696-48BC-4B67-B004-BEAA157F7FC8}\RP167\A0020684.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\akapuhuh.dll Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\axulugoqo.dll Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\azesarev.dll Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Dkuqya.exe Win32/TrojanDownloader.FakeAlert.AQI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\ihoxodokakejupe.dll Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\kbicsye.dll a variant of Win32/Cimag.DJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\obajunazileko.dll Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\bzk4q.dll a variant of Win32/Ertfor.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\m8ekh6t0.dll a variant of Win32/Ertfor.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\qaiubeam.dll a variant of Win32/Ertfor.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\intelppm.sys Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\spool\prtprocs\w32x86\1aA31e.dll a variant of Win32/Kryptik.GSA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Temp\1793eI.sys Win32/Olmarik.ADT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

by **Belahzur** on Sun 24 Apr 2011, 1:19 pm

Hello.

I see that you are running FrostWire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Updating Java:

Download the latest version of Java SE Runtime Environment (JRE) 6 Update 25.
Click the "Download JRE" button to the right.
In the Window that opens, select your platform, check the "agree" box, and click Continue.
Click on the link to download Windows Offline Installation and save to your desktop.
Close any programs you may have running - especially your web browser.
Then from your desktop double-click on jre-6u25-windows-i586.exe that you downloaded to install the newest version.

How is the machine running now?

by furyofdawolfx on Tue 26 Apr 2011, 11:02 am

Hello,

Hope you had a great weekend!

My laptop is running very smoothly! I did everthing you asked me to and everything is working really well. As a student and someone who works part-time, I reallly apreciate the help. Thanks so much!

I guess what's left is to install Comodo 4.0 that I have.

by **Belahzur** on Wed 27 Apr 2011, 8:26 am

Fair enough. Install that and you should be set to go.

by Sponsored content Today at 5:57 am

Internet Explorer Script Error and ui.mevio.com virus??

Internet Explorer Script Error and ui.mevio.com virus??

Re: Internet Explorer Script Error and ui.mevio.com virus??

Re: Internet Explorer Script Error and ui.mevio.com virus??

Re: Internet Explorer Script Error and ui.mevio.com virus??

Re: Internet Explorer Script Error and ui.mevio.com virus??

Re: Internet Explorer Script Error and ui.mevio.com virus??

Re: Internet Explorer Script Error and ui.mevio.com virus??

Re: Internet Explorer Script Error and ui.mevio.com virus??

Re: Internet Explorer Script Error and ui.mevio.com virus??

Re: Internet Explorer Script Error and ui.mevio.com virus??

Re: Internet Explorer Script Error and ui.mevio.com virus??

Re: Internet Explorer Script Error and ui.mevio.com virus??

Re: Internet Explorer Script Error and ui.mevio.com virus??

Re: Internet Explorer Script Error and ui.mevio.com virus??

Re: Internet Explorer Script Error and ui.mevio.com virus??

Re: Internet Explorer Script Error and ui.mevio.com virus??

Re: Internet Explorer Script Error and ui.mevio.com virus??

Re: Internet Explorer Script Error and ui.mevio.com virus??

Re: Internet Explorer Script Error and ui.mevio.com virus??