Windows Recovery?

View previous topic View next topic Go down

Windows Recovery?

Post by Joey Jiggles on 20th April 2011, 7:14 pm

My luck is just horrible. Opened my laptop up at home and it started freaking out. All of my desktop items started dissapearing and every time I turn it on a windows file pops up, then give me a run error, and then windows recovery comes up "scanning" my computer. I thought it was fake and refused to click on it. I went into safe mode and had to run an rkill to get Malware to work. I was stunned by the results. This one is pretty bad guys. Here are my OTL, Malware, and rKill data.. please help!

OTL:

OTL logfile created on: 4/18/2011 7:09:30 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = F:\HiJackThis
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 373.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 53.31 Gb Free Space | 71.61% Space Free | Partition Type: NTFS
Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 7.47 Gb Total Space | 0.01 Gb Free Space | 0.11% Space Free | Partition Type: FAT32

Computer Name: JOSEPH | User Name: Joseph W. Gallo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/18 17:48:08 | 000,126,464 | -H-- | M] (PC Tools) -- C:\WINDOWS\Fqysue.exe
PRC - [2011/03/31 15:40:08 | 001,006,778 | ---- | M] () -- F:\HiJackThis\rkill.exe
PRC - [2011/03/06 15:01:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\HiJackThis\OTL.exe
PRC - [2008/10/31 14:22:38 | 000,050,480 | -H-- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 19:12:14 | 000,389,120 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2008/03/18 14:50:54 | 000,984,616 | -H-- | M] (SupportSoft, Inc.) -- C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe
PRC - [2008/01/25 01:38:12 | 002,458,128 | -H-- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/01/11 20:54:31 | 000,623,992 | -H-- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/01/09 16:50:22 | 000,767,976 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/12/05 10:04:10 | 000,695,624 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/11/26 10:46:14 | 000,023,880 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2007/11/07 09:35:40 | 000,361,800 | -H-- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\mcvsshld.exe
PRC - [2007/11/06 16:22:10 | 000,259,400 | -H-- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\mcvsmap.exe
PRC - [2007/11/01 19:12:38 | 000,582,992 | -H-- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/11/01 19:12:38 | 000,265,040 | -H-- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/10/08 16:50:56 | 000,041,824 | -H-- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2007/08/15 12:36:04 | 000,359,248 | -H-- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | -H-- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/07/24 12:02:14 | 000,144,704 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/18 15:54:42 | 000,856,864 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/07/06 11:32:37 | 000,185,896 | -H-- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/06/26 10:46:05 | 000,654,848 | -H-- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/06/20 20:36:46 | 000,777,728 | -H-- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2007/04/15 21:49:08 | 000,159,744 | -H-- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/02/20 12:29:08 | 001,191,936 | -H-- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/02/20 12:24:34 | 000,475,136 | -H-- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/02/18 23:27:16 | 000,090,112 | -H-- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2007/02/18 23:26:32 | 000,303,104 | -H-- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/12/19 14:21:48 | 000,079,432 | -H-- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/11/02 14:05:50 | 000,282,624 | -H-- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | -H-- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/09/08 08:32:54 | 000,102,400 | -H-- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
PRC - [2006/09/05 10:09:10 | 000,315,392 | -H-- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe
PRC - [2006/06/12 10:01:14 | 000,180,224 | -H-- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
PRC - [2004/04/07 13:07:34 | 000,496,752 | -H-- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
PRC - [2004/04/07 13:07:32 | 001,135,728 | -H-- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe


========== Modules (SafeList) ==========

MOD - [2011/03/06 15:01:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\HiJackThis\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 19:12:10 | 000,019,456 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wshtcpip.dll
MOD - [2008/04/13 19:12:08 | 000,278,528 | -H-- | M] () -- C:\WINDOWS\owigilidupaya.dll
MOD - [2008/04/13 19:11:54 | 000,344,064 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hnetcfg.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/18 18:20:52 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\Iasv32.dll -- (Ias)
SRV - [2011/03/24 19:12:03 | 000,216,064 | -H-- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\itlpfw32.dll -- (itlperf)
SRV - [2009/02/06 06:11:05 | 000,018,944 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\Nwsapagents.dll -- (Nwsapagent)
SRV - [2008/01/25 01:38:12 | 002,458,128 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2008/01/11 18:50:16 | 000,030,312 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/01/09 16:50:22 | 000,767,976 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/12/05 10:04:10 | 000,695,624 | -H-- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/11/26 10:46:14 | 000,023,880 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/11/07 09:35:40 | 000,378,184 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/08/15 12:36:04 | 000,359,248 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/08/09 02:27:52 | 000,073,728 | -H-- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/07/24 12:02:14 | 000,144,704 | -H-- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/18 15:54:42 | 000,856,864 | -H-- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007/06/26 10:46:05 | 000,654,848 | -H-- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/06/20 20:36:46 | 000,066,560 | -H-- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2007/02/20 12:24:34 | 000,475,136 | -H-- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/02/18 23:27:16 | 000,090,112 | -H-- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2006/12/19 14:21:48 | 000,079,432 | -H-- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2006/09/05 10:09:10 | 000,315,392 | -H-- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe -- (DataSvr2)
SRV - [2006/06/12 10:01:14 | 000,180,224 | -H-- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2004/04/07 13:07:32 | 001,135,728 | -H-- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2008/12/04 14:50:06 | 000,007,408 | RH-- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/12/04 14:50:04 | 000,008,944 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/12/04 14:50:02 | 000,055,024 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/04/13 13:41:01 | 000,052,352 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/01/07 16:31:18 | 000,049,904 | RH-- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/12/02 12:51:42 | 000,040,488 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/11/22 06:44:08 | 000,201,320 | -H-- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/11/22 06:44:08 | 000,079,304 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/11/22 06:44:08 | 000,035,240 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/11/22 06:44:04 | 000,033,832 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/13 06:20:24 | 000,113,952 | -H-- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/04/15 22:03:04 | 000,056,576 | -H-- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/04/15 21:49:08 | 000,132,608 | -H-- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/03/18 15:44:38 | 000,160,256 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/03/16 03:10:56 | 000,604,928 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/02/18 23:27:34 | 001,228,296 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/01/31 18:19:04 | 000,989,696 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/01/31 18:19:02 | 000,730,112 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/01/31 18:19:02 | 000,209,152 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/19 14:21:52 | 000,010,480 | -H-- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/11/02 12:32:32 | 000,097,536 | -H-- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2006/01/10 11:07:58 | 000,004,864 | -H-- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/09 15:35:00 | 000,018,816 | -H-- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pbadrv.sys -- (PBADRV)
DRV - [2005/08/12 16:50:46 | 000,016,128 | -H-- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2003/01/10 17:13:04 | 000,033,588 | -H-- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = aol.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.comcast.net?cid=NET_mmhpset"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\extensions\\{953EDD09-990C-49B9-B0DA-70A43ECFF282}: C:\Documents and Settings\Joseph W. Gallo\Local Settings\Application Data\{953EDD09-990C-49B9-B0DA-70A43ECFF282} [2011/04/18 17:48:37 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 15:57:08 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 15:57:08 | 000,000,000 | -H-D | M]

