Login | Live Chat & Podcast at 1:00PM Eastern on Sunday! |
 Search | |
| |
03-Nov-2009, 04:35 PM
#1 | ||||||
| Hijack this log w/ problems associated |
| |
05-Nov-2009, 08:44 PM
#3 | ||||||
| Hello and welcome to TSG Forums My handle is juju68 and I will be assisting you in the removal of malware your computer may have. Please follow these guidelines as we work to clean your computer.
NOTE: I am in training at Malware Removal University. I must get my replies to you approved by a malware expert which means it could take slightly longer to get back to you. Your patience is appreciated.  Installed Program List I would be helpful to see a list of programs installed on your computer.
You will see a list of programs installed on your computer. Please click the Save List... button and specify where you would like to save the list. Once you click Save, the list will open in Notepad. Simply copy and paste the entire contents of Notepad in your next post.
__________________ Graduate of Malware Removal University. You too could train to help others. Threads not responded to for 5 days will no longer be part of my subscriptions. |
06-Nov-2009, 05:53 PM
#6 | ||||||
| Hello lemons12, The malware has had a dent put in it by MalwareBytes' and it works by hooking into the sound system. That is why the sound is not working. We will address that once we deal with the malware. Please download exeHelper to your desktop.
Scan with OTL Click here to download OTL by OldTimer and save it to your Desktop
Scan with GMER Please download GMER Rootkit Scanner from here.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Note: Do not run any programs while Gmer is running. I would like to see exehelperlog.txt, otl.txt, extras.txt and gmer.txt in your next reply.
__________________ Graduate of Malware Removal University. You too could train to help others. Threads not responded to for 5 days will no longer be part of my subscriptions. |
07-Nov-2009, 03:43 AM
#8 | ||||||
| O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.) O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\.DEFAULT\..Trusted Domains: 122 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-18\..Trusted Domains: 122 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-19\..Trusted Domains: 122 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-20\..Trusted Domains: 122 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-21-3003213509-1439805416-3745275972-1006\..Trusted Domains: 125 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1182544253984 (WUWebControl Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1195533471045 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\windows\system32\yagifiza.dll) - C:\WINDOWS\System32\yagifiza.dll File not found O20 - AppInit_DLLs: (yabuvasu.dll) - File not found O20 - AppInit_DLLs: (c:\windows\system32\nonegetu.dll) - C:\WINDOWS\System32\nonegetu.dll File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O21 - SSODL: dorogepit - {a3fe8ea4-2502-498c-91fd-6d6e8a8fcb4a} - C:\WINDOWS\System32\yagifiza.dll File not found O21 - SSODL: huhodulod - {df70f86f-0628-4e96-bc99-d35ad596db0f} - C:\WINDOWS\System32\nonegetu.dll File not found O22 - SharedTaskScheduler: {a3fe8ea4-2502-498c-91fd-6d6e8a8fcb4a} - jugezatag - C:\WINDOWS\System32\yagifiza.dll File not found O22 - SharedTaskScheduler: {df70f86f-0628-4e96-bc99-d35ad596db0f} - kupuhivus - C:\WINDOWS\System32\nonegetu.dll File not found O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - Reg Error: Key error. File not found O27 - HKLM IFEO\taskmgr.exe: Debugger - 776A5 File not found O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{8fcfab02-dd1e-11dc-a4c3-0019b97cc54d}\Shell - "" = AutoRun O33 - MountPoints2\{8fcfab02-dd1e-11dc-a4c3-0019b97cc54d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{8fcfab02-dd1e-11dc-a4c3-0019b97cc54d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{bc29cfca-2f72-11dc-a396-0019b97cc54d}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found O33 - MountPoints2\{bc29cfca-2f72-11dc-a396-0019b97cc54d}\Shell\Shell00\Command - "" = F:\Autorun.exe -- File not found O33 - MountPoints2\{bc29cfca-2f72-11dc-a396-0019b97cc54d}\Shell\Shell01\Command - "" = F:\Autorun.exe -- File not found O33 - MountPoints2\{bc29cfca-2f72-11dc-a396-0019b97cc54d}\Shell\Shell02\Command - "" = F:\Autorun.exe -- File not found O33 - MountPoints2\{c9a98a85-936e-11dd-a5bb-0019b97cc54d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c9a98a85-936e-11dd-a5bb-0019b97cc54d}\Shell\Explore\command - "" = E:\system.exe -- File not found O33 - MountPoints2\{c9a98a85-936e-11dd-a5bb-0019b97cc54d}\Shell\Open\command - "" = E:\system.