[2009/01/20 10:44:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Joseph W. Gallo\Application Data\Mozilla\Extensions
[2011/04/18 18:08:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Joseph W. Gallo\Application Data\Mozilla\Firefox\Profiles\ir9j1wpc.default\extensions
[2009/10/26 23:27:58 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Joseph W. Gallo\Application Data\Mozilla\Firefox\Profiles\ir9j1wpc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/26 22:19:48 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/01/20 10:15:22 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/04/18 17:49:39 | 000,000,047 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online, Inc)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [Kcowomivok] C:\WINDOWS\owigilidupaya.dll ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] F:\HiJackThis\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Pure Networks Port Magic] C:\Program Files\Pure Networks\Port Magic\PortAOL.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Media Player ACM] C:\Documents and Settings\Joseph W. Gallo\Application Data\Microsoft\Windows Media\12.0\wmpacm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [0ESKOMO9JO] C:\Documents and Settings\Joseph W. Gallo\Local Settings\Temp\Fqb.exe (PC Tools)
O4 - HKCU..\Run: [506E7F4A_0] C:\Documents and Settings\Joseph W. Gallo\Local Settings\Temp\jnji.exe ()
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [Bguvamew] C:\WINDOWS\icre32.dll (ArcSoft Inc.)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [JwWeagugDQKT] C:\Documents and Settings\All Users\Application Data\JwWeagugDQKT.exe (BitSprx)
O4 - HKCU..\Run: [TBXQRHV4KR] C:\Documents and Settings\Joseph W. Gallo\Local Settings\Temp\Fqu.exe (PC Tools)
O4 - HKCU..\Run: [Universal Installer] C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe (SupportSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.)
O4 - Startup: C:\Documents and Settings\Joseph W. Gallo\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\Joseph W. Gallo\Start Menu\Programs\Startup\Windows Media Player ACM.lnk = C:\Documents and Settings\Joseph W. Gallo\Application Data\Microsoft\Windows Media\12.0\wmpacm.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: yj9khn = C:\DOCUME~1\JOSEPH~1.GAL\LOCALS~1\Temp\jizz.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} [You must be registered and logged in to see this link.] (TPIR Control)
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} [You must be registered and logged in to see this link.] (Pool Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} [You must be registered and logged in to see this link.] (Wwlaunch Control)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} [You must be registered and logged in to see this link.] (WorldWinner ActiveX Launcher Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} [You must be registered and logged in to see this link.] (Clue Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} [You must be registered and logged in to see this link.] (WoF Control)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} [You must be registered and logged in to see this link.] (Paint Control)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\itlnfw32: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Joseph W. Gallo\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joseph W. Gallo\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{be091fe0-f710-11de-b780-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{be091fe0-f710-11de-b780-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{be091fe0-f710-11de-b780-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007/10/23 02:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007/10/23 02:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/18 18:44:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Joseph W. Gallo\Recent
[2011/04/18 18:42:15 | 000,126,464 | -H-- | C] (PC Tools) -- C:\WINDOWS\Fqysue.exe
[2011/04/18 18:42:03 | 000,126,464 | -H-- | C] (PC Tools) -- C:\WINDOWS\Fqysud.exe
[2011/04/18 18:30:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Joseph W. Gallo\Start Menu\Programs\Windows Recovery
[2011/04/18 18:22:53 | 000,126,464 | -H-- | C] (PC Tools) -- C:\WINDOWS\Fqysua.exe
[2011/04/18 18:20:45 | 000,569,344 | -H-- | C] (BitSprx) -- C:\Documents and Settings\All Users\Application Data\JwWeagugDQKT.exe
[2011/04/18 18:20:43 | 000,000,000 | -H-D | C] -- C:\Temp
[2011/04/18 18:19:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\windupdate
[2011/04/18 17:48:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Joseph W. Gallo\Local Settings\Application Data\{953EDD09-990C-49B9-B0DA-70A43ECFF282}
[2011/04/18 17:48:29 | 000,126,464 | -H-- | C] (PC Tools) -- C:\WINDOWS\Fqysuc.exe
[2011/04/18 17:47:52 | 000,126,464 | -H-- | C] (PC Tools) -- C:\WINDOWS\Fqysub.exe
[2011/03/24 19:19:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/03/24 19:19:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/03/24 19:12:03 | 000,216,064 | -H-- | C] (Intel Corporation ) -- C:\WINDOWS\System32\itlpfw32.dll
[2011/03/24 18:58:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/23 21:52:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/23 21:51:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/18 19:12:11 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/18 19:08:32 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\jdka.sys
[2011/04/18 19:00:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\glpoadif.job
[2011/04/18 18:43:35 | 000,000,260 | -H-- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/04/18 18:42:24 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/18 18:41:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/18 18:41:25 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/18 18:33:00 | 000,000,184 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~21684020
[2011/04/18 18:32:59 | 000,000,152 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~21684020r
[2011/04/18 18:32:52 | 000,000,150 | -H-- | M] () -- C:\Documents and Settings\Joseph W. Gallo\Desktop\rk-proxy.reg
[2011/04/18 18:30:04 | 000,000,813 | -H-- | M] () -- C:\Documents and Settings\Joseph W. Gallo\Desktop\Windows Recovery.lnk
[2011/04/18 18:30:00 | 000,000,328 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\21684020
[2011/04/18 18:29:54 | 000,487,424 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\21684020.exe
[2011/04/18 18:23:11 | 000,123,392 | RHS- | M] () -- C:\WINDOWS\System32\WMVADVDW.dll
[2011/04/18 18:23:11 | 000,123,392 | RHS- | M] () -- C:\WINDOWS\System32\ntbackup3.dll
[2011/04/18 18:22:20 | 000,126,464 | -H-- | M] (PC Tools) -- C:\WINDOWS\Fqysua.exe
[2011/04/18 18:22:14 | 000,000,232 | -H-- | M] () -- C:\Documents and Settings\Joseph W. Gallo\delme.bat
[2011/04/18 18:21:30 | 000,001,186 | -H-- | M] () -- C:\Documents and Settings\Joseph W. Gallo\Start Menu\Programs\Startup\Windows Media Player ACM.lnk
[2011/04/18 18:20:52 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\Iasv32.dll
[2011/04/18 18:19:54 | 000,569,344 | -H-- | M] (BitSprx) -- C:\Documents and Settings\All Users\Application Data\JwWeagugDQKT.exe
[2011/04/18 18:04:41 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Joseph W. Gallo\Desktop\OTL.exe
[2011/04/18 18:04:27 | 000,005,341 | -H-- | M] () -- C:\Documents and Settings\Joseph W. Gallo\Application Data\F9AE.7D7
[2011/04/18 18:01:07 | 000,498,206 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/18 18:01:07 | 000,092,932 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/18 17:59:24 | 000,025,396 | -H-- | M] () -- C:\WINDOWS\System32\Config.MPF
[2011/04/18 17:49:39 | 000,000,047 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/18 17:48:50 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\Hyatevasuqeruz.bin
[2011/04/18 17:48:49 | 000,000,120 | -H-- | M] () -- C:\WINDOWS\Eqijupewuk.dat
[2011/04/18 17:48:08 | 000,126,464 | -H-- | M] (PC Tools) -- C:\WINDOWS\Fqysue.exe
[2011/04/18 17:48:08 | 000,126,464 | -H-- | M] (PC Tools) -- C:\WINDOWS\Fqysud.exe
[2011/04/18 17:47:09 | 000,126,464 | -H-- | M] (PC Tools) -- C:\WINDOWS\Fqysuc.exe
[2011/04/18 17:47:01 | 000,126,464 | -H-- | M] (PC Tools) -- C:\WINDOWS\Fqysub.exe
[2011/04/18 06:54:10 | 000,000,000 | RH-- | M] () -- C:\2501i18lkr
[2011/03/24 19:12:03 | 000,216,064 | -H-- | M] (Intel Corporation ) -- C:\WINDOWS\System32\itlpfw32.dll
[2011/03/24 19:12:03 | 000,034,816 | -H-- | M] () -- C:\WINDOWS\System32\itlnfw32.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/18 19:08:32 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\jdka.sys
[2011/04/18 18:41:25 | 1063,374,848 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/18 18:32:59 | 000,000,152 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~21684020r
[2011/04/18 18:32:58 | 000,000,184 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~21684020
[2011/04/18 18:32:52 | 000,000,150 | -H-- | C] () -- C:\Documents and Settings\Joseph W. Gallo\Desktop\rk-proxy.reg
[2011/04/18 18:30:04 | 000,000,813 | -H-- | C] () -- C:\Documents and Settings\Joseph W. Gallo\Desktop\Windows Recovery.lnk
[2011/04/18 18:30:00 | 000,000,328 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\21684020
[2011/04/18 18:29:54 | 000,487,424 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\21684020.exe
[2011/04/18 18:23:11 | 000,123,392 | RHS- | C] () -- C:\WINDOWS\System32\WMVADVDW.dll
[2011/04/18 18:23:11 | 000,123,392 | RHS- | C] () -- C:\WINDOWS\System32\ntbackup3.dll
[2011/04/18 18:22:47 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/18 18:22:14 | 000,000,232 | -H-- | C] () -- C:\Documents and Settings\Joseph W. Gallo\delme.bat
[2011/04/18 18:21:32 | 000,005,341 | -H-- | C] () -- C:\Documents and Settings\Joseph W. Gallo\Application Data\F9AE.7D7
[2011/04/18 18:21:29 | 000,001,186 | -H-- | C] () -- C:\Documents and Settings\Joseph W. Gallo\Start Menu\Programs\Startup\Windows Media Player ACM.lnk
[2011/04/18 18:20:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\Iasv32.dll
[2011/04/18 18:05:01 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Joseph W. Gallo\Desktop\OTL.exe
[2011/04/18 17:48:50 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Hyatevasuqeruz.bin
[2011/04/18 17:48:48 | 000,000,120 | -H-- | C] () -- C:\WINDOWS\Eqijupewuk.dat
[2011/04/18 06:54:10 | 000,000,000 | RH-- | C] () -- C:\2501i18lkr
[2011/03/24 19:12:03 | 000,034,816 | -H-- | C] () -- C:\WINDOWS\System32\itlnfw32.dll
[2011/02/03 18:41:51 | 000,002,048 | -H-- | C] () -- C:\Documents and Settings\Joseph W. Gallo\Application Data\Photobook Designer Prefs
[2009/01/20 10:11:58 | 016,168,344 | -H-- | C] () -- C:\Program Files\jre-6u11-windows-i586-p.exe
[2008/11/14 09:27:23 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\atid.ini
[2008/09/29 12:20:48 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/11/05 12:17:32 | 000,000,715 | -H-- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2007/11/02 11:44:44 | 000,000,419 | -H-- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/11/02 11:44:44 | 000,000,027 | -H-- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/11/02 11:40:26 | 000,000,227 | -H-- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/11/02 11:40:26 | 000,000,093 | -H-- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/11/02 11:40:26 | 000,000,050 | -H-- | C] () -- C:\WINDOWS\System32\bridf06a.dat
[2007/11/02 11:39:04 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\brdfxspd.dat
[2007/11/02 11:39:03 | 000,106,496 | -H-- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2007/11/02 11:27:21 | 000,027,019 | -H-- | C] () -- C:\WINDOWS\maxlink.ini
[2007/09/19 15:55:20 | 000,025,600 | -H-- | C] () -- C:\Documents and Settings\Joseph W. Gallo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/12 11:01:18 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/06/26 11:13:48 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2007/06/26 08:31:09 | 000,105,045 | -H-- | C] () -- C:\WINDOWS\HPFins09.dat
[2007/06/26 08:31:09 | 000,003,732 | -H-- | C] () -- C:\WINDOWS\hpfmdl09.dat
[2007/06/26 08:30:56 | 000,077,824 | RH-- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/06/26 08:18:48 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\Joseph W. Gallo\Local Settings\Application Data\fusioncache.dat
[2007/06/20 20:49:25 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2007/06/20 20:27:15 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/06/20 20:27:14 | 000,757,760 | -H-- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/06/20 20:27:14 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2007/06/20 20:24:59 | 000,143,360 | -H-- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2007/06/20 20:24:59 | 000,106,496 | -H-- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2007/06/20 20:02:02 | 000,910,304 | -H-- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/06/20 20:02:02 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2007/06/20 20:02:01 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/06/20 20:01:08 | 000,001,120 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/09/12 12:07:36 | 000,184,320 | -H-- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2006/09/12 12:01:48 | 000,196,608 | -H-- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2006/09/12 12:01:42 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2006/09/12 12:01:34 | 000,196,608 | -H-- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2006/09/12 12:01:28 | 000,184,320 | -H-- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2006/09/12 12:01:20 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2006/09/12 12:01:12 | 000,188,416 | -H-- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2006/09/12 12:01:06 | 000,208,896 | -H-- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2006/09/12 12:00:58 | 000,196,608 | -H-- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2006/09/12 12:00:52 | 000,176,128 | -H-- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2006/09/12 12:00:44 | 000,172,032 | -H-- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2006/09/08 08:32:02 | 000,286,720 | -H-- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2006/09/08 08:30:44 | 000,004,096 | -H-- | C] () -- C:\WINDOWS\System32\detoured.dll
[2006/09/05 10:05:32 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll
[2006/09/05 09:26:06 | 000,073,728 | -H-- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2006/09/05 09:25:54 | 000,069,632 | -H-- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2006/09/05 09:25:42 | 000,073,728 | -H-- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2006/09/05 09:25:32 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2006/09/05 09:25:20 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2006/09/05 09:25:10 | 000,073,728 | -H-- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2006/09/05 09:24:58 | 000,081,920 | -H-- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2006/09/05 09:24:48 | 000,081,920 | -H-- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2006/09/05 09:24:36 | 000,081,920 | -H-- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2006/09/05 09:24:26 | 000,069,632 | -H-- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2006/06/12 10:01:18 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\TspPopup_RUS.dll
[2006/06/12 10:01:18 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\TspPopup_ITA.dll
[2006/06/12 10:01:18 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\TspPopup_FRA.dll
[2006/06/12 10:01:18 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\TspPopup_ESN.dll
[2006/06/12 10:01:18 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\TspPopup_ENU.dll
[2006/06/12 10:01:18 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\TspPopup_DEU.dll
[2006/06/12 10:01:18 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\TspPopup_CHS.dll
[2006/06/12 10:01:16 | 000,348,160 | -H-- | C] () -- C:\WINDOWS\System32\Tsp.dll
[2005/12/01 14:41:20 | 000,057,344 | -H-- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2005/09/20 13:36:06 | 000,798,720 | -H-- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2005/03/21 18:48:05 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 18:48:05 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:24:19 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,023,428 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,268,600 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:28 | 000,498,206 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,092,932 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:24 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 05:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,278,528 | -H-- | C] () -- C:\WINDOWS\owigilidupaya.dll
[2004/08/04 05:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,052,352 | -H-- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2004/08/04 05:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/07/21 15:03:14 | 000,917,504 | -H-- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/07/20 14:27:52 | 000,057,344 | -H-- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/03/18 18:01:20 | 000,072,192 | -H-- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2002/03/04 10:16:34 | 000,110,592 | RH-- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/07/06 16:30:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