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/11/07 02:34:45 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Evan\Desktop\OTL.exe [2009/11/04 06:05:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\Desktop\New Folder (5) [2009/11/03 15:18:28 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/11/03 15:17:36 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Evan\Desktop\HijackThisInstaller.exe [2009/10/31 21:51:29 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe [2009/10/31 21:51:29 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe [2009/10/31 21:51:29 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe [2009/10/31 21:51:29 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe [2009/10/31 21:51:29 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe [2009/10/31 21:51:29 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe [2009/10/31 21:51:29 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe [2009/10/31 21:51:29 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe [2009/10/31 21:51:28 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe [2009/10/31 21:51:28 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe [2009/10/31 21:51:28 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe [2009/10/31 21:40:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\Desktop\SmitfraudFix [2009/10/31 21:31:44 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys [2009/10/31 21:31:28 | 00,206,256 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2009/10/31 21:31:28 | 00,086,888 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys [2009/10/31 21:31:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2009/10/31 21:31:15 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys [2009/10/31 21:31:07 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor [2009/10/31 21:31:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\Application Data\PC Tools [2009/10/31 21:31:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools [2009/10/31 20:55:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\Desktop\Unused Desktop Shortcuts [2009/10/23 02:23:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\Desktop\New Folder (8) [2009/10/22 00:03:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer [2009/10/22 00:02:56 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild [2009/10/22 00:02:42 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies [2009/10/22 00:01:57 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe [2009/10/22 00:01:57 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll [2009/10/22 00:01:57 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll [2009/10/22 00:01:56 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll [2009/10/22 00:01:56 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll [2009/10/22 00:01:56 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll [2009/10/22 00:01:56 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll [2009/10/22 00:01:55 | 00,000,000 | ---D | C] -- C:\9a3546a6152e67d5448c89 [2009/10/14 23:07:00 | 25,198,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009/10/13 21:30:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\Application Data\licenses [2009/10/13 21:30:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\Application Data\PCMM2009 [2009/10/13 17:09:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Evan\Application Data\Malwarebytes [2009/10/13 17:05:47 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Evan\Desktop\mbam-setup.exe [2009/10/13 16:58:32 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/10/13 16:58:30 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/10/13 16:58:30 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/10/13 16:58:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/10/12 16:26:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\schtml [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/11/07 02:34:45 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evan\Desktop\OTL.exe [2009/11/07 02:34:13 | 00,537,970 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/11/07 02:34:13 | 00,452,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/11/07 02:34:13 | 00,076,604 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/11/07 02:30:33 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/11/07 02:29:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/07 02:29:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/11/07 02:29:41 | 93,747,2000 | -HS- | M] () -- C:\hiberfil.sys [2009/11/07 02:27:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/11/06 13:28:56 | 44,744,893 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009/11/06 13:26:06 | 08,126,464 | -H-- | M] () -- C:\Documents and Settings\Evan\NTUSER.DAT [2009/11/06 13:25:36 | 00,262,090 | -H-- | M] () -- C:\Documents and Settings\Evan\Local Settings\Application Data\IconCache.db [2009/11/05 21:54:57 | 00,086,225 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009/11/04 06:44:00 | 00,079,872 | ---- | M] () -- C:\Documents and Settings\Evan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/03 15:18:30 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Evan\Desktop\HijackThis.lnk [2009/11/03 15:17:37 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Evan\Desktop\HijackThisInstaller.exe [2009/10/31 22:53:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/10/31 