< End of report >


Malware:

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 5975

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

4/18/2011 7:07:43 PM
mbam-log-2011-04-18 (19-07-43).txt

Scan type: Quick scan
Objects scanned: 162719
Time elapsed: 19 minute(s), 37 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 0
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 19

Memory Processes Infected:
c:\WINDOWS\system32\oxbs.exe (Heuristics.Shuriken) -> 5948 -> Unloaded process successfully.

Memory Modules Infected:
c:\WINDOWS\icre32.dll (Trojan.Hiloti) -> Delete on reboot.
c:\WINDOWS\system32\Iasv32.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bguvamew (Trojan.Hiloti) -> Value: Bguvamew -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cftmon (Heuristics.Shuriken) -> Value: cftmon -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Value: load -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\DOCUME~1\JOSEPH~1.GAL\LOCALS~1\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\icre32.dll (Trojan.Hiloti) -> Delete on reboot.
c:\WINDOWS\system32\oxbs.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\klric.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\joseph w. gallo\application data\dwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ujde.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\joseph w. gallo\local settings\Temp\npvagmk.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\joseph w. gallo\local settings\Temp\pmngl.exe (Adware.BHO) -> Quarantined and deleted successfully.
c:\documents and settings\joseph w. gallo\local settings\Temp\506270.tmp.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\joseph w. gallo\local settings\Temp\5068e.tmp.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\joseph w. gallo\local settings\Temp\50698.tmp.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\joseph w. gallo\local settings\Temp\goenlnjp.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\documents and settings\joseph w. gallo\local settings\temporary internet files\Content.IE5\NQEJXMR1\tpggk[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\joseph w. gallo\application data\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\Iasv32.dll (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\system32\winset.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\joseph w. gallo\local settings\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


rkill:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 04/18/2011 at 18:48:49.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\Documents and Settings\Joseph W. Gallo\Application Data\dwm.exe
C:\DOCUME~1\JOSEPH~1.GAL\LOCALS~1\Temp\Fqb.exe
C:\Documents and Settings\Joseph W. Gallo\Application Data\Microsoft\conhost.exe
C:\DOCUME~1\JOSEPH~1.GAL\LOCALS~1\Temp\csrss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\JOSEPH~1.GAL\LOCALS~1\Temp\jizz.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe
C:\Documents and Settings\All Users\Application Data\JwWeagugDQKT.exe
C:\DOCUME~1\JOSEPH~1.GAL\LOCALS~1\Temp\jnji.exe
C:\Documents and Settings\All Users\Application Data\21684020.exe
C:\DOCUME~1\JOSEPH~1.GAL\LOCALS~1\Temp\5069E.tmp.exe
C:\DOCUME~1\JOSEPH~1.GAL\LOCALS~1\Temp\506A0.tmp.exe
\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\DOCUME~1\JOSEPH~1.GAL\LOCALS~1\Temp\Fqh.exe
C:\DOCUME~1\JOSEPH~1.GAL\LOCALS~1\Temp\Fqn.exe
C:\DOCUME~1\JOSEPH~1.GAL\LOCALS~1\Temp\Fqq.exe
C:\DOCUME~1\JOSEPH~1.GAL\LOCALS~1\Temp\Fqs.exe
C:\DOCUME~1\JOSEPH~1.GAL\LOCALS~1\Temp\Fqu.exe
C:\PROGRA~1\McAfee\MSC\mcinfo.exe
C:\DOCUME~1\JOSEPH~1.GAL\LOCALS~1\Temp\Fqv.exe


--- ATTENTION ---

Windows was configured to use a proxy! Proxy settings have been removed.

The Proxy Server that was configured is: http=127.0.0.1:51030

If this was a valid setting, please double-click on the rk-proxy.reg file on your desktop and allow the data to be merged to restore your proxy settings.


Rkill completed on 04/18/2011 at 18:51:32.


Thank you

Joey Jiggles
Intermediate
Intermediate

Posts Posts : 187
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 30316
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Recovery?

Post by Belahzur on 20th April 2011, 9:47 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Recovery?

Post by Joey Jiggles on 4th May 2011, 3:39 am

ok so since my computer is freaking out.. McAfee is saying it is trying to block Tool-NirCmd. No matter how many times I click it will not go away. I am still attemtping ComboFix

Joey Jiggles
Intermediate
Intermediate

Posts Posts : 187
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 30316
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Recovery?

Post by Joey Jiggles on 4th May 2011, 4:24 am

ok I am having some serious problems over here.. Combofix found "rootkit" and is having some serious trouble. It was talking about dumping my memory? I am trying to run ComboFix again in Safe Mode, and it isn't really letting me. I am going to runa nother malware and try combo again.

PLEASE HELP!!

Joey Jiggles
Intermediate
Intermediate

Posts Posts : 187
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 30316
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Recovery?

Post by Joey Jiggles on 4th May 2011, 6:08 am

ok so I couldn't use Combofix properly for a while until I used Malware in SAFE MODE. Malware is 58 days old and I was not able to update it on that laptop, but I ran it anyway (log is below). Once I did I ran combofix again after restarting it in SAFE MODE. It went through all of its stages this time and restarted back in normal mode which I had no control over. The computer was doing it's typical crazy stuff... opened a folder named Windows and showed a virus saying Tool-NirCmd for about 15 min. or so. Finally it gave me a log which I had to search for and put on my flash drive.. see Combo Log Below. I then ran Malware AGAIN but it let me update this time! see update Malware below:

1st Malware on Safe Mode:


Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 5975

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

5/3/2011 11:54:14 PM
mbam-log-2011-05-03 (23-54-14).txt

Scan type: Quick scan
Objects scanned: 161465
Time elapsed: 10 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cftmon (Heuristics.Shuriken) -> Value: cftmon -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tukdtjsrx (Malware.Packer.Gen) -> Value: tukdtjsrx -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\DOCUME~1\JOSEPH~1.GAL\LOCALS~1\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\qnhtz.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tukdtjsrx.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\documents and settings\joseph w. gallo\application data\dwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dgjasr46w.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqsmy.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thws.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\documents and settings\joseph w. gallo\local settings\Temp\50690.tmp.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\documents and settings\joseph w. gallo\local settings\Temp\506a1.tmp.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\documents and settings\joseph w. gallo\local settings\Temp\506b2.tmp.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\conima.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\Managee.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\documents and settings\joseph w. gallo\application data\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsats.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\service.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winset.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\documents and settings\joseph w. gallo\local settings\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

ComboFix:


ComboFix 11-05-03.02 - Joseph W. Gallo 05/04/2011 0:28:10.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.807 [GMT -5:00]
Running from: F:\ComboFix.exe
AV: McAfee VirusScan *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Application Data\21684020.exe
C:\Documents and Settings\All Users\Application Data\JwWeagugDQKT.exe
C:\Documents and Settings\All Users\Start Menu\E-Set 2011
C:\Documents and Settings\All Users\Start Menu\E-Set 2011\E-Set Antivirus 2011.lnk
C:\Documents and Settings\All Users\Start Menu\E-Set 2011\Uninstall.lnk
C:\Documents and Settings\Joseph W. Gallo\Application Data\chrtmp
C:\Documents and Settings\Joseph W. Gallo\delme.bat
C:\Documents and Settings\Joseph W. Gallo\Desktop\E-set Antivirus 2011.lnk
C:\Documents and Settings\Joseph W. Gallo\Desktop\Windows Recovery.lnk
C:\Documents and Settings\Joseph W. Gallo\Local Settings\Application Data\{953EDD09-990C-49B9-B0DA-70A43ECFF282}
C:\Documents and Settings\Joseph W. Gallo\Local Settings\Application Data\{953EDD09-990C-49B9-B0DA-70A43ECFF282}\chrome.manifest
C:\Documents and Settings\Joseph W. Gallo\Local Settings\Application Data\{953EDD09-990C-49B9-B0DA-70A43ECFF282}\chrome\content\_cfg.js
C:\Documents and Settings\Joseph W. Gallo\Local Settings\Application Data\{953EDD09-990C-49B9-B0DA-70A43ECFF282}\chrome\content\overlay.xul
C:\Documents and Settings\Joseph W. Gallo\Local Settings\Application Data\{953EDD09-990C-49B9-B0DA-70A43ECFF282}\install.rdf
C:\Documents and Settings\Joseph W. Gallo\Start Menu\Programs\Windows Recovery
C:\Documents and Settings\Joseph W. Gallo\Start Menu\Programs\Windows Recovery\Uninstall Windows Recovery.lnk
C:\Documents and Settings\Joseph W. Gallo\Start Menu\Programs\Windows Recovery\Windows Recovery.lnk
C:\Program Files\E-set 2011
C:\Program Files\E-Set 2011\e-set.exe
C:\Program Files\E-set 2011\win.exe
C:\winclaster
C:\winclaster\config.bin
C:\winclaster\winclaster.exe
C:\WINDOWS\owigilidupaya.dll
C:\WINDOWS\system32\Install.txt
C:\WINDOWS\system32\itlnfw32.dll
C:\WINDOWS\system32\itlpfw32.dll
C:\WINDOWS\system32\msiexecs.exe
C:\WINDOWS\system32\Nwsapagents.dll
C:\WINDOWS\system32\tukdtjsr.exe
C:\WINDOWS\system32\tukdtjsr.txt
C:\WINDOWS\windupdate


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IAS
-------\Legacy_ITLPERF
-------\Legacy_NWSAPAGENT
-------\Legacy_PLUG_MANAGER
-------\Legacy_TCPSR
-------\Service_Ias
-------\Service_itlperf
-------\Service_Nwsapagent
-------\Service_Plug Manager


((((((((((((((((((((((((( Files Created from 2011-04-04 to 2011-05-04 )))))))))))))))))))))))))))))))


2011-04-19 22:12:18 . 2011-04-18 23:46:44 126464 ---ha-w- C:\WINDOWS\Fqysui.exe
2011-04-19 00:27:18 . 2011-04-18 23:46:44 126464 ---ha-w- C:\WINDOWS\Fqysuh.exe
2011-04-19 00:22:19 . 2011-04-18 23:46:44 126464 ---ha-w- C:\WINDOWS\Fqysug.exe
2011-04-19 00:20:55 . 2011-04-18 23:46:40 126464 ---ha-w- C:\WINDOWS\Fqysuf.exe
2011-04-19 00:08:32 . 2011-04-19 00:08:32 54016 ----a-w- C:\WINDOWS\system32\drivers\jdka.sys
2011-04-18 23:42:15 . 2011-04-18 22:48:08 126464 ---ha-w- C:\WINDOWS\Fqysue.exe
2011-04-18 23:42:03 . 2011-04-18 22:48:08 126464 ---ha-w- C:\WINDOWS\Fqysud.exe
2011-04-18 23:23:11 . 2011-04-18 23:23:11 123392 --sha-r- C:\WINDOWS\system32\WMVADVDW.dll
2011-04-18 23:23:11 . 2011-04-18 23:23:11 123392 --sha-r- C:\WINDOWS\system32\ntbackup3.dll
2011-04-18 23:22:53 . 2011-04-18 23:22:20 126464 ---ha-w- C:\WINDOWS\Fqysua.exe
2011-04-18 23:21:18 . 2011-04-04 13:41:36 129536 ---ha-w- C:\Documents and Settings\Joseph W. Gallo\Application Data\Microsoft\Windows Media\12.0\wmpacm.exe
2011-04-18 23:20:48 . 2011-04-18 23:20:50 221175 ---ha-w- C:\temp\715a959e-4522-4844-9027-452ea7a8219f\setup_9302.exe
2011-04-18 23:20:43 . 2011-04-18 23:20:43 -------- d-----w- C:\Temp
2011-04-18 22:50:26 . 2011-05-04 05:00:37 603530 ----a-w- C:\WINDOWS\system32\PerfStringBackup.TMP
2011-04-18 22:48:50 . 2011-05-04 03:35:28 0 ---ha-w- C:\WINDOWS\Hyatevasuqeruz.bin
2011-04-18 22:48:29 . 2011-04-18 22:47:09 126464 ---ha-w- C:\WINDOWS\Fqysuc.exe
2011-04-18 22:47:52 . 2011-04-18 22:47:01 126464 ---ha-w- C:\WINDOWS\Fqysub.exe
2011-04-18 22:14:42 . 2011-04-18 22:14:42 232916 ---h--w- C:\temp\715a959e-4522-4844-9027-452ea7a8219f\OfferApp-2538.exe
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-02-09 13:53:52 . 2004-08-04 10:00:00 270848 ---ha-w- C:\WINDOWS\system32\sbe.dll
2011-02-09 13:53:52 . 2004-08-04 10:00:00 186880 ---ha-w- C:\WINDOWS\system32\encdec.dll
2009-01-20 15:11:59 . 2009-01-20 15:11:58 16168344 ---ha-w- C:\Program Files\jre-6u11-windows-i586-p.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 13:25:29 68856]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-10-31 19:22:38 50480]
"Universal Installer"="C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 19:50:54 984616]
"Desktop Software"="C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 19:50:54 984616]
"TBXQRHV4KR"="C:\WINDOWS\Fqysui.exe" [2011-04-18 23:46:44 126464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-04-16 02:49:08 159744]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-02-20 17:29:08 1191936]
"Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 13:32:54 102400]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 08:10:54 1392640]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 19:05:50 282624]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 22:23:38 118784]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-06-21 01:36:46 227328]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 21:24:20 54840]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 01:54:31 623992]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-06 16:32:37 185896]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 15:22:30 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 19:25:54 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 19:45:52 40960]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 12:46:30 622592]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe" [2005-01-26 23:02:22 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 17:18:06 77824]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 18:07:34 496752]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 22:54:22 99480]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-02 00:12:38 582992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 20:09:14 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-09 04:02:08 289576]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-18 16:45:36 138008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-05-18 16:45:32 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-18 16:45:34 138008]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 04:26:32 303104]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-01-20 15:15:18 136600]
"Windows Media Player ACM"="C:\Documents and Settings\Joseph W. Gallo\Application Data\Microsoft\Windows Media\12.0\wmpacm.exe" [2011-04-04 13:41:36 129536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 13:25:29 68856]