21:52:44 | 00,003,396 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg [2009/10/31 21:40:41 | 01,872,472 | ---- | M] () -- C:\Documents and Settings\Evan\Desktop\SmitfraudFix.exe [2009/10/30 22:34:13 | 00,048,144 | ---- | M] () -- C:\Documents and Settings\Evan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/10/30 22:33:47 | 00,172,330 | ---- | M] () -- C:\Documents and Settings\Evan\Desktop\1030091949.3g2 [2009/10/24 02:02:56 | 00,029,453 | ---- | M] () -- C:\Documents and Settings\Evan\Desktop\lc97b42563d183de549f6a3.jpg [2009/10/23 02:24:55 | 00,208,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/10/22 23:42:05 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/10/20 23:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll [2009/10/20 23:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2009/10/13 17:09:54 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/13 17:05:59 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Evan\Desktop\mbam-setup.exe [2009/10/13 16:56:09 | 00,000,075 | ---- | M] () -- C:\Documents and Settings\Evan\Desktop\FixExe.reg [2009/10/13 16:51:30 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\gidudele [2009/10/13 16:44:32 | 00,544,768 | ---- | M] () -- C:\WINDOWS\System32\pump.exe [2009/10/13 16:43:53 | 00,000,109 | ---- | M] () -- C:\Documents and Settings\Evan\Desktop\fixtm.reg [2009/10/12 16:21:36 | 00,000,009 | ---- | M] () -- C:\WINDOWS\System32\nuar.old [2009/10/12 16:18:36 | 00,000,036 | ---- | M] () -- C:\WINDOWS\System32\skynet.dat [2009/10/12 01:49:35 | 00,047,445 | ---- | M] () -- C:\Documents and Settings\Evan\Desktop\fuqnvl.jpg [2009/10/12 01:49:31 | 00,053,182 | ---- | M] () -- C:\Documents and Settings\Evan\Desktop\14d262p.jpg [2009/10/09 00:37:38 | 00,014,812 | ---- | M] () -- C:\Documents and Settings\Evan\Desktop\stop_being_stupid_postcard-p239126473034919617trdg_400.jpg [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/11/03 15:18:30 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Evan\Desktop\HijackThis.lnk [2009/10/31 21:51:29 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe [2009/10/31 21:51:28 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe [2009/10/31 21:51:28 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe [2009/10/31 21:41:53 | 00,003,396 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg [2009/10/31 21:40:26 | 01,872,472 | ---- | C] () -- C:\Documents and Settings\Evan\Desktop\SmitfraudFix.exe [2009/10/31 21:31:28 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat [2009/10/30 22:33:46 | 00,172,330 | ---- | C] () -- C:\Documents and Settings\Evan\Desktop\1030091949.3g2 [2009/10/24 02:02:53 | 00,029,453 | ---- | C] () -- C:\Documents and Settings\Evan\Desktop\lc97b42563d183de549f6a3.jpg [2009/10/22 02:41:44 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat [2009/10/13 17:09:54 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/13 16:56:08 | 00,000,075 | ---- | C] () -- C:\Documents and Settings\Evan\Desktop\FixExe.reg [2009/10/13 16:43:52 | 00,000,109 | ---- | C] () -- C:\Documents and Settings\Evan\Desktop\fixtm.reg [2009/10/12 16:21:36 | 00,000,009 | ---- | C] () -- C:\WINDOWS\System32\nuar.old [2009/10/12 16:18:36 | 00,544,768 | ---- | C] () -- C:\WINDOWS\System32\pump.exe [2009/10/12 16:18:36 | 00,000,036 | ---- | C] () -- C:\WINDOWS\System32\skynet.dat [2009/10/12 01:49:34 | 00,047,445 | ---- | C] () -- C:\Documents and Settings\Evan\Desktop\fuqnvl.jpg [2009/10/12 01:49:29 | 00,053,182 | ---- | C] () -- C:\Documents and Settings\Evan\Desktop\14d262p.jpg [2009/10/09 00:37:37 | 00,014,812 | ---- | C] () -- C:\Documents and Settings\Evan\Desktop\stop_being_stupid_postcard-p239126473034919617trdg_400.jpg [2009/07/12 16:07:21 | 00,000,003 | -HS- | C] () -- C:\WINDOWS\System32\dakotari.dll [2009/03/07 17:54:07 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2009/03/07 17:54:07 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2009/03/07 17:54:07 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2008/11/13 00:06:34 | 00,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2008/07/28 11:38:17 | 00,004,473 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2008/02/17 01:21:44 | 00,000,043 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib [2007/07/11 01:01:00 | 00,072,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys [2007/07/01 01:16:58 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007/06/25 17:05:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI [2007/06/25 16:13:26 | 00,079,872 | ---- | C] () -- C:\Documents and Settings\Evan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/06/22 11:49:51 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/06/22 10:18:23 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Evan\Application Data\desktop.ini [2007/06/22 10:18:22 | 00,262,090 | -H-- | C] () -- C:\Documents and Settings\Evan\Local Settings\Application Data\IconCache.db [2007/06/22 10:18:22 | 00,048,144 | ---- | C] () -- C:\Documents and Settings\Evan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2007/06/22 10:18:22 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Evan\Local Settings\Application Data\fusioncache.dat [2007/06/19 14:00:27 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007/06/19 13:23:00 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2007/06/19 13:22:54 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2007/06/19 13:22:32 | 00,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/10 12:57:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2004/08/10 12:51:28 | 00,000,699 | ---- | C] () -- C:\WINDOWS\win.ini [2004/08/10 12:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== Alternate Data Streams ========== @Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP  FC5A2B2< End of report > |
07-Nov-2009, 03:43 AM
#9 | ||||||
| OTL Scan *Extras*----- OTL Extras logfile created on: 11/7/2009 2:36:44 AM - Run 1 OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Evan\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 893.97 Mb Total Physical Memory | 376.59 Mb Available Physical Memory | 42.13% Memory free 2.12 Gb Paging File | 1.53 Gb Available in Paging File | 72.16% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 71.45 Gb Total Space | 37.00 Gb Free Space | 51.79% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: EVAN Current User Name: Evan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3003213509-1439805416-3745275972-1006\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet isabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:LocalSubNet isabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:LocalSubNet isabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:LocalSubNet isabled:@xpsp2res.dll,-22002========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found "C:\WINDOWS\system32\P2P Networking\P2P Networking.exe" = C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking -- File not found "C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- File not found "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found "C:\Program Files\14 Degrees East\Fallout Tactics\BOS.exe" = C:\Program Files\14 Degrees East\Fallout Tactics\BOS.exe:*:Enabled:BOS -- () "C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade 1.0 -- File not found "C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation) "C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found "C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire -- File not found "C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\Diablo II\Game.exe" = C:\Program Files\Diablo II\Game.exe:*:Enabled iablo II -- (Blizzard North)"C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe" = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe:* isabled:CLI Application (Command Line Interface) -- File not found"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2 "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36A9D3F8-3FCF-4FBA-A8AD-3C1CE56C8AF4}" = Philips Device Manager "{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0 "{7CDA2B02-E0A4-4EB5-8533-050D535BA43A}" = Media Converter for Philips "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01 "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01 "{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}" = Rhapsody Player Engine "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional "{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8 "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant "{B22C19AE-6A67-4f28-B541-5AE72FB17A25}" = HP Photosmart All-In-One Software 9.0 "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0 "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver "{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{D719E8F1-6931-40b4-AC0B-5FE2C097F995}" = C4200_doccd "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E6963450-7577-4049-8793-2B66B85237C1}" = ATI Catalyst Control Center "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0 "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE "{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "ATI Display Driver" = ATI Display Driver "AVG8Uninstall" = AVG Free 8.5 "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card "CleanUp!" = CleanUp! "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem "Diablo II" = Diablo II "Fallout Tactics" = Fallout Tactics "Fallout2" = Fallout2 "Hamachi" = Hamachi 1.0.3.0 "HijackThis" = HijackThis 2.0.2 "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP Photosmart Essential" = HP Photosmart Essential 2.01 "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Spyware Doctor" = Spyware Doctor 6.1 "ST6UNST #1" = Hero Editor V0.96 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/2/2009 5:44:29 AM | Computer Name = EVAN | Source = LoadPerf | ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 6476, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. Error - 11/2/2009 10:05:21 PM | Computer Name = EVAN | Source = LoadPerf | ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 6476, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. Error - 11/2/2009 10:05:21 PM | Computer Name = EVAN | Source = LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The Error code is the first DWORD in Data section. Error - 11/2/2009 10:05:24 PM | Computer Name = EVAN | Source = LoadPerf | ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 6476, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. Error - 11/3/2009 3:09:33 AM | Computer Name = EVAN | Source = LoadPerf | ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 6476, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. Error - 11/3/2009 3:09:33 AM | Computer Name = EVAN | Source = LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The Error code is the first DWORD in Data section. Error - 11/3/2009 3:09:36 AM | Computer Name = EVAN | Source = LoadPerf | ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 6476, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. Error - 11/3/2009 3:57:11 PM | Computer Name = EVAN | Source = LoadPerf | ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 6476, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. Error - 11/3/2009 3:57:11 PM | Computer Name = EVAN | Source = LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The Error code is the first DWORD in Data section. Error - 11/3/2009 3:57:14 PM | Computer Name = EVAN | Source = LoadPerf | ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 6476, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. [ System Events ] Error - 11/7/2009 3:30:15 AM | Computer Name = EVAN | Source = ati2mtag | ID = 43015 Description = I2c return failed Error - 11/7/2009 3:30:15 AM | Computer Name = EVAN | Source = ati2mtag | ID = 43016 Description = Not an EDID device Error - 11/7/2009 3:30:15 AM | Computer Name = EVAN | Source = ati2mtag | ID = 43016 Description = Not an EDID device Error - 11/7/2009 3:30:15 AM | Computer Name = EVAN | Source = ati2mtag | ID = 43016 Description = Not an EDID device Error - 11/7/2009 3:30:15 AM | Computer Name = EVAN | Source = ati2mtag | ID = 43015 Description = I2c return failed Error - 11/7/2009 3:30:15 AM | Computer Name = EVAN | Source = ati2mtag | ID = 43015 Description = I2c return failed Error - 11/7/2009 3:30:15 AM | Computer Name = EVAN | Source = ati2mtag | ID = 43015 Description = I2c return failed Error - 11/7/2009 3:30:15 AM | Computer Name = EVAN | Source = ati2mtag | ID = 43015 Description = I2c return failed Error - 11/7/2009 3:30:15 AM | Computer Name = EVAN | Source = ati2mtag | ID = 43015 Description = I2c return failed Error - 11/7/2009 3:30:15 AM | Computer Name = EVAN | Source = ati2mtag | ID = 43015 Description = I2c return failed < End of report > |
07-Nov-2009, 04:32 AM
#12 | ||||||
| Also, when I try to play a video the "cant play following formats/update vid codec" box comes up and closes windows media player.. if i open another video it will play but when i "X" the box it takes me to firefox and the WincodecPRO website.. Thanks!!!!! |
07-Nov-2009, 07:49 PM
#13 | ||||||
| Hello lemons12, P2P Warning I notice you had P2P programs installed in the past. You most likely infected your computer by using them to download infected files. P2P use is not a good idea and I strongly suggest you avoid it in the future. Also avoid cracks and keygens as they are most always infected with something and it qualifies as theft. Also, please keep internet use to a minimum until we get your computer cleaned up. Run a command Copy the text in the codebox below Code: process -k dejusched.exe Click Start, click Run... Paste the copied text in the Open: box then click OK If the red/white X in the tray goes away then continue, otherwise do not continue and let me know. Uninstall Program You can re-install this later if you choose. Now, we need to get it out of the way if possible. Click Start, click Run... Type appwiz.cpl and click OK For each of the programs listed below, highlight them in the list and click Remove Spyware Doctor 6.1 Update and Run MalwareBytes' Start MalwareBytes' but do not run a scan yet.
NOTE: If Malwarebytes' encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let it proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent Malwarebytes' from removing all the malware. Please post the contents of the Malwarebytes' log in your next post along with a new HijackThis log. Also please include info on how the computer is now (just like you have been doing  ).
__________________ Graduate of Malware Removal University. You too could train to help others. Threads not responded to for 5 days will no longer be part of my subscriptions. |
 |
| Tags |
| red x blue background |
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
| You Are Using:  |
Advertisements do not imply our endorsement of that product or service. All times are GMT -4. The time now is 04:04 PM. Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved. |  |
[
Facebook
Twitter
TechGuy.tv
TSG Mobile