C:\Documents and Settings\Joseph W. Gallo\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-8-29 360448]
Windows Media Player ACM.lnk - C:\Documents and Settings\Joseph W. Gallo\Application Data\Microsoft\Windows Media\12.0\wmpacm.exe [2011-4-18 129536]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2007-11-5 156784]
AOL Companion.lnk - C:\Program Files\AOL Companion\companion.exe [2007-11-5 250992]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-6-20 50688]
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-8-25 192512]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-24 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 15:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 20:56:38 352256 ---ha-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [12/4/2008 2:50:04 PM 8944]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 2:50:02 PM 55024]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 2:21:48 PM 79432]
R3 DXEC01;DXEC01;C:\WINDOWS\system32\drivers\dxec01.sys [11/2/2006 12:32:32 PM 97536]
S3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 2:50:06 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
itlsvc REG_MULTI_SZ itlperf

Contents of the 'Scheduled Tasks' folder

2011-01-29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57:18 . 2008-07-30 17:34:12]

2011-03-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-06-21 01:34:43 . 2007-12-04 18:32:10]

2010-01-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-06-21 01:34:43 . 2007-12-04 18:32:10]

2011-05-04 C:\WINDOWS\Tasks\WGASetup.job
- C:\WINDOWS\system32\KB905474\wgasetup.exe [2009-10-22 15:50:47 . 2009-03-11 03:18:08]

2011-05-04 C:\WINDOWS\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
- C:\WINDOWS\Fqysui.exe [2011-04-19 22:12:18 . 2011-04-18 23:46:44]


------- Supplementary Scan -------

uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = aol.com
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
FF - ProfilePath - C:\Documents and Settings\Joseph W. Gallo\Application Data\Mozilla\Firefox\Profiles\ir9j1wpc.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 51030
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: [You must be registered and logged in to see this link.] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

- - - - ORPHANS REMOVED - - - -

HKCU-Run-JwWeagugDQKT - C:\Documents and Settings\All Users\Application Data\JwWeagugDQKT.exe
HKCU-Run-EDF919B4FAA377BF - C:\winclaster\winclaster.exe
HKCU-Run-E-Set 2011 - C:\Program Files\E-Set 2011\e-set.exe
HKLM-Run-Kcowomivok - C:\WINDOWS\owigilidupaya.dll
HKLM-Run-tukdtjsr - C:\WINDOWS\system32\tukdtjsr.exe
Notify-itlntfy - itlnfw32.dll
SafeBoot-ati1pwxx.sys
SafeBoot-ati2fmxx.sys
SafeBoot-ati2jqxx.sys
SafeBoot-ati2owxx.sys
SafeBoot-ati6jqxx.sys
SafeBoot-ati6kqxx.sys
SafeBoot-ati6ucxx.sys
SafeBoot-ati7pxxx.sys
SafeBoot-ati8ipxx.sys
AddRemove-HijackThis - C:\Documents and Settings\Joseph W. Gallo\Local Settings\Temporary Internet Files\Content.IE5\3FWR936H\HijackThis.exe
AddRemove-KB923789 - C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe

2nd Malware Run on Normal Mode:


Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 6502

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/4/2011 1:00:41 AM
mbam-log-2011-05-04 (01-00-41).txt

Scan type: Quick scan
Objects scanned: 161047
Time elapsed: 9 minute(s), 17 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
c:\WINDOWS\Fqysui.exe (Trojan.Downloader) -> 3432 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\TBXQRHV4KR (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TBXQRHV4KR (Trojan.Downloader) -> Value: TBXQRHV4KR -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Media Player ACM (Trojan.Agent) -> Value: Windows Media Player ACM -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JwWeagugDQKT (Rogue.Agent.SA) -> Value: JwWeagugDQKT -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\E-Set 2011 (Rogue.FakeEset) -> Value: E-Set 2011 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tukdtjsr (Trojan.Downloader) -> Value: tukdtjsr -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Fqysui.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\joseph w. gallo\application data\microsoft\windows media\12.0\wmpacm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Fqysua.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Fqysub.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Fqysuc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Fqysud.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Fqysue.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Fqysuf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Fqysug.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Fqysuh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\documents and settings\joseph w. gallo\application data\microsoft\windows media\12.0\locale.cls (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\joseph w. gallo\start menu\Programs\Startup\windows media player acm.lnk (Trojan.Agent) -> Quarantined and deleted successfully.

Joey Jiggles
Intermediate
Intermediate

Posts Posts : 187
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 30316
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Recovery?

Post by Belahzur on 4th May 2011, 2:32 pm

Hello.
Please re-run Combofix one more time, as MBAM has removed a few things and I need to see what's left.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Recovery?

Post by Joey Jiggles on 5th May 2011, 1:51 am

When I start my computer 3 notifications come up: 1) Windows Internet Explorer "Cannot find 'file:///". Math sure the path or Interent address is correct" 2) RUNDLL "Error lading C:\WINDOWS\owigilidupaya.dll The specified module could not be found" and 3) it keeps telling me my "spyware" is saying that my internet explorer's home page is trying to be changed (very annoying).

I had to completely remove McaFee and restart my compt for Combofix to work properly. Here is the log:


ComboFix 11-05-04.02 - Joseph W. Gallo 05/04/2011 20:29:25.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.479 [GMT -5:00]
Running from: F:\Combo-Fix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\21684020.exe
c:\documents and settings\All Users\Application Data\JwWeagugDQKT.exe
c:\documents and settings\All Users\Start Menu\E-Set 2011\E-Set Antivirus 2011.lnk
c:\documents and settings\All Users\Start Menu\E-Set 2011\Uninstall.lnk
c:\documents and settings\Joseph W. Gallo\Application Data\chrtmp
c:\documents and settings\Joseph W. Gallo\delme.bat
c:\documents and settings\Joseph W. Gallo\Desktop\E-set Antivirus 2011.lnk
c:\documents and settings\Joseph W. Gallo\Desktop\Windows Recovery.lnk
c:\documents and settings\Joseph W. Gallo\Local Settings\Application Data\{953EDD09-990C-49B9-B0DA-70A43ECFF282}\chrome.manifest
c:\documents and settings\Joseph W. Gallo\Local Settings\Application Data\{953EDD09-990C-49B9-B0DA-70A43ECFF282}\chrome\content\_cfg.js
c:\documents and settings\Joseph W. Gallo\Local Settings\Application Data\{953EDD09-990C-49B9-B0DA-70A43ECFF282}\chrome\content\overlay.xul
c:\documents and settings\Joseph W. Gallo\Local Settings\Application Data\{953EDD09-990C-49B9-B0DA-70A43ECFF282}\install.rdf
c:\documents and settings\Joseph W. Gallo\Start Menu\Programs\Windows Recovery\Uninstall Windows Recovery.lnk
c:\documents and settings\Joseph W. Gallo\Start Menu\Programs\Windows Recovery\Windows Recovery.lnk
c:\program files\E-Set 2011\e-set.exe
c:\program files\E-set 2011\win.exe
c:\winclaster\config.bin
c:\winclaster\winclaster.exe
c:\windows\owigilidupaya.dll
c:\windows\system32\Install.txt
c:\windows\system32\itlnfw32.dll
c:\windows\system32\itlpfw32.dll
c:\windows\system32\msiexecs.exe
c:\windows\system32\Nwsapagents.dll
c:\windows\system32\tukdtjsr.exe
c:\windows\system32\tukdtjsr.txt
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_IAS
-------\Legacy_ITLPERF
-------\Legacy_NWSAPAGENT
-------\Legacy_PLUG_MANAGER
-------\Legacy_TCPSR
-------\Service_Ias
-------\Service_itlperf
-------\Service_Nwsapagent
-------\Service_Plug Manager
.
.
((((((((((((((((((((((((( Files Created from 2011-04-05 to 2011-05-05 )))))))))))))))))))))))))))))))
.
.
2011-04-19 00:08 . 2011-04-19 00:08 54016 ----a-w- c:\windows\system32\drivers\jdka.sys
2011-04-18 23:23 . 2011-04-18 23:23 123392 --sha-r- c:\windows\system32\WMVADVDW.dll
2011-04-18 23:23 . 2011-04-18 23:23 123392 --sha-r- c:\windows\system32\ntbackup3.dll
2011-04-18 23:20 . 2011-04-18 23:20 221175 ---ha-w- c:\temp\715a959e-4522-4844-9027-452ea7a8219f\setup_9302.exe
2011-04-18 23:20 . 2011-04-18 23:20 -------- d-----w- C:\Temp
2011-04-18 22:50 . 2011-05-05 01:13 603530 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-04-18 22:48 . 2011-05-04 03:35 0 ---ha-w- c:\windows\Hyatevasuqeruz.bin
2011-04-18 22:14 . 2011-04-18 22:14 232916 ---h--w- c:\temp\715a959e-4522-4844-9027-452ea7a8219f\OfferApp-2538.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-04 10:00 270848 ---ha-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 10:00 186880 ---ha-w- c:\windows\system32\encdec.dll
2009-01-20 15:11 . 2009-01-20 15:11 16168344 ---ha-w- c:\program files\jre-6u11-windows-i586-p.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 68856]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"Universal Installer"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616]
"Desktop Software"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616]
"EDF919B4FAA377BF"="c:\winclaster\winclaster.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 102400]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-06-21 227328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-07-06 185896]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06b\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 99480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-09 289576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-20 136600]
"Kcowomivok"="c:\windows\owigilidupaya.dll" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 68856]
.
c:\documents and settings\Joseph W. Gallo\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2007-11-5 156784]
AOL Companion.lnk - c:\program files\AOL Companion\companion.exe [2007-11-5 250992]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-6-20 50688]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-8-25 192512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-24 282624]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 20:56 352256 ---ha-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\itlntfy]
itlnfw32.dll [BU]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/4/2008 2:50 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 2:50 PM 55024]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 2:21 PM 79432]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 12:32 PM 97536]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 2:50 PM 7408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
itlsvc REG_MULTI_SZ itlperf
.
Contents of the 'Scheduled Tasks' folder
.
2011-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
.
2011-05-05 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-22 03:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = aol.com
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Joseph W. Gallo\Application Data\Mozilla\Firefox\Profiles\ir9j1wpc.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 51030
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-05-04 20:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3828)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Wave Systems Corp\Common\DataServer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\StacSV.exe
c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\wscntfy.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\stsystra.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2011-05-04 20:47:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-05 01:47
.
Pre-Run: 56,358,961,152 bytes free
Post-Run: 56,366,460,928 bytes free
.
- - End Of File - - B81B8D605AC830120D5D6FAC42874A1E

Joey Jiggles
Intermediate
Intermediate

Posts Posts : 187
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 30316
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Recovery?

Post by Belahzur on 5th May 2011, 6:22 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    File::
    c:\windows\system32\drivers\jdka.sys
    c:\windows\system32\WMVADVDW.dll
    c:\windows\system32\ntbackup3.dll
    c:\temp\715a959e-4522-4844-9027-452ea7a8219f\setup_9302.exe
    c:\windows\Hyatevasuqeruz.bin
    c:\temp\715a959e-4522-4844-9027-452ea7a8219f\OfferApp-2538.exe

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EDF919B4FAA377BF"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Kcowomivok"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\itlntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    "itlsvc"=-

    Firefox::
    FF - ProfilePath - c:\documents and settings\Joseph W. Gallo\Application Data\Mozilla\Firefox\Profiles\ir9j1wpc.default\
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 51030
    FF - prefs.js: network.proxy.type - 1
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Recovery?

Post by Joey Jiggles on 18th May 2011, 2:00 am

Sorry for the delay! Here is my combofix log!

ComboFix 11-05-17.01 - Joseph W. Gallo 05/17/2011 20:42:37.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.583 [GMT -5:00]
Running from: F:\Combo-Fix.exe
Command switches used :: F:\CFScript.txt
* Created a new restore point
.
FILE ::
"c:\temp\715a959e-4522-4844-9027-452ea7a8219f\OfferApp-2538.exe"
"c:\temp\715a959e-4522-4844-9027-452ea7a8219f\setup_9302.exe"
"c:\windows\Hyatevasuqeruz.bin"
"c:\windows\system32\drivers\jdka.sys"
"c:\windows\system32\ntbackup3.dll"
"c:\windows\system32\WMVADVDW.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\temp\715a959e-4522-4844-9027-452ea7a8219f\OfferApp-2538.exe
c:\temp\715a959e-4522-4844-9027-452ea7a8219f\setup_9302.exe
c:\windows\Hyatevasuqeruz.bin
c:\windows\system32\drivers\jdka.sys
c:\windows\system32\ntbackup3.dll
c:\windows\system32\WMVADVDW.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))
.
.
2011-04-18 23:20 . 2011-04-18 23:20 -------- d-----w- C:\Temp
2011-04-18 22:50 . 2011-05-05 01:13 603530 ----a-w- c:\windows\system32\PerfStringBackup.TMP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 15:11 . 2009-01-20 15:11 16168344 ---ha-w- c:\program files\jre-6u11-windows-i586-p.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 68856]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"Universal Installer"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616]
"Desktop Software"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 102400]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-06-21 227328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-07-06 185896]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06b\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 99480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-09 289576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-20 136600]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 68856]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2007-11-5 156784]
AOL Companion.lnk - c:\program files\AOL Companion\companion.exe [2007-11-5 250992]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-6-20 50688]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-8-25 192512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-24 282624]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 20:56 352256 ---ha-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/4/2008 2:50 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 2:50 PM 55024]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 2:21 PM 79432]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 12:32 PM 97536]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 2:50 PM 7408]
.
Contents of the 'Scheduled Tasks' folder
.
2011-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
.
2011-05-18 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-22 03:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = aol.com
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Joseph W. Gallo\Application Data\Mozilla\Firefox\Profiles\ir9j1wpc.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-05-17 20:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3588)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Wave Systems Corp\Common\DataServer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\StacSV.exe
c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-05-17 20:53:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-18 01:53
ComboFix2.txt 2011-05-05 01:47
.
Pre-Run: 56,383,561,728 bytes free
Post-Run: 56,372,572,160 bytes free
.
- - End Of File - - 6E2ECE703B3407D39EAE8A8C37EAF939

Joey Jiggles
Intermediate
Intermediate

Posts Posts : 187
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 30316
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Recovery?

Post by Belahzur on 18th May 2011, 7:16 pm

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Recovery?

Post by Joey Jiggles on 25th May 2011, 3:58 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17095 (vista_gdr.101217-1830)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=102ff5c911a86e4da64c1c4b0ec5a93d
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-25 03:51:44
# local_time=2011-05-24 10:51:44 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=72109
# found=35
# cleaned=35
# scan_time=2127
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\21684020.exe.vir a variant of Win32/Kryptik.CO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\JwWeagugDQKT.exe.vir a variant of Win32/Kryptik.MUE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\E-Set 2011\e-set.exe.vir a variant of Win32/Kryptik.NKI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\E-Set 2011\win.exe.vir Win32/Agent.SLY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\winclaster\winclaster.exe.vir Win32/Spy.SpyEye.CA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\owigilidupaya.dll.vir a variant of Win32/Kryptik.MTG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\itlnfw32.dll.vir a variant of Win32/Koblu.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\itlpfw32.dll.vir probably a variant of Win32/Agent.LETAMLH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\msiexecs.exe.vir a variant of Win32/Kryptik.NKI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\ntbackup3.dll.vir a variant of Win32/Kryptik.NDH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Nwsapagents.dll.vir a variant of Win32/Agent.OLC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\tukdtjsr.exe.vir probably a variant of Win32/Refpron.G trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\WMVADVDW.dll.vir a variant of Win32/Kryptik.NDH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\volsnap.sys.vir Win32/Olmasco.E trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP144\A0041060.sys Win32/Olmasco.E trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP145\A0042096.exe a variant of Win32/Injector.GAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP145\A0042097.exe a variant of Win32/TrojanDropper.VB.NPV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP145\A0042098.exe a variant of Win32/Kryptik.MYA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP145\A0042099.exe a variant of Win32/TrojanClicker.VB.NFM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP145\A0042100.exe a variant of Win32/Injector.GAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP145\A0042101.exe a variant of Win32/Injector.GAU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP145\A0042102.exe a variant of Win32/Kryptik.MUD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP145\A0042283.exe a variant of Win32/Kryptik.CO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP145\A0042284.exe a variant of Win32/Kryptik.MUE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP145\A0042293.exe a variant of Win32/Kryptik.NKI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP145\A0042294.exe Win32/Agent.SLY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP145\A0042295.exe Win32/Spy.SpyEye.CA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP145\A0042296.dll a variant of Win32/Kryptik.MTG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP145\A0042297.dll a variant of Win32/Koblu.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP145\A0042298.dll probably a variant of Win32/Agent.LETAMLH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP145\A0042299.exe a variant of Win32/Kryptik.NKI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP145\A0042300.dll a variant of Win32/Agent.OLC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP145\A0042301.exe probably a variant of Win32/Refpron.G trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP146\A0043661.dll a variant of Win32/Kryptik.NDH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP146\A0043662.dll a variant of Win32/Kryptik.NDH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Joey Jiggles
Intermediate
Intermediate

Posts Posts : 187
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 30316
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Recovery?

Post by Belahzur on 30th May 2011, 8:14 pm

Hello.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Recovery?

Post by Joey Jiggles on 1st June 2011, 12:18 am

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Acrobat 8.1.2 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AIM 6
AIM Toolbar 5.0
AIMTunes
Amazon MP3 Downloader 1.0.3
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Uninstaller
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
biolsp patch
Broadcom ASF Management Applications
Broadcom Management Programs
Broadcom TPM Driver Installer
Brother MFL-Pro Suite
Business Complete Care Services Agreement
Business Contact Manager for Outlook 2007 SP1
Business Contact Manager for Outlook 2007 SP1
CCleaner (remove only)
Comcast Universal Installer v1.2
Conexant HDA D330 MDC V.92 Modem
Dell Embassy Trust Suite by Wave Systems
Dell Support 3.2.1
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
Document Manager Lite
EMBASSY Security Center
EMBASSY Trust Suite by Wave Systems
ETS Launch Pad
ETS Upgrade
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet 6900 series
HP Extended Capabilities 6.0
HP Imaging Device Functions 6.0
HP Photosmart Essential
HP Solution Center and Imaging Support Tools 6.0
HP Update
Intel(R) Graphics Media Accelerator Driver
IntelliSonic Speech Enhancement
iTunes
Java(TM) 6 Update 11
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Modem Diagnostic Tool
Mozilla Firefox (3.6.16)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
NetWaiting
NTRU Hybrid TSS v2.0.25
PaperPort
PowerDVD
Preboot Manager
Private Information Manager
Pure Networks Port Magic
QuickSet
QuickTime
RealPlayer
Rhapsody Player Engine
SearchAssist
Secure Update
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Security Wizards
SigmaTel Audio
SUPERAntiSpyware Free Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb957829)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
upekmsi
URL Assistant
Viewpoint Media Player
Wave Infrastructure Installer
Wave Support Software
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver


Joey Jiggles
Intermediate
Intermediate

Posts Posts : 187
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 30316
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Recovery?

Post by Belahzur on 1st June 2011, 10:24 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 11
    Viewpoint Media Player

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u25-windows-i586.exe that you downloaded to install the newest version.


Please download [You must be registered and logged in to see this link.] and install it. It will install over version 3.6.16 you currently have installed, so you won't lose any bookmarked websites.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Recovery?

Post by Joey Jiggles on 8th June 2011, 4:45 am

It works so much better thank you so much, but I keep getting this prompt whenever I start up my computer: "Cannot find 'file:///". Make sure the path or Internet address is correct."

Do you know why that is by any chance?

Joey Jiggles
Intermediate
Intermediate

Posts Posts : 187
Joined Joined : 2009-01-12
OS OS : Windows XP
Points Points : 30316
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Recovery?

Post by Belahzur on 8th June 2011, 9:06 pm

Please post a new OTL log. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum