quannum

Members

View Profile See their activity

Posts
13
Joined
December 14, 2009
Last visited
January 13, 2010

Reputation

0 Neutral

In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

quannum replied to quannum's topic in Resolved Malware Removal Logs

awesome, you have been beyond helpful and I can't thank you enough!!! I really wish there was some way to repay you! you are a modern-day hero, and don't ever let anyone tell you different! I have one last question: beyond avast! and Malwarebytes, is there any other software you recommend I get to protect my computer, or should those two be enough (oh and Kaspersky's online scanner, thank you for showing me that one!) thanks again!
- January 13, 2010
- 23 replies
In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

quannum replied to quannum's topic in Resolved Malware Removal Logs

I hit the cleanup button on the OTL last time you told me to, and I believe the otl deleted itself... everything is running much smoother. let me know what I should do next, or if Im good to go!!!! thanks again, I am in your debt.
- January 10, 2010
- 23 replies
In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

quannum replied to quannum's topic in Resolved Malware Removal Logs

no, its still opening, even after I followed the above steps. I just remembered something...when I was attempting to clean the system myself, I did something (i can't remember what) to stop the itunes helper process from opening on startup. I haven't got a clue what I did, as I was following something I read online that told me how to do this. maybe I inadvertantly did something to cause the my documents to open on startup? also I don't know if this has anything to do with it, but I might as well tell you just incase you think it might have something to do with it...Im using a 2 port usb kvm switch to operate 2 computers with one keyboard and mouse, and its been acting up for the last month...on both computers, the mouse will periodically freeze untill i switch to the other computer (by double tapping ScrLk) then switch back. also the when using the scroll wheel, it will constantly jump back to the top of the page when i am scrolling down. Im using a microsoft wireless intelitype keyboard (that has all the shortcut buttons on top) and a logitech cordless laser mouse, and an iogear kvm switch. thanks again, as always, for having the patience to help a computard such as myself!!! you are the man!
- January 7, 2010
- 23 replies
In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

quannum replied to quannum's topic in Resolved Malware Removal Logs

I deleted it and it still comes up. MOTU is the manufacturer of my Audio interface and MIDI interface, I assume that file was a shortcut for one of their drivers.
- January 6, 2010
- 23 replies
In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

quannum replied to quannum's topic in Resolved Malware Removal Logs

deleted those files and hit cleanup on the OTL. Its running much better, thank you! its still opening My Documents on startup though, which I did not set (nor do I have any idea how to make it not open on startup...I was messing around in the regisry when I was trying to clean this up myself though, so I may have inadvertantly done something), but that aside, things are running much smoother. whats next? thanks again for your continued help, i really, really appreciate it!
- January 6, 2010
- 23 replies
In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

quannum replied to quannum's topic in Resolved Malware Removal Logs

sorry about the delay, i was away for new years, and the scan took almost a day, -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, January 5, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, January 05, 2010 00:35:40 Records in database: 3354800 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ Scan statistics: Objects scanned: 373930 Threats found: 2 Infected objects found: 4 Suspicious objects found: 0 Scan duration: 11:50:13 File name / Threat / Threats count C:\_OTL\MovedFiles\12282009_132942\C_WINDOWS\system32\navavaze.dll Infected: Trojan.Win32.Stuh.ahfz 1 C:\_OTL\MovedFiles\12282009_132942\C_WINDOWS\system32\wasubezu.dll Infected: Trojan.Win32.Stuh.ahfz 1 E:\Production applications\@GOOD INSTALLERS@ VST.VSTi.Plugin.Pack.210505\Voxengo CurveEQ VST v2.0d.rar Infected: Backdoor.Win32.Rbot.vyg 1 E:\Production applications\Matt Sanborn apps\Voxengo\Voxengo CurveEQ VST v2.0d.rar Infected: Backdoor.Win32.Rbot.vyg 1 Selected area has been scanned.
- January 5, 2010
- 23 replies
In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

quannum replied to quannum's topic in Resolved Malware Removal Logs

Things are already running better! should I do a scan with something to make sure im clean so far? you are the man for continuing to help me with this, I really appreciate it. here is the log: Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\WINDOWS\System32\kamohida.exe" deleted successfully. File "C:\WINDOWS\System32\nusijavu.exe" deleted successfully. File "C:\WINDOWS\System32\gewodolu.exe" deleted successfully. File "C:\WINDOWS\System32\zigoboyu.exe" deleted successfully. File "C:\WINDOWS\System32\luyujisi.exe" deleted successfully. File "C:\WINDOWS\System32\zunumava.exe" deleted successfully. File "C:\WINDOWS\System32\zuvimape.exe" deleted successfully. File "C:\WINDOWS\System32\vagiluke.exe" deleted successfully. File "C:\WINDOWS\System32\wakepule.exe" deleted successfully. File "C:\WINDOWS\System32\yudufiyo.exe" deleted successfully. File "C:\WINDOWS\System32\horijavu.exe" deleted successfully. File "C:\WINDOWS\System32\walowiwu.exe" deleted successfully. File "C:\WINDOWS\System32\jodilose.exe" deleted successfully. File "C:\WINDOWS\System32\vapuhonu.exe" deleted successfully. File "C:\WINDOWS\System32\behipaya.exe" deleted successfully. File "C:\Program Files\r.exe" deleted successfully. Completed script processing. ******************* Finished! Terminate.
- December 31, 2009
- 23 replies
In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

quannum replied to quannum's topic in Resolved Malware Removal Logs

I didn't see anything like the icon above, but just incase you were refering to ad-aware, I have removed it (as it was what I used before I had malwarebytes anti-malware). I ran the fix again, and it generated this log: All processes killed ========== OTL ========== File C:\WINDOWS\System32\bibanizu.exe not found. File C:\WINDOWS\System32\kasewari.exe not found. File C:\WINDOWS\System32\lirifufe.exe not found. File C:\WINDOWS\System32\kuvihube.exe not found. File C:\WINDOWS\System32\gidobedi.exe not found. File C:\WINDOWS\System32\fasihebu.exe not found. File C:\WINDOWS\System32\vodarowo.exe not found. File C:\WINDOWS\System32\zolahipu.exe not found. File C:\WINDOWS\System32\kuwovogi.exe not found. File C:\WINDOWS\System32\gugatemi.exe not found. File C:\WINDOWS\System32\nageyefu.exe not found. File C:\WINDOWS\System32\wasubezu.dll not found. File C:\WINDOWS\System32\navavaze.dll not found. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"appinit_dlls"|"" /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\drivers\svchost.exe not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\drivers\svchost.exe not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\explorer.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: Alec ->Temp folder emptied: 65852 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 65536 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 0.19 mb OTL by OldTimer - Version 3.1.17.0 log created on 12292009_183246 Files\Folders moved on Reboot... C:\WINDOWS\temp\Perflib_Perfdata_4b0.dat moved successfully. Registry entries deleted on Reboot... Then I ran the scan again, and here is that log: OTL logfile created on: 12/29/2009 6:35:15 PM - Run 3 OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Alec\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 80.46% Memory free 3.85 Gb Paging File | 3.60 Gb Available in Paging File | 93.45% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 115.03 Gb Total Space | 56.48 Gb Free Space | 49.10% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 698.63 Gb Total Space | 206.39 Gb Free Space | 29.54% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HHINC Current User Name: Alec Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 90 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/12/17 13:48:34 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alec\Desktop\OTL.exe PRC - [2009/09/15 05:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009/09/15 05:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009/09/15 05:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009/02/09 14:20:06 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/02/09 14:20:06 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/01/11 21:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe PRC - [2007/10/30 21:37:22 | 01,654,784 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe PRC - [2007/08/08 16:51:54 | 00,148,760 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe PRC - [2007/08/08 16:51:48 | 00,410,904 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe PRC - [2007/05/16 08:27:38 | 01,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007/05/16 08:27:28 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe PRC - [2007/05/16 08:27:16 | 00,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2006/10/22 11:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2006/08/23 15:31:38 | 00,181,256 | ---- | M] () -- C:\Program Files\MOTU\Audio\MFWAKeys.exe ========== Modules (SafeList) ========== MOD - [2009/12/17 13:48:34 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alec\Desktop\OTL.exe ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (AcrSch2Svc LM Service) SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009/09/15 05:56:43 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009/09/15 05:56:28 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009/09/15 05:54:13 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009/09/15 05:49:40 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/02/09 14:20:06 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/05/09 19:47:50 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2007/08/08 16:51:48 | 00,410,904 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2007/05/16 08:27:28 | 00,271,920 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2007/04/13 20:09:56 | 00,792,112 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService) SRV - [2006/10/22 11:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) ========== Driver Services (SafeList) ========== DRV - [2009/10/07 00:50:16 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x) DRV - [2009/09/15 05:56:14 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2009/09/15 05:55:30 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2009/09/15 05:55:19 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009/09/15 05:54:30 | 00,052,368 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2009/09/15 05:54:21 | 00,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2009/09/15 05:53:24 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL) DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2008/04/24 20:51:37 | 00,072,032 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd) DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2008/02/25 19:54:00 | 00,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2007/10/01 23:06:40 | 00,451,968 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2006/10/22 11:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2006/08/23 15:19:12 | 00,019,968 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MFWAMIDI.sys -- (mfwamidi) DRV - [2006/08/23 15:18:26 | 00,017,408 | ---- | M] (MOTU) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfwagsif.sys -- (mfwagsif) DRV - [2006/08/23 15:18:08 | 00,027,648 | ---- | M] (MOTU) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MFWAWave.sys -- (mfwawave) DRV - [2006/08/23 15:17:34 | 00,251,904 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motufwa.sys -- (MotuFWA) DRV - [2006/05/08 08:20:04 | 00,015,360 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\motubus.sys -- (motubus) DRV - [2005/05/09 19:08:40 | 00,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX) DRV - [2004/09/17 15:48:46 | 00,034,432 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\motuusb.sys -- (MotuUsb) DRV - [2004/07/21 12:57:40 | 00,026,752 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\motumidi.sys -- (MotuMidi) DRV - [2002/07/01 09:09:04 | 00,021,793 | R--- | M] (AKAI professional M.I. Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPD16USB.sys -- (MPD16USB) DRV - [2001/08/18 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006 FF - prefs.js..extensions.enabledItems: {B0D73270-E6E4-4C73-8B84-83D69FCB2C6C}:1.0 FF - HKLM\software\mozilla\Firefox\Extensions\\{B0D73270-E6E4-4C73-8B84-83D69FCB2C6C}: C:\Documents and Settings\Alec\Local Settings\Application Data\{B0D73270-E6E4-4C73-8B84-83D69FCB2C6C} [2009/03/04 18:15:24 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/08 17:54:16 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/08 17:54:16 | 00,000,000 | ---D | M] [2008/12/08 22:36:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alec\Application Data\Mozilla\Extensions [2009/10/17 21:49:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alec\Application Data\Mozilla\Firefox\Profiles\t1nev64u.default\extensions [2009/04/15 18:03:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alec\Application Data\Mozilla\Firefox\Profiles\t1nev64u.default\extensions\moveplayer@movenetworks.com [2009/10/17 21:49:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: (0 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin) O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mmbbaamm.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - Startup: C:\Documents and Settings\Alec\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MOTU Pedal Handler.lnk = C:\WINDOWS\Installer\{FAAF4F08-107F-42B4-B01C-B5BACB65E7D3}\_A09C8DBB3D0A4282F8972C.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1208922522685 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1208922515357 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/04/22 22:16:20 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3e9de16b-5247-11de-ac86-0050fcce1ce2}\Shell - "" = AutoRun O33 - MountPoints2\{3e9de16b-5247-11de-ac86-0050fcce1ce2}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3e9de16b-5247-11de-ac86-0050fcce1ce2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2009/12/28 13:29:42 | 00,000,000 | ---D | C] -- C:\_OTL [2009/12/17 14:06:49 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/17 14:06:48 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/12/17 14:06:06 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Alec\Desktop\mbam-setup.exe [2009/12/17 13:54:34 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alec\Desktop\OTL.exe [2009/12/16 05:16:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Audio Damage [2009/12/14 16:44:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alec\Desktop\Attach [2009/12/14 01:28:19 | 00,032,824 | ---- | C] (Resplendence Software Projects Sp) -- C:\WINDOWS\System32\rrMon.sys [2009/12/13 23:29:51 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/12/13 23:25:53 | 00,000,000 | ---D | C] -- C:\Program Files\Sonnox [2009/12/13 23:09:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alec\Desktop\Prime.Loops.Dubstep.Producer.REX2.WAV-DYNAMiCS [2009/12/13 23:02:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alec\Desktop\Sonnox.Oxford.R3.EQ.Native.VST.v1.6.1-AiR [2009/12/13 23:01:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alec\Desktop\Audio.Damage.Dubstation.VST.v1.5-peace-out [2009/10/18 02:16:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alec\Application Data\Malwarebytes [2009/10/18 02:11:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/10/18 02:11:06 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/10/17 23:07:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss [2009/10/17 22:05:18 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Alec\PrivacIE [2009/10/17 21:51:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun [2009/10/16 18:39:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alec\Application Data\Opera [2009/10/14 21:18:19 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2009/10/14 21:18:18 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2009/10/14 21:18:18 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2009/10/14 21:18:16 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009/10/14 21:18:16 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr [2009/10/14 21:18:16 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2009/10/14 21:18:16 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2009/10/14 21:18:16 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009/10/14 21:18:00 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2009/10/14 21:17:58 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2009/10/07 01:02:20 | 00,000,000 | ---D | C] -- C:\Program Files\iPod [2009/10/07 01:02:15 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes [2009/10/07 01:02:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/10/07 00:50:16 | 00,020,747 | ---- | C] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\drivers\AegisP.sys [2009/10/07 00:50:14 | 00,000,000 | ---D | C] -- C:\Program Files\Belkin [2009/10/07 00:39:32 | 00,451,968 | R--- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt73.sys [2009/10/03 19:54:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\KConvert Temp [2009/10/03 19:54:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\KConvert Logs [2009/03/14 20:52:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2009/03/14 20:51:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2009/03/14 20:51:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2009/03/14 20:51:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2008/11/18 20:01:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple ========== Files - Modified Within 90 Days ========== [2009/12/29 18:33:55 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009/12/29 18:33:55 | 00,002,301 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MOTU Pedal Handler.lnk [2009/12/29 18:33:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/29 18:33:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/12/29 18:32:58 | 09,961,472 | -H-- | M] () -- C:\Documents and Settings\Alec\NTUSER.DAT [2009/12/29 18:32:58 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Alec\ntuser.ini [2009/12/29 14:56:50 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/12/28 22:27:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/12/28 13:21:26 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\jakipase [2009/12/22 20:01:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/12/22 16:05:58 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\kamohida.exe [2009/12/21 22:05:09 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\nusijavu.exe [2009/12/21 04:04:21 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\gewodolu.exe [2009/12/20 10:03:35 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\zigoboyu.exe [2009/12/19 16:02:47 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\luyujisi.exe [2009/12/18 22:01:59 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\zunumava.exe [2009/12/18 04:01:10 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\zuvimape.exe [2009/12/17 14:06:51 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/12/17 14:06:09 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Alec\Desktop\mbam-setup.exe [2009/12/17 13:51:20 | 00,464,860 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/12/17 13:51:20 | 00,397,560 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/12/17 13:51:20 | 00,059,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/12/17 13:48:34 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alec\Desktop\OTL.exe [2009/12/16 20:11:16 | 00,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz [2009/12/16 20:11:16 | 00,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll [2009/12/16 20:09:54 | 00,000,032 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss [2009/12/16 20:09:54 | 00,000,032 | ---- | M] () -- C:\WINDOWS\System32\msvcsv60.dll [2009/12/16 20:09:54 | 00,000,032 | ---- | M] () -- C:\WINDOWS\msocreg32.dat [2009/12/14 16:46:12 | 00,004,638 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\Attach.zip [2009/12/14 03:56:08 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Alec\defogger_reenable [2009/12/14 03:50:06 | 00,050,621 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\Defogger.exe [2009/12/14 02:46:48 | 00,292,864 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\wthdvcyp.exe [2009/12/14 02:46:36 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\dds.scr [2009/12/13 23:29:51 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\HijackThis.lnk [2009/12/10 23:37:56 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\Alec\My Documents\Default.rdp [2009/12/04 21:19:47 | 00,005,485 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\mob barley CD.nra [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/11/15 21:00:56 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\vagiluke.exe [2009/11/15 01:27:00 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\wakepule.exe [2009/11/13 12:23:14 | 00,032,824 | ---- | M] (Resplendence Software Projects Sp) -- C:\WINDOWS\System32\rrMon.sys [2009/11/11 18:59:40 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\yudufiyo.exe [2009/11/09 23:39:10 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\horijavu.exe [2009/10/28 22:17:37 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\walowiwu.exe [2009/10/28 04:16:18 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\jodilose.exe [2009/10/27 13:32:30 | 00,037,554 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\funnyredskins.jpg [2009/10/24 01:17:01 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\vapuhonu.exe [2009/10/20 23:46:42 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009/10/20 22:26:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2009/10/20 02:00:58 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\behipaya.exe [2009/10/19 17:37:38 | 00,983,374 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\Mob Barley metal final 4 layer.psd [2009/10/19 17:22:20 | 01,017,996 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\Mob Barley metal final.psd [2009/10/18 03:21:10 | 00,021,723 | ---- | M] () -- C:\WINDOWS\System32\AAWService_2009_10_18_04_21_06.dmp [2009/10/17 23:41:47 | 00,000,533 | ---- | M] () -- C:\WINDOWS\win.ini [2009/10/17 23:41:47 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/10/17 23:41:47 | 00,000,211 | -HS- | M] () -- C:\boot.ini [2009/10/17 21:58:44 | 00,107,008 | ---- | M] () -- C:\Program Files\r.exe [2009/10/14 21:18:19 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [2009/10/14 21:18:16 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009/10/14 17:03:10 | 08,429,056 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\Nero.Mega.Plugin.Pack.msi [2009/10/07 05:02:41 | 00,030,144 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat [2009/10/07 00:50:16 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\drivers\AegisP.sys [2009/10/04 04:57:37 | 00,021,183 | ---- | M] () -- C:\WINDOWS\System32\AAWService_2009_10_04_05_57_37.dmp ========== Files Created - No Company Name ========== [2009/12/22 16:05:58 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\kamohida.exe [2009/12/21 22:05:09 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\nusijavu.exe [2009/12/21 04:04:21 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\gewodolu.exe [2009/12/20 10:03:35 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\zigoboyu.exe [2009/12/19 16:02:47 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\luyujisi.exe [2009/12/18 22:01:59 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\zunumava.exe [2009/12/18 04:01:10 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\zuvimape.exe [2009/12/17 14:06:51 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/12/14 16:46:12 | 00,004,638 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\Attach.zip [2009/12/14 03:56:08 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Alec\defogger_reenable [2009/12/14 03:55:08 | 00,050,621 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\Defogger.exe [2009/12/14 02:56:32 | 00,292,864 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\wthdvcyp.exe [2009/12/14 02:56:28 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\dds.scr [2009/12/13 23:29:51 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\HijackThis.lnk [2009/12/10 23:37:56 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\Alec\My Documents\Default.rdp [2009/12/03 21:19:16 | 00,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys [2009/11/15 21:00:56 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\vagiluke.exe [2009/11/15 01:27:00 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\wakepule.exe [2009/11/13 21:11:09 | 12,396,6879 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\Del's Leak Pack #2(free).zip [2009/11/13 21:10:51 | 00,037,554 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\funnyredskins.jpg [2009/11/13 21:10:46 | 01,017,996 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\Mob Barley metal final.psd [2009/11/13 21:10:43 | 00,983,374 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\Mob Barley metal final 4 layer.psd [2009/11/13 21:10:17 | 08,429,056 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\Nero.Mega.Plugin.Pack.msi [2009/11/11 18:59:40 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\yudufiyo.exe [2009/11/09 23:39:10 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\horijavu.exe [2009/10/28 22:17:37 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\walowiwu.exe [2009/10/28 04:16:18 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\jodilose.exe [2009/10/24 01:17:01 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\vapuhonu.exe [2009/10/20 02:00:58 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\behipaya.exe [2009/10/18 03:21:06 | 00,021,723 | ---- | C] () -- C:\WINDOWS\System32\AAWService_2009_10_18_04_21_06.dmp [2009/10/17 21:58:44 | 00,107,008 | ---- | C] () -- C:\Program Files\r.exe [2009/10/14 21:18:19 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [2009/10/14 21:18:00 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx [2009/10/07 05:02:41 | 00,030,144 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009/10/07 04:49:21 | 10,361,155 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\Lennar Digital Sylenth1 v1.01.3 VSTi-NoGRP.zip [2009/10/07 00:50:14 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\UpdateDriver.exe [2009/10/07 00:50:14 | 00,005,224 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini [2009/10/04 04:57:37 | 00,021,183 | ---- | C] () -- C:\WINDOWS\System32\AAWService_2009_10_04_05_57_37.dmp [2009/07/04 16:00:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\hjgruimqpmeyxy.sys [2009/04/17 14:19:31 | 00,000,398 | ---- | C] () -- C:\WINDOWS\AudioConverter.INI [2009/02/15 21:34:12 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2009/02/15 21:34:12 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2009/02/15 21:34:12 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2009/02/15 21:34:12 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2009/02/15 21:34:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2008/08/07 13:26:05 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll [2008/05/06 21:55:12 | 00,000,032 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll [2008/04/25 21:10:38 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008/04/25 00:45:56 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\ceme20.dll [2008/04/24 20:27:08 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibsd.dll [2008/04/24 20:27:08 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibgs.dll [2008/04/24 20:27:08 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibff.dll [2008/04/24 20:27:08 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibeh.dll [2008/04/24 20:27:08 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\slibsd.dll [2008/04/24 20:27:08 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\slibkhj.dll [2008/04/24 19:24:09 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2008/04/24 15:50:33 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2008/04/23 16:03:10 | 00,045,056 | ---- | C] () -- C:\Documents and Settings\Alec\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/04/06 13:53:03 | 00,000,122 | ---- | C] () -- C:\WINDOWS\msmmdx9.ini [2007/01/30 18:31:46 | 00,002,372 | ---- | C] () -- C:\WINDOWS\EaseAudioConverter.ini [2006/10/22 11:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/10/22 11:22:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/10/22 11:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/10/22 11:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006/10/22 11:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/10/22 11:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006/10/22 11:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006/04/14 09:37:26 | 00,000,031 | ---- | C] () -- C:\WINDOWS\aceg.ini [2004/03/04 04:50:40 | 00,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll < End of report > Thanks again in advance for all your help!!!
- December 29, 2009
- 23 replies
In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

quannum replied to quannum's topic in Resolved Malware Removal Logs

I apologize for the delay in my response, Ive been away for the holidays. I copied and pasted your code into the custom scan/fix and hit "Run Fix". it ran, then an error box saying something like "Range Check Error" popped up, I clicked ok, than copied an pasted the code again and ran fix again. it completed, re-booted my computer and generated the following log: All processes killed ========== OTL ========== File C:\WINDOWS\System32\bibanizu.exe not found. File C:\WINDOWS\System32\kasewari.exe not found. File C:\WINDOWS\System32\lirifufe.exe not found. File C:\WINDOWS\System32\kuvihube.exe not found. File C:\WINDOWS\System32\gidobedi.exe not found. File C:\WINDOWS\System32\fasihebu.exe not found. File C:\WINDOWS\System32\vodarowo.exe not found. File C:\WINDOWS\System32\zolahipu.exe not found. File C:\WINDOWS\System32\kuwovogi.exe not found. File C:\WINDOWS\System32\gugatemi.exe not found. File C:\WINDOWS\System32\nageyefu.exe not found. File C:\WINDOWS\System32\wasubezu.dll not found. File C:\WINDOWS\System32\navavaze.dll not found. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"appinit_dlls"|"" /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\drivers\svchost.exe not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\drivers\svchost.exe not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\explorer.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: Alec ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 16384 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 114688 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 0.16 mb OTL by OldTimer - Version 3.1.17.0 log created on 12282009_133057 Files\Folders moved on Reboot... C:\WINDOWS\temp\Perflib_Perfdata_50c.dat moved successfully. Registry entries deleted on Reboot... I Then hit run scan, and upon completion, this log was generated: OTL logfile created on: 12/28/2009 1:35:06 PM - Run 2 OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Alec\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 81.34% Memory free 3.85 Gb Paging File | 3.58 Gb Available in Paging File | 93.09% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 115.03 Gb Total Space | 56.24 Gb Free Space | 48.89% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive E: | 698.63 Gb Total Space | 206.39 Gb Free Space | 29.54% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HHINC Current User Name: Alec Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 90 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Alec\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin) PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Acronis) PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Acronis) PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\Program Files\MOTU\Audio\MFWAKeys.exe () PRC - C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Alec\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (AcrSch2Svc LM Service) -- File not found SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Acronis) SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (NBService) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG) SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) ========== Driver Services (SafeList) ========== DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications) DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software) DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software) DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software) DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.) DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (TPkd) -- C:\WINDOWS\system32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (mfwamidi) -- C:\WINDOWS\system32\drivers\MFWAMIDI.sys (Mark of the Unicorn) DRV - (mfwagsif) -- C:\WINDOWS\system32\drivers\mfwagsif.sys (MOTU) DRV - (mfwawave) -- C:\WINDOWS\system32\drivers\MFWAWave.sys (MOTU) DRV - (MotuFWA) -- C:\WINDOWS\system32\drivers\motufwa.sys (Mark of the Unicorn) DRV - (motubus) -- C:\WINDOWS\system32\drivers\motubus.sys (Mark of the Unicorn) DRV - (CLEDX) -- C:\WINDOWS\system32\drivers\cledx.sys (Team H2O) DRV - (MotuUsb) -- C:\WINDOWS\system32\drivers\motuusb.sys (Mark of the Unicorn) DRV - (MotuMidi) -- C:\WINDOWS\system32\drivers\motumidi.sys (Mark of the Unicorn) DRV - (MPD16USB) -- C:\WINDOWS\system32\drivers\MPD16USB.sys (AKAI professional M.I. Corp.) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006 FF - prefs.js..extensions.enabledItems: {B0D73270-E6E4-4C73-8B84-83D69FCB2C6C}:1.0 FF - HKLM\software\mozilla\Firefox\Extensions\\{B0D73270-E6E4-4C73-8B84-83D69FCB2C6C}: C:\Documents and Settings\Alec\Local Settings\Application Data\{B0D73270-E6E4-4C73-8B84-83D69FCB2C6C} [2009/03/04 18:15:24 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/08 17:54:16 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/08 17:54:16 | 00,000,000 | ---D | M] [2008/12/08 22:36:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alec\Application Data\Mozilla\Extensions [2009/10/17 21:49:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alec\Application Data\Mozilla\Firefox\Profiles\t1nev64u.default\extensions [2009/04/15 18:03:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alec\Application Data\Mozilla\Firefox\Profiles\t1nev64u.default\extensions\moveplayer@movenetworks.com [2009/10/17 21:49:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: (0 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin) O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mmbbaamm.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - Startup: C:\Documents and Settings\Alec\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MOTU Pedal Handler.lnk = C:\WINDOWS\Installer\{FAAF4F08-107F-42B4-B01C-B5BACB65E7D3}\_A09C8DBB3D0A4282F8972C.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1208922522685 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1208922515357 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O20 - AppInit_DLLs: (jilubeju.dll) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/04/22 22:16:20 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3e9de16b-5247-11de-ac86-0050fcce1ce2}\Shell - "" = AutoRun O33 - MountPoints2\{3e9de16b-5247-11de-ac86-0050fcce1ce2}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3e9de16b-5247-11de-ac86-0050fcce1ce2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2009/12/28 13:29:42 | 00,000,000 | ---D | C] -- C:\_OTL [2009/12/17 14:06:49 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/17 14:06:48 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/12/17 14:06:06 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Alec\Desktop\mbam-setup.exe [2009/12/17 13:54:34 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alec\Desktop\OTL.exe [2009/12/16 05:16:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Audio Damage [2009/12/14 16:44:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alec\Desktop\Attach [2009/12/14 01:28:19 | 00,032,824 | ---- | C] (Resplendence Software Projects Sp) -- C:\WINDOWS\System32\rrMon.sys [2009/12/13 23:29:51 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/12/13 23:25:53 | 00,000,000 | ---D | C] -- C:\Program Files\Sonnox [2009/12/13 23:09:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alec\Desktop\Prime.Loops.Dubstep.Producer.REX2.WAV-DYNAMiCS [2009/12/13 23:02:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alec\Desktop\Sonnox.Oxford.R3.EQ.Native.VST.v1.6.1-AiR [2009/12/13 23:01:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alec\Desktop\Audio.Damage.Dubstation.VST.v1.5-peace-out [2009/10/18 02:16:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alec\Application Data\Malwarebytes [2009/10/18 02:11:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/10/18 02:11:06 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/10/17 23:07:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss [2009/10/17 22:05:18 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Alec\PrivacIE [2009/10/17 21:51:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun [2009/10/16 18:39:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alec\Application Data\Opera [2009/10/14 21:18:19 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2009/10/14 21:18:18 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2009/10/14 21:18:18 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2009/10/14 21:18:16 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009/10/14 21:18:16 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr [2009/10/14 21:18:16 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2009/10/14 21:18:16 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2009/10/14 21:18:16 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009/10/14 21:18:00 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2009/10/14 21:17:58 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2009/10/07 01:02:20 | 00,000,000 | ---D | C] -- C:\Program Files\iPod [2009/10/07 01:02:15 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes [2009/10/07 01:02:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/10/07 00:59:21 | 00,000,000 | -HSD | C] -- C:\Config.Msi [2009/10/07 00:50:16 | 00,020,747 | ---- | C] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\drivers\AegisP.sys [2009/10/07 00:50:14 | 00,000,000 | ---D | C] -- C:\Program Files\Belkin [2009/10/07 00:39:32 | 00,451,968 | R--- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt73.sys [2009/10/03 19:54:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\KConvert Temp [2009/10/03 19:54:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\KConvert Logs [2009/03/14 20:52:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2009/03/14 20:51:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2009/03/14 20:51:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2009/03/14 20:51:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2008/11/18 20:01:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple ========== Files - Modified Within 90 Days ========== [2009/12/28 13:32:02 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009/12/28 13:32:02 | 00,002,301 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MOTU Pedal Handler.lnk [2009/12/28 13:31:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/28 13:31:48 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/12/28 13:31:03 | 09,961,472 | -H-- | M] () -- C:\Documents and Settings\Alec\NTUSER.DAT [2009/12/28 13:31:03 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Alec\ntuser.ini [2009/12/28 13:21:26 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\jakipase [2009/12/28 13:16:27 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/12/22 22:27:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/12/22 20:01:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/12/22 16:05:58 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\kamohida.exe [2009/12/21 22:05:09 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\nusijavu.exe [2009/12/21 04:04:21 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\gewodolu.exe [2009/12/20 10:03:35 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\zigoboyu.exe [2009/12/19 16:02:47 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\luyujisi.exe [2009/12/18 22:01:59 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\zunumava.exe [2009/12/18 04:01:10 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\zuvimape.exe [2009/12/17 14:06:51 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/12/17 14:06:09 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Alec\Desktop\mbam-setup.exe [2009/12/17 13:51:20 | 00,464,860 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/12/17 13:51:20 | 00,397,560 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/12/17 13:51:20 | 00,059,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/12/17 13:48:34 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alec\Desktop\OTL.exe [2009/12/16 20:11:16 | 00,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz [2009/12/16 20:11:16 | 00,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll [2009/12/16 20:09:54 | 00,000,032 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss [2009/12/16 20:09:54 | 00,000,032 | ---- | M] () -- C:\WINDOWS\System32\msvcsv60.dll [2009/12/16 20:09:54 | 00,000,032 | ---- | M] () -- C:\WINDOWS\msocreg32.dat [2009/12/14 16:46:12 | 00,004,638 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\Attach.zip [2009/12/14 03:56:08 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Alec\defogger_reenable [2009/12/14 03:50:06 | 00,050,621 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\Defogger.exe [2009/12/14 02:46:48 | 00,292,864 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\wthdvcyp.exe [2009/12/14 02:46:36 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\dds.scr [2009/12/13 23:29:51 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\HijackThis.lnk [2009/12/10 23:37:56 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\Alec\My Documents\Default.rdp [2009/12/04 21:19:47 | 00,005,485 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\mob barley CD.nra [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/11/15 21:00:56 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\vagiluke.exe [2009/11/15 01:27:00 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\wakepule.exe [2009/11/13 12:23:14 | 00,032,824 | ---- | M] (Resplendence Software Projects Sp) -- C:\WINDOWS\System32\rrMon.sys [2009/11/11 18:59:40 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\yudufiyo.exe [2009/11/09 23:39:10 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\horijavu.exe [2009/10/28 22:17:37 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\walowiwu.exe [2009/10/28 04:16:18 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\jodilose.exe [2009/10/27 13:32:30 | 00,037,554 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\funnyredskins.jpg [2009/10/24 01:17:01 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\vapuhonu.exe [2009/10/20 23:46:42 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009/10/20 22:26:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2009/10/20 02:00:58 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\behipaya.exe [2009/10/19 17:37:38 | 00,983,374 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\Mob Barley metal final 4 layer.psd [2009/10/19 17:22:20 | 01,017,996 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\Mob Barley metal final.psd [2009/10/18 03:21:10 | 00,021,723 | ---- | M] () -- C:\WINDOWS\System32\AAWService_2009_10_18_04_21_06.dmp [2009/10/17 23:41:47 | 00,000,533 | ---- | M] () -- C:\WINDOWS\win.ini [2009/10/17 23:41:47 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/10/17 23:41:47 | 00,000,211 | -HS- | M] () -- C:\boot.ini [2009/10/17 21:58:44 | 00,107,008 | ---- | M] () -- C:\Program Files\r.exe [2009/10/14 21:18:19 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [2009/10/14 21:18:16 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009/10/14 17:03:10 | 08,429,056 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\Nero.Mega.Plugin.Pack.msi [2009/10/12 21:27:39 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2009/10/07 05:02:41 | 00,030,144 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat [2009/10/07 00:50:16 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\drivers\AegisP.sys [2009/10/04 04:57:37 | 00,021,183 | ---- | M] () -- C:\WINDOWS\System32\AAWService_2009_10_04_05_57_37.dmp ========== Files Created - No Company Name ========== [2009/12/22 16:05:58 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\kamohida.exe [2009/12/21 22:05:09 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\nusijavu.exe [2009/12/21 04:04:21 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\gewodolu.exe [2009/12/20 10:03:35 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\zigoboyu.exe [2009/12/19 16:02:47 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\luyujisi.exe [2009/12/18 22:01:59 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\zunumava.exe [2009/12/18 04:01:10 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\zuvimape.exe [2009/12/17 14:06:51 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/12/14 16:46:12 | 00,004,638 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\Attach.zip [2009/12/14 03:56:08 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Alec\defogger_reenable [2009/12/14 03:55:08 | 00,050,621 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\Defogger.exe [2009/12/14 02:56:32 | 00,292,864 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\wthdvcyp.exe [2009/12/14 02:56:28 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\dds.scr [2009/12/13 23:29:51 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\HijackThis.lnk [2009/12/10 23:37:56 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\Alec\My Documents\Default.rdp [2009/12/03 21:19:16 | 00,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys [2009/11/15 21:00:56 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\vagiluke.exe [2009/11/15 01:27:00 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\wakepule.exe [2009/11/13 21:11:09 | 12,396,6879 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\Del's Leak Pack #2(free).zip [2009/11/13 21:10:51 | 00,037,554 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\funnyredskins.jpg [2009/11/13 21:10:46 | 01,017,996 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\Mob Barley metal final.psd [2009/11/13 21:10:43 | 00,983,374 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\Mob Barley metal final 4 layer.psd [2009/11/13 21:10:17 | 08,429,056 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\Nero.Mega.Plugin.Pack.msi [2009/11/11 18:59:40 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\yudufiyo.exe [2009/11/09 23:39:10 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\horijavu.exe [2009/10/28 22:17:37 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\walowiwu.exe [2009/10/28 04:16:18 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\jodilose.exe [2009/10/24 01:17:01 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\vapuhonu.exe [2009/10/20 02:00:58 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\behipaya.exe [2009/10/18 03:21:06 | 00,021,723 | ---- | C] () -- C:\WINDOWS\System32\AAWService_2009_10_18_04_21_06.dmp [2009/10/17 21:58:44 | 00,107,008 | ---- | C] () -- C:\Program Files\r.exe [2009/10/14 21:18:19 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [2009/10/14 21:18:00 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx [2009/10/07 05:02:41 | 00,030,144 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009/10/07 04:49:21 | 10,361,155 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\Lennar Digital Sylenth1 v1.01.3 VSTi-NoGRP.zip [2009/10/07 00:50:14 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\UpdateDriver.exe [2009/10/07 00:50:14 | 00,005,224 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini [2009/10/04 04:57:37 | 00,021,183 | ---- | C] () -- C:\WINDOWS\System32\AAWService_2009_10_04_05_57_37.dmp [2009/07/04 16:00:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\hjgruimqpmeyxy.sys [2009/04/17 14:19:31 | 00,000,398 | ---- | C] () -- C:\WINDOWS\AudioConverter.INI [2009/02/15 21:34:12 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2009/02/15 21:34:12 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2009/02/15 21:34:12 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2009/02/15 21:34:12 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2009/02/15 21:34:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2008/08/07 13:26:05 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll [2008/05/06 21:55:12 | 00,000,032 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll [2008/04/25 21:10:38 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008/04/25 00:45:56 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\ceme20.dll [2008/04/24 20:27:08 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibsd.dll [2008/04/24 20:27:08 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibgs.dll [2008/04/24 20:27:08 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibff.dll [2008/04/24 20:27:08 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibeh.dll [2008/04/24 20:27:08 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\slibsd.dll [2008/04/24 20:27:08 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\slibkhj.dll [2008/04/24 19:24:09 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2008/04/24 15:50:33 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2008/04/23 16:03:10 | 00,045,056 | ---- | C] () -- C:\Documents and Settings\Alec\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/04/06 13:53:03 | 00,000,122 | ---- | C] () -- C:\WINDOWS\msmmdx9.ini [2007/01/30 18:31:46 | 00,002,372 | ---- | C] () -- C:\WINDOWS\EaseAudioConverter.ini [2006/10/22 11:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/10/22 11:22:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/10/22 11:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/10/22 11:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006/10/22 11:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/10/22 11:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006/10/22 11:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006/04/14 09:37:26 | 00,000,031 | ---- | C] () -- C:\WINDOWS\aceg.ini [2004/03/04 04:50:40 | 00,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll < End of report >
- December 28, 2009
- 23 replies
In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

quannum replied to quannum's topic in Resolved Malware Removal Logs

sooooo....been almost a week, and haven't heard anything back...am I that beyond repair? lol, any help would be greatly appreciated!
- December 23, 2009
- 23 replies
In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

quannum replied to quannum's topic in Resolved Malware Removal Logs

extras.txt OTL Extras logfile created on: 12/17/2009 2:09:12 PM - Run 1 OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Alec\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 80.68% Memory free 3.85 Gb Paging File | 3.57 Gb Available in Paging File | 92.76% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 115.03 Gb Total Space | 51.86 Gb Free Space | 45.08% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive E: | 698.63 Gb Total Space | 204.32 Gb Free Space | 29.25% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HHINC Current User Name: Alec Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusOverride" = 1 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found "C:\Program Files\BeatPack\BeatPack.exe" = C:\Program Files\BeatPack\BeatPack.exe:*:Enabled:BeatPack -- () "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation) "C:\WINDOWS\system32\wbem\unsecapp.exe" = C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:unsecapp -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{1737D702-C1DF-4B80-B102-366411108183}" = UNIQUEL-IZER "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 12 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{5310C7A5-A385-6E26-66E9-C0F0CA5A7E45}" = BeatportDownloader "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}" = Sony Sound Forge 9.0 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D9FC789-D02E-488C-B233-124AA80930A5}" = Waves SSL 4000 Collection 1.1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0 "{8D1765D0-B66F-495D-8F44-D18CF15B915A}" = FREQUAL-IZER "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer "{A20A58C4-6784-4B4B-86CC-94E2E3671033}" = Nero 7 Premium "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0 "{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}" = AmpliTube2 "{CB75CD86-3059-4C62-9BB2-BA9CBB36EF40}" = MPD16 Utility software "{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}" = Sony Noise Reduction Plug-In 2.0e "{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0 "{EC9A0711-9823-4DD2-83C4-039886A3ECF6}" = Melodyne 3.2 Demo "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter "{FAAF4F08-107F-42B4-B01C-B5BACB65E7D3}" = MOTU FireWire/USB Audio Installer "Ableton Live_is1" = Ableton Live v7.0.1 "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "Antares Autotune DX v4.12" = Antares Autotune DX v4.12 "Antares Filter VST DX v1.01" = Antares Filter VST DX v1.01 "Arturia Arp2600 V_is1" = Arturia Arp2600 V VSTi RTAS v1.6 "Arturia Minimoog V v1.0" = Arturia Minimoog V v1.0 "Atmosphere_is1" = Atmosphere "AudioRealism Bassline v1.504" = AudioRealism Bassline v1.504 "avast!" = avast! Antivirus "BeatPack" = BeatPack (0.9) "BigTick Rhino v1.01" = BigTick Rhino v1.01 "Cakewalk Rapture_is1" = Rapture 1.0 "Camel Audio Cameleon 5000 VSTi v1.6" = Camel Audio Cameleon 5000 VSTi v1.6 "Celemony Melodyne 2.1.0.5" = Celemony Melodyne 2.1.0.5 "Ease Audio Converter_is1" = Ease Audio Converter 4.80 "Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03 "Edirol SuperQuartet v1.5" = Edirol SuperQuartet v1.5 "FabFilter Simplon_is1" = FabFilter Simplon VST RTAS v1.01 "FabFilter Timeless_is1" = FabFilter Timeless VST RTAS v1.01 "FabFilter Volcano_is1" = FabFilter Volcano VST RTAS v1.21 "FabFilter_Twin_VSTi_v1.20-READ_NFO-PLZ" = FabFilter_Twin_VSTi_v1.20-READ_NFO-PLZ "FL Studio 8" = FL Studio 8 "fxpansion!MTap" = fxpansion!MTap "GFORCE_SOFTWARE_MINIMONSTA_RTAS_VSTi_v1.06-PLZ" = GFORCE_SOFTWARE_MINIMONSTA_RTAS_VSTi_v1.06-PLZ "GMedia Music impOSCar VSTi v1.0.0.1" = GMedia Music impOSCar VSTi v1.0.0.1 "Granner-X VST v1.08" = Granner-X VST v1.08 "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "IK Multimedia Amplitube v1.3" = IK Multimedia Amplitube v1.3 "IK Multimedia Sampletank XL v2.0.1.r1" = IK Multimedia Sampletank XL v2.0.1.r1 "IL Download Manager" = IL Download Manager "Jupiter-8V_is1" = Jupiter-8V 1.0 "Korg Legacy Collection VSTi v1.0.02" = Korg Legacy Collection VSTi v1.0.02 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Moog Modular V_is1" = Moog Modular V v2.2 "MOTU USB MIDI Uninstall" = MOTU MIDI "Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Native Instruments Absynth 4" = Native Instruments Absynth 4 "Native Instruments Akoustik Piano" = Native Instruments Akoustik Piano "Native Instruments B4 II" = Native Instruments B4 II "Native Instruments Battery 3" = Native Instruments Battery 3 "Native Instruments Elektrik Piano 1.5" = Native Instruments Elektrik Piano 1.5 "Native Instruments FM8" = Native Instruments FM8 "Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3 "Native Instruments Komplete 5" = Native Instruments Komplete 5 "Native Instruments Kontakt 3" = Native Instruments Kontakt 3 "Native Instruments Massive" = Native Instruments Massive "Native Instruments Pro-53" = Native Instruments Pro-53 "Native Instruments Reaktor 5" = Native Instruments Reaktor 5 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nomad Factory Blue Tubes Bundle v2.0" = Nomad Factory Blue Tubes Bundle v2.0 "Nomad Factory Blueverb v1.1" = Nomad Factory Blueverb v1.1 "Nomad Factory SC-226" = Nomad Factory SC-226 "Nomadfactory Liquid Bundle VST RTAS v2.1" = Nomadfactory Liquid Bundle VST RTAS v2.1 "Novation Bass-Station VSTi v1.10" = Novation Bass-Station VSTi v1.10 "Novation V-Station v1.20-H2O" = Novation V-Station v1.20-H2O "NVIDIA Drivers" = NVIDIA Drivers "Ohmforce Ohmboyz PRO VST v1.42" = Ohmforce Ohmboyz PRO VST v1.42 "Ohmforce Predatohm VST PRO v1.24" = Ohmforce Predatohm VST PRO v1.24 "PoiZone" = PoiZone "Predator_is1" = Rob Papen Predator V1.1.1 "PSP 608 MultiDelay 1.1.2" = PSP 608 MultiDelay 1.1.2 "PSP 84 v1.0" = PSP 84 v1.0 "PSP Audioware MasterQ DX VST v1.0" = PSP Audioware MasterQ DX VST v1.0 "PSP Lexicon PSP42 VST DX v1.1" = PSP Lexicon PSP42 VST DX v1.1 "PSP VintageWarmer v1.5d" = PSP VintageWarmer v1.5d "PSP_Nitro" = PSP Nitro VST and DX 1.0 "Reason4_is1" = Reason 4.0 "ReCycle 2.0" = ReCycle 2.0 "ReFX JunoX2 VSTi v1.51" = ReFX JunoX2 VSTi v1.51 "ReFX Vanguard VSTi v1.04" = ReFX Vanguard VSTi v1.04 "Registrar Registry Manager 6.50 (Lite Edition)" = Registrar Registry Manager 6.50 (Lite Edition) "Rob Papen Albino 3" = Rob Papen Albino 3 "Rob Papen BLUE Version 1.7.0_is1" = Rob Papen BLUE Version 1.7.0 "Roger Nichols Digital DYNAM-IZER VST RTAS v1.1" = Roger Nichols Digital DYNAM-IZER VST RTAS v1.1 "Sonalksis Plug-Ins for Windows_is1" = Sonalksis Plug-Ins for Windows 1.26 "Sonik Synth 2" = Sonik Synth 2 "Sonnox Oxford R3 EQ Native VST_is1" = Sonnox Oxford R3 EQ Native VST v1.6.1 "Sound Designers VST Plugin Pack v2.0_is1" = Sound Designers VST Plugin Pack v2.0 "Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944 "Superwave Bundle VSTi v2.0" = Superwave Bundle VSTi v2.0 "Sylenth1_is1" = Sylenth1 v1.01.3 "Symptohm VST2" = Ohm Force - Symptohm VST2 "Synapse Junglist VSTi v3.2" = Synapse Junglist VSTi v3.2 "SyncroSoft Emu" = SyncroSoft Emu (Remove only) "Syncrosoft's License Control" = Syncrosoft's License Control "TC Native Bundle v3.1" = TC Native Bundle v3.1 "Toxic Biohazard" = Toxic Biohazard "Trilogy_is1" = Trilogy "Virtual Guitarist EE Fx VST" = Virtual Guitarist EE Fx VST "Voxengo LF-Punch VST" = Voxengo LF-Punch VST 1.3.1 "Waldorf D-Pole v1.5" = Waldorf D-Pole v1.5 "Waldorf PPG Wave2V v1.10" = Waldorf PPG Wave2V v1.10 "Waldorf.Attack.v1.2-OxYGeN" = Waldorf.Attack.v1.2-OxYGeN "Warp VST V1.0" = Warp VST V1.0 "Waves Diamond Bundle v5.0" = Waves Diamond Bundle v5.0 "Waves IR1 v5.0" = Waves IR1 v5.0 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "z3ta+_x86_is1" = rgc:audio z3ta+ 1.5 ========== Last 10 Event Log Errors ========== [ Antivirus Events ] Error - 12/14/2009 4:29:54 AM | Computer Name = HHINC | Source = avast! | ID = 33554522 Description = Error in aswChestC: chestAddFile Error 1753. Error - 12/14/2009 4:30:32 AM | Computer Name = HHINC | Source = avast! | ID = 33554522 Description = Error in aswChestC: chestAddFile Error 1753. [ Application Events ] Error - 7/29/2008 5:40:25 PM | Computer Name = HHINC | Source = Application Error | ID = 1000 Description = Faulting application nero.exe, version 7.9.6.0, faulting module nero.exe, version 7.9.6.0, fault address 0x003c0c4f. Error - 8/7/2008 2:06:47 PM | Computer Name = HHINC | Source = Application Error | ID = 1000 Description = Faulting application standalone.exe, version 1.0.0.1, faulting module arp2600 v.dll, version 0.0.0.0, fault address 0x00038a3c. Error - 8/7/2008 2:06:57 PM | Computer Name = HHINC | Source = Application Error | ID = 1000 Description = Faulting application arp2600 v.exe, version 1.2.0.0, faulting module arp2600 v.dll, version 0.0.0.0, fault address 0x00038a3c. Error - 8/7/2008 2:26:50 PM | Computer Name = HHINC | Source = Application Error | ID = 1000 Description = Faulting application arp2600 v.exe, version 1.2.0.0, faulting module arp2600 v.dll, version 0.0.0.0, fault address 0x00038a3c. Error - 8/13/2008 5:25:47 PM | Computer Name = HHINC | Source = Application Hang | ID = 1002 Description = Hanging application Cubasesx3.exe, version 3.1.1.944, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 11/5/2008 1:34:01 PM | Computer Name = HHINC | Source = Application Error | ID = 1000 Description = Faulting application npswf32_flashutil.exe, version 9.0.124.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea. [ System Events ] Error - 12/14/2009 12:19:40 AM | Computer Name = HHINC | Source = Cdrom | ID = 262155 Description = The driver detected a controller error on \Device\CdRom0. Error - 12/14/2009 12:19:41 AM | Computer Name = HHINC | Source = Cdrom | ID = 262155 Description = The driver detected a controller error on \Device\CdRom0. Error - 12/14/2009 12:19:41 AM | Computer Name = HHINC | Source = Cdrom | ID = 262155 Description = The driver detected a controller error on \Device\CdRom0. Error - 12/14/2009 12:19:42 AM | Computer Name = HHINC | Source = Cdrom | ID = 262155 Description = The driver detected a controller error on \Device\CdRom0. Error - 12/14/2009 12:27:53 AM | Computer Name = HHINC | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect. Error - 12/14/2009 12:27:53 AM | Computer Name = HHINC | Source = Service Control Manager | ID = 7000 Description = The avast! Antivirus service failed to start due to the following error: %%1053 Error - 12/14/2009 2:01:27 AM | Computer Name = HHINC | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect. Error - 12/14/2009 2:01:27 AM | Computer Name = HHINC | Source = Service Control Manager | ID = 7000 Description = The avast! Antivirus service failed to start due to the following error: %%1053 Error - 12/14/2009 3:04:39 AM | Computer Name = HHINC | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect. Error - 12/14/2009 3:04:39 AM | Computer Name = HHINC | Source = Service Control Manager | ID = 7000 Description = The avast! Antivirus service failed to start due to the following error: %%1053 < End of report > ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusOverride" = 1 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found "C:\Program Files\BeatPack\BeatPack.exe" = C:\Program Files\BeatPack\BeatPack.exe:*:Enabled:BeatPack -- () "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation) "C:\WINDOWS\system32\wbem\unsecapp.exe" = C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:unsecapp -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{1737D702-C1DF-4B80-B102-366411108183}" = UNIQUEL-IZER "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 12 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{5310C7A5-A385-6E26-66E9-C0F0CA5A7E45}" = BeatportDownloader "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}" = Sony Sound Forge 9.0 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D9FC789-D02E-488C-B233-124AA80930A5}" = Waves SSL 4000 Collection 1.1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0 "{8D1765D0-B66F-495D-8F44-D18CF15B915A}" = FREQUAL-IZER "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer "{A20A58C4-6784-4B4B-86CC-94E2E3671033}" = Nero 7 Premium "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0 "{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}" = AmpliTube2 "{CB75CD86-3059-4C62-9BB2-BA9CBB36EF40}" = MPD16 Utility software "{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}" = Sony Noise Reduction Plug-In 2.0e "{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0 "{EC9A0711-9823-4DD2-83C4-039886A3ECF6}" = Melodyne 3.2 Demo "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter "{FAAF4F08-107F-42B4-B01C-B5BACB65E7D3}" = MOTU FireWire/USB Audio Installer "Ableton Live_is1" = Ableton Live v7.0.1 "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "Antares Autotune DX v4.12" = Antares Autotune DX v4.12 "Antares Filter VST DX v1.01" = Antares Filter VST DX v1.01 "Arturia Arp2600 V_is1" = Arturia Arp2600 V VSTi RTAS v1.6 "Arturia Minimoog V v1.0" = Arturia Minimoog V v1.0 "Atmosphere_is1" = Atmosphere "AudioRealism Bassline v1.504" = AudioRealism Bassline v1.504 "avast!" = avast! Antivirus "BeatPack" = BeatPack (0.9) "BigTick Rhino v1.01" = BigTick Rhino v1.01 "Cakewalk Rapture_is1" = Rapture 1.0 "Camel Audio Cameleon 5000 VSTi v1.6" = Camel Audio Cameleon 5000 VSTi v1.6 "Celemony Melodyne 2.1.0.5" = Celemony Melodyne 2.1.0.5 "Ease Audio Converter_is1" = Ease Audio Converter 4.80 "Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03 "Edirol SuperQuartet v1.5" = Edirol SuperQuartet v1.5 "FabFilter Simplon_is1" = FabFilter Simplon VST RTAS v1.01 "FabFilter Timeless_is1" = FabFilter Timeless VST RTAS v1.01 "FabFilter Volcano_is1" = FabFilter Volcano VST RTAS v1.21 "FabFilter_Twin_VSTi_v1.20-READ_NFO-PLZ" = FabFilter_Twin_VSTi_v1.20-READ_NFO-PLZ "FL Studio 8" = FL Studio 8 "fxpansion!MTap" = fxpansion!MTap "GFORCE_SOFTWARE_MINIMONSTA_RTAS_VSTi_v1.06-PLZ" = GFORCE_SOFTWARE_MINIMONSTA_RTAS_VSTi_v1.06-PLZ "GMedia Music impOSCar VSTi v1.0.0.1" = GMedia Music impOSCar VSTi v1.0.0.1 "Granner-X VST v1.08" = Granner-X VST v1.08 "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "IK Multimedia Amplitube v1.3" = IK Multimedia Amplitube v1.3 "IK Multimedia Sampletank XL v2.0.1.r1" = IK Multimedia Sampletank XL v2.0.1.r1 "IL Download Manager" = IL Download Manager "Jupiter-8V_is1" = Jupiter-8V 1.0 "Korg Legacy Collection VSTi v1.0.02" = Korg Legacy Collection VSTi v1.0.02 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Moog Modular V_is1" = Moog Modular V v2.2 "MOTU USB MIDI Uninstall" = MOTU MIDI "Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Native Instruments Absynth 4" = Native Instruments Absynth 4 "Native Instruments Akoustik Piano" = Native Instruments Akoustik Piano "Native Instruments B4 II" = Native Instruments B4 II "Native Instruments Battery 3" = Native Instruments Battery 3 "Native Instruments Elektrik Piano 1.5" = Native Instruments Elektrik Piano 1.5 "Native Instruments FM8" = Native Instruments FM8 "Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3 "Native Instruments Komplete 5" = Native Instruments Komplete 5 "Native Instruments Kontakt 3" = Native Instruments Kontakt 3 "Native Instruments Massive" = Native Instruments Massive "Native Instruments Pro-53" = Native Instruments Pro-53 "Native Instruments Reaktor 5" = Native Instruments Reaktor 5 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nomad Factory Blue Tubes Bundle v2.0" = Nomad Factory Blue Tubes Bundle v2.0 "Nomad Factory Blueverb v1.1" = Nomad Factory Blueverb v1.1 "Nomad Factory SC-226" = Nomad Factory SC-226 "Nomadfactory Liquid Bundle VST RTAS v2.1" = Nomadfactory Liquid Bundle VST RTAS v2.1 "Novation Bass-Station VSTi v1.10" = Novation Bass-Station VSTi v1.10 "Novation V-Station v1.20-H2O" = Novation V-Station v1.20-H2O "NVIDIA Drivers" = NVIDIA Drivers "Ohmforce Ohmboyz PRO VST v1.42" = Ohmforce Ohmboyz PRO VST v1.42 "Ohmforce Predatohm VST PRO v1.24" = Ohmforce Predatohm VST PRO v1.24 "PoiZone" = PoiZone "Predator_is1" = Rob Papen Predator V1.1.1 "PSP 608 MultiDelay 1.1.2" = PSP 608 MultiDelay 1.1.2 "PSP 84 v1.0" = PSP 84 v1.0 "PSP Audioware MasterQ DX VST v1.0" = PSP Audioware MasterQ DX VST v1.0 "PSP Lexicon PSP42 VST DX v1.1" = PSP Lexicon PSP42 VST DX v1.1 "PSP VintageWarmer v1.5d" = PSP VintageWarmer v1.5d "PSP_Nitro" = PSP Nitro VST and DX 1.0 "Reason4_is1" = Reason 4.0 "ReCycle 2.0" = ReCycle 2.0 "ReFX JunoX2 VSTi v1.51" = ReFX JunoX2 VSTi v1.51 "ReFX Vanguard VSTi v1.04" = ReFX Vanguard VSTi v1.04 "Registrar Registry Manager 6.50 (Lite Edition)" = Registrar Registry Manager 6.50 (Lite Edition) "Rob Papen Albino 3" = Rob Papen Albino 3 "Rob Papen BLUE Version 1.7.0_is1" = Rob Papen BLUE Version 1.7.0 "Roger Nichols Digital DYNAM-IZER VST RTAS v1.1" = Roger Nichols Digital DYNAM-IZER VST RTAS v1.1 "Sonalksis Plug-Ins for Windows_is1" = Sonalksis Plug-Ins for Windows 1.26 "Sonik Synth 2" = Sonik Synth 2 "Sonnox Oxford R3 EQ Native VST_is1" = Sonnox Oxford R3 EQ Native VST v1.6.1 "Sound Designers VST Plugin Pack v2.0_is1" = Sound Designers VST Plugin Pack v2.0 "Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944 "Superwave Bundle VSTi v2.0" = Superwave Bundle VSTi v2.0 "Sylenth1_is1" = Sylenth1 v1.01.3 "Symptohm VST2" = Ohm Force - Symptohm VST2 "Synapse Junglist VSTi v3.2" = Synapse Junglist VSTi v3.2 "SyncroSoft Emu" = SyncroSoft Emu (Remove only) "Syncrosoft's License Control" = Syncrosoft's License Control "TC Native Bundle v3.1" = TC Native Bundle v3.1 "Toxic Biohazard" = Toxic Biohazard "Trilogy_is1" = Trilogy "Virtual Guitarist EE Fx VST" = Virtual Guitarist EE Fx VST "Voxengo LF-Punch VST" = Voxengo LF-Punch VST 1.3.1 "Waldorf D-Pole v1.5" = Waldorf D-Pole v1.5 "Waldorf PPG Wave2V v1.10" = Waldorf PPG Wave2V v1.10 "Waldorf.Attack.v1.2-OxYGeN" = Waldorf.Attack.v1.2-OxYGeN "Warp VST V1.0" = Warp VST V1.0 "Waves Diamond Bundle v5.0" = Waves Diamond Bundle v5.0 "Waves IR1 v5.0" = Waves IR1 v5.0 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "z3ta+_x86_is1" = rgc:audio z3ta+ 1.5 ========== Last 10 Event Log Errors ========== [ Antivirus Events ] Error - 12/14/2009 4:29:54 AM | Computer Name = HHINC | Source = avast! | ID = 33554522 Description = Error in aswChestC: chestAddFile Error 1753. Error - 12/14/2009 4:30:32 AM | Computer Name = HHINC | Source = avast! | ID = 33554522 Description = Error in aswChestC: chestAddFile Error 1753. [ Application Events ] Error - 7/29/2008 5:40:25 PM | Computer Name = HHINC | Source = Application Error | ID = 1000 Description = Faulting application nero.exe, version 7.9.6.0, faulting module nero.exe, version 7.9.6.0, fault address 0x003c0c4f. Error - 8/7/2008 2:06:47 PM | Computer Name = HHINC | Source = Application Error | ID = 1000 Description = Faulting application standalone.exe, version 1.0.0.1, faulting module arp2600 v.dll, version 0.0.0.0, fault address 0x00038a3c. Error - 8/7/2008 2:06:57 PM | Computer Name = HHINC | Source = Application Error | ID = 1000 Description = Faulting application arp2600 v.exe, version 1.2.0.0, faulting module arp2600 v.dll, version 0.0.0.0, fault address 0x00038a3c. Error - 8/7/2008 2:26:50 PM | Computer Name = HHINC | Source = Application Error | ID = 1000 Description = Faulting application arp2600 v.exe, version 1.2.0.0, faulting module arp2600 v.dll, version 0.0.0.0, fault address 0x00038a3c. Error - 8/13/2008 5:25:47 PM | Computer Name = HHINC | Source = Application Hang | ID = 1002 Description = Hanging application Cubasesx3.exe, version 3.1.1.944, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 11/5/2008 1:34:01 PM | Computer Name = HHINC | Source = Application Error | ID = 1000 Description = Faulting application npswf32_flashutil.exe, version 9.0.124.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea. [ System Events ] Error - 12/14/2009 12:19:40 AM | Computer Name = HHINC | Source = Cdrom | ID = 262155 Description = The driver detected a controller error on \Device\CdRom0. Error - 12/14/2009 12:19:41 AM | Computer Name = HHINC | Source = Cdrom | ID = 262155 Description = The driver detected a controller error on \Device\CdRom0. Error - 12/14/2009 12:19:41 AM | Computer Name = HHINC | Source = Cdrom | ID = 262155 Description = The driver detected a controller error on \Device\CdRom0. Error - 12/14/2009 12:19:42 AM | Computer Name = HHINC | Source = Cdrom | ID = 262155 Description = The driver detected a controller error on \Device\CdRom0. Error - 12/14/2009 12:27:53 AM | Computer Name = HHINC | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect. Error - 12/14/2009 12:27:53 AM | Computer Name = HHINC | Source = Service Control Manager | ID = 7000 Description = The avast! Antivirus service failed to start due to the following error: %%1053 Error - 12/14/2009 2:01:27 AM | Computer Name = HHINC | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect. Error - 12/14/2009 2:01:27 AM | Computer Name = HHINC | Source = Service Control Manager | ID = 7000 Description = The avast! Antivirus service failed to start due to the following error: %%1053 Error - 12/14/2009 3:04:39 AM | Computer Name = HHINC | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect. Error - 12/14/2009 3:04:39 AM | Computer Name = HHINC | Source = Service Control Manager | ID = 7000 Description = The avast! Antivirus service failed to start due to the following error: %%1053 < End of report > ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusOverride" = 1 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found "C:\Program Files\BeatPack\BeatPack.exe" = C:\Program Files\BeatPack\BeatPack.exe:*:Enabled:BeatPack -- () "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation) "C:\WINDOWS\system32\wbem\unsecapp.exe" = C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:unsecapp -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{1737D702-C1DF-4B80-B102-366411108183}" = UNIQUEL-IZER "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 12 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{5310C7A5-A385-6E26-66E9-C0F0CA5A7E45}" = BeatportDownloader "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}" = Sony Sound Forge 9.0 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D9FC789-D02E-488C-B233-124AA80930A5}" = Waves SSL 4000 Collection 1.1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0 "{8D1765D0-B66F-495D-8F44-D18CF15B915A}" = FREQUAL-IZER "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer "{A20A58C4-6784-4B4B-86CC-94E2E3671033}" = Nero 7 Premium "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0 "{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}" = AmpliTube2 "{CB75CD86-3059-4C62-9BB2-BA9CBB36EF40}" = MPD16 Utility software "{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}" = Sony Noise Reduction Plug-In 2.0e "{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0 "{EC9A0711-9823-4DD2-83C4-039886A3ECF6}" = Melodyne 3.2 Demo "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter "{FAAF4F08-107F-42B4-B01C-B5BACB65E7D3}" = MOTU FireWire/USB Audio Installer "Ableton Live_is1" = Ableton Live v7.0.1 "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "Antares Autotune DX v4.12" = Antares Autotune DX v4.12 "Antares Filter VST DX v1.01" = Antares Filter VST DX v1.01 "Arturia Arp2600 V_is1" = Arturia Arp2600 V VSTi RTAS v1.6 "Arturia Minimoog V v1.0" = Arturia Minimoog V v1.0 "Atmosphere_is1" = Atmosphere "AudioRealism Bassline v1.504" = AudioRealism Bassline v1.504 "avast!" = avast! Antivirus "BeatPack" = BeatPack (0.9) "BigTick Rhino v1.01" = BigTick Rhino v1.01 "Cakewalk Rapture_is1" = Rapture 1.0 "Camel Audio Cameleon 5000 VSTi v1.6" = Camel Audio Cameleon 5000 VSTi v1.6 "Celemony Melodyne 2.1.0.5" = Celemony Melodyne 2.1.0.5 "Ease Audio Converter_is1" = Ease Audio Converter 4.80 "Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03 "Edirol SuperQuartet v1.5" = Edirol SuperQuartet v1.5 "FabFilter Simplon_is1" = FabFilter Simplon VST RTAS v1.01 "FabFilter Timeless_is1" = FabFilter Timeless VST RTAS v1.01 "FabFilter Volcano_is1" = FabFilter Volcano VST RTAS v1.21 "FabFilter_Twin_VSTi_v1.20-READ_NFO-PLZ" = FabFilter_Twin_VSTi_v1.20-READ_NFO-PLZ "FL Studio 8" = FL Studio 8 "fxpansion!MTap" = fxpansion!MTap "GFORCE_SOFTWARE_MINIMONSTA_RTAS_VSTi_v1.06-PLZ" = GFORCE_SOFTWARE_MINIMONSTA_RTAS_VSTi_v1.06-PLZ "GMedia Music impOSCar VSTi v1.0.0.1" = GMedia Music impOSCar VSTi v1.0.0.1 "Granner-X VST v1.08" = Granner-X VST v1.08 "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "IK Multimedia Amplitube v1.3" = IK Multimedia Amplitube v1.3 "IK Multimedia Sampletank XL v2.0.1.r1" = IK Multimedia Sampletank XL v2.0.1.r1 "IL Download Manager" = IL Download Manager "Jupiter-8V_is1" = Jupiter-8V 1.0 "Korg Legacy Collection VSTi v1.0.02" = Korg Legacy Collection VSTi v1.0.02 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Moog Modular V_is1" = Moog Modular V v2.2 "MOTU USB MIDI Uninstall" = MOTU MIDI "Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Native Instruments Absynth 4" = Native Instruments Absynth 4 "Native Instruments Akoustik Piano" = Native Instruments Akoustik Piano "Native Instruments B4 II" = Native Instruments B4 II "Native Instruments Battery 3" = Native Instruments Battery 3 "Native Instruments Elektrik Piano 1.5" = Native Instruments Elektrik Piano 1.5 "Native Instruments FM8" = Native Instruments FM8 "Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3 "Native Instruments Komplete 5" = Native Instruments Komplete 5 "Native Instruments Kontakt 3" = Native Instruments Kontakt 3 "Native Instruments Massive" = Native Instruments Massive "Native Instruments Pro-53" = Native Instruments Pro-53 "Native Instruments Reaktor 5" = Native Instruments Reaktor 5 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nomad Factory Blue Tubes Bundle v2.0" = Nomad Factory Blue Tubes Bundle v2.0 "Nomad Factory Blueverb v1.1" = Nomad Factory Blueverb v1.1 "Nomad Factory SC-226" = Nomad Factory SC-226 "Nomadfactory Liquid Bundle VST RTAS v2.1" = Nomadfactory Liquid Bundle VST RTAS v2.1 "Novation Bass-Station VSTi v1.10" = Novation Bass-Station VSTi v1.10 "Novation V-Station v1.20-H2O" = Novation V-Station v1.20-H2O "NVIDIA Drivers" = NVIDIA Drivers "Ohmforce Ohmboyz PRO VST v1.42" = Ohmforce Ohmboyz PRO VST v1.42 "Ohmforce Predatohm VST PRO v1.24" = Ohmforce Predatohm VST PRO v1.24 "PoiZone" = PoiZone "Predator_is1" = Rob Papen Predator V1.1.1 "PSP 608 MultiDelay 1.1.2" = PSP 608 MultiDelay 1.1.2 "PSP 84 v1.0" = PSP 84 v1.0 "PSP Audioware MasterQ DX VST v1.0" = PSP Audioware MasterQ DX VST v1.0 "PSP Lexicon PSP42 VST DX v1.1" = PSP Lexicon PSP42 VST DX v1.1 "PSP VintageWarmer v1.5d" = PSP VintageWarmer v1.5d "PSP_Nitro" = PSP Nitro VST and DX 1.0 "Reason4_is1" = Reason 4.0 "ReCycle 2.0" = ReCycle 2.0 "ReFX JunoX2 VSTi v1.51" = ReFX JunoX2 VSTi v1.51 "ReFX Vanguard VSTi v1.04" = ReFX Vanguard VSTi v1.04 "Registrar Registry Manager 6.50 (Lite Edition)" = Registrar Registry Manager 6.50 (Lite Edition) "Rob Papen Albino 3" = Rob Papen Albino 3 "Rob Papen BLUE Version 1.7.0_is1" = Rob Papen BLUE Version 1.7.0 "Roger Nichols Digital DYNAM-IZER VST RTAS v1.1" = Roger Nichols Digital DYNAM-IZER VST RTAS v1.1 "Sonalksis Plug-Ins for Windows_is1" = Sonalksis Plug-Ins for Windows 1.26 "Sonik Synth 2" = Sonik Synth 2 "Sonnox Oxford R3 EQ Native VST_is1" = Sonnox Oxford R3 EQ Native VST v1.6.1 "Sound Designers VST Plugin Pack v2.0_is1" = Sound Designers VST Plugin Pack v2.0 "Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944 "Superwave Bundle VSTi v2.0" = Superwave Bundle VSTi v2.0 "Sylenth1_is1" = Sylenth1 v1.01.3 "Symptohm VST2" = Ohm Force - Symptohm VST2 "Synapse Junglist VSTi v3.2" = Synapse Junglist VSTi v3.2 "SyncroSoft Emu" = SyncroSoft Emu (Remove only) "Syncrosoft's License Control" = Syncrosoft's License Control "TC Native Bundle v3.1" = TC Native Bundle v3.1 "Toxic Biohazard" = Toxic Biohazard "Trilogy_is1" = Trilogy "Virtual Guitarist EE Fx VST" = Virtual Guitarist EE Fx VST "Voxengo LF-Punch VST" = Voxengo LF-Punch VST 1.3.1 "Waldorf D-Pole v1.5" = Waldorf D-Pole v1.5 "Waldorf PPG Wave2V v1.10" = Waldorf PPG Wave2V v1.10 "Waldorf.Attack.v1.2-OxYGeN" = Waldorf.Attack.v1.2-OxYGeN "Warp VST V1.0" = Warp VST V1.0 "Waves Diamond Bundle v5.0" = Waves Diamond Bundle v5.0 "Waves IR1 v5.0" = Waves IR1 v5.0 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "z3ta+_x86_is1" = rgc:audio z3ta+ 1.5 ========== Last 10 Event Log Errors ========== [ Antivirus Events ] Error - 12/14/2009 4:29:54 AM | Computer Name = HHINC | Source = avast! | ID = 33554522 Description = Error in aswChestC: chestAddFile Error 1753. Error - 12/14/2009 4:30:32 AM | Computer Name = HHINC | Source = avast! | ID = 33554522 Description = Error in aswChestC: chestAddFile Error 1753. [ Application Events ] Error - 7/29/2008 5:40:25 PM | Computer Name = HHINC | Source = Application Error | ID = 1000 Description = Faulting application nero.exe, version 7.9.6.0, faulting module nero.exe, version 7.9.6.0, fault address 0x003c0c4f. Error - 8/7/2008 2:06:47 PM | Computer Name = HHINC | Source = Application Error | ID = 1000 Description = Faulting application standalone.exe, version 1.0.0.1, faulting module arp2600 v.dll, version 0.0.0.0, fault address 0x00038a3c. Error - 8/7/2008 2:06:57 PM | Computer Name = HHINC | Source = Application Error | ID = 1000 Description = Faulting application arp2600 v.exe, version 1.2.0.0, faulting module arp2600 v.dll, version 0.0.0.0, fault address 0x00038a3c. Error - 8/7/2008 2:26:50 PM | Computer Name = HHINC | Source = Application Error | ID = 1000 Description = Faulting application arp2600 v.exe, version 1.2.0.0, faulting module arp2600 v.dll, version 0.0.0.0, fault address 0x00038a3c. Error - 8/13/2008 5:25:47 PM | Computer Name = HHINC | Source = Application Hang | ID = 1002 Description = Hanging application Cubasesx3.exe, version 3.1.1.944, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 11/5/2008 1:34:01 PM | Computer Name = HHINC | Source = Application Error | ID = 1000 Description = Faulting application npswf32_flashutil.exe, version 9.0.124.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea. [ System Events ] Error - 12/14/2009 12:19:40 AM | Computer Name = HHINC | Source = Cdrom | ID = 262155 Description = The driver detected a controller error on \Device\CdRom0. Error - 12/14/2009 12:19:41 AM | Computer Name = HHINC | Source = Cdrom | ID = 262155 Description = The driver detected a controller error on \Device\CdRom0. Error - 12/14/2009 12:19:41 AM | Computer Name = HHINC | Source = Cdrom | ID = 262155 Description = The driver detected a controller error on \Device\CdRom0. Error - 12/14/2009 12:19:42 AM | Computer Name = HHINC | Source = Cdrom | ID = 262155 Description = The driver detected a controller error on \Device\CdRom0. Error - 12/14/2009 12:27:53 AM | Computer Name = HHINC | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect. Error - 12/14/2009 12:27:53 AM | Computer Name = HHINC | Source = Service Control Manager | ID = 7000 Description = The avast! Antivirus service failed to start due to the following error: %%1053 Error - 12/14/2009 2:01:27 AM | Computer Name = HHINC | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect. Error - 12/14/2009 2:01:27 AM | Computer Name = HHINC | Source = Service Control Manager | ID = 7000 Description = The avast! Antivirus service failed to start due to the following error: %%1053 Error - 12/14/2009 3:04:39 AM | Computer Name = HHINC | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect. Error - 12/14/2009 3:04:39 AM | Computer Name = HHINC | Source = Service Control Manager | ID = 7000 Description = The avast! Antivirus service failed to start due to the following error: %%1053 < End of report >
- December 17, 2009
- 23 replies
In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

quannum replied to quannum's topic in Resolved Malware Removal Logs

okay, here is the OTL log. I tried to update malwarebytes, i hooked the computer back up to the internet, it downloaded the update, restarted my computer, and when i tried to open it, it said "windows cannot find the file mbam.exe" so I uninstalled and reinstalled, and got the same problem. OTL logfile created on: 12/17/2009 2:09:12 PM - Run 1 OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Alec\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 80.68% Memory free 3.85 Gb Paging File | 3.57 Gb Available in Paging File | 92.76% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 115.03 Gb Total Space | 51.86 Gb Free Space | 45.08% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive E: | 698.63 Gb Total Space | 204.32 Gb Free Space | 29.25% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HHINC Current User Name: Alec Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Alec\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin) PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Acronis) PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Acronis) PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\Program Files\MOTU\Audio\MFWAKeys.exe () PRC - C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Alec\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\linkinfo.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AcrSch2Svc LM Service) -- File not found SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Acronis) SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (NBService) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG) SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) ========== Driver Services (SafeList) ========== DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications) DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software) DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software) DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software) DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.) DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (TPkd) -- C:\WINDOWS\system32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (mfwamidi) -- C:\WINDOWS\system32\drivers\MFWAMIDI.sys (Mark of the Unicorn) DRV - (mfwagsif) -- C:\WINDOWS\system32\drivers\mfwagsif.sys (MOTU) DRV - (mfwawave) -- C:\WINDOWS\system32\drivers\MFWAWave.sys (MOTU) DRV - (MotuFWA) -- C:\WINDOWS\system32\drivers\motufwa.sys (Mark of the Unicorn) DRV - (motubus) -- C:\WINDOWS\system32\drivers\motubus.sys (Mark of the Unicorn) DRV - (CLEDX) -- C:\WINDOWS\system32\drivers\cledx.sys (Team H2O) DRV - (MotuUsb) -- C:\WINDOWS\system32\drivers\motuusb.sys (Mark of the Unicorn) DRV - (MotuMidi) -- C:\WINDOWS\system32\drivers\motumidi.sys (Mark of the Unicorn) DRV - (MPD16USB) -- C:\WINDOWS\system32\drivers\MPD16USB.sys (AKAI professional M.I. Corp.) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006 FF - prefs.js..extensions.enabledItems: {B0D73270-E6E4-4C73-8B84-83D69FCB2C6C}:1.0 FF - HKLM\software\mozilla\Firefox\Extensions\\{B0D73270-E6E4-4C73-8B84-83D69FCB2C6C}: C:\Documents and Settings\Alec\Local Settings\Application Data\{B0D73270-E6E4-4C73-8B84-83D69FCB2C6C} [2009/03/04 18:15:24 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/08 17:54:16 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/08 17:54:16 | 00,000,000 | ---D | M] [2008/12/08 22:36:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alec\Application Data\Mozilla\Extensions [2009/10/17 21:49:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alec\Application Data\Mozilla\Firefox\Profiles\t1nev64u.default\extensions [2009/04/15 18:03:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alec\Application Data\Mozilla\Firefox\Profiles\t1nev64u.default\extensions\moveplayer@movenetworks.com [2009/10/17 21:49:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: (0 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin) O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mmbbaamm.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\Alec\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MOTU Pedal Handler.lnk = C:\WINDOWS\Installer\{FAAF4F08-107F-42B4-B01C-B5BACB65E7D3}\_A09C8DBB3D0A4282F8972C.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1208922522685 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1208922515357 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O20 - AppInit_DLLs: (jilubeju.dll) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/04/22 22:16:20 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3e9de16b-5247-11de-ac86-0050fcce1ce2}\Shell - "" = AutoRun O33 - MountPoints2\{3e9de16b-5247-11de-ac86-0050fcce1ce2}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3e9de16b-5247-11de-ac86-0050fcce1ce2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2009/12/17 14:06:49 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/17 14:06:48 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/12/17 14:06:06 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Alec\Desktop\mbam-setup.exe [2009/12/17 13:54:34 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alec\Desktop\OTL.exe [2009/12/16 05:16:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Audio Damage [2009/12/14 16:44:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alec\Desktop\Attach [2009/12/14 01:28:19 | 00,032,824 | ---- | C] (Resplendence Software Projects Sp) -- C:\WINDOWS\System32\rrMon.sys [2009/12/13 23:29:51 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/12/13 23:25:53 | 00,000,000 | ---D | C] -- C:\Program Files\Sonnox [2009/12/13 23:09:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alec\Desktop\Prime.Loops.Dubstep.Producer.REX2.WAV-DYNAMiCS [2009/12/13 23:02:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alec\Desktop\Sonnox.Oxford.R3.EQ.Native.VST.v1.6.1-AiR [2009/12/13 23:01:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alec\Desktop\Audio.Damage.Dubstation.VST.v1.5-peace-out [2009/03/14 20:52:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2009/03/14 20:51:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2009/03/14 20:51:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2009/03/14 20:51:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2008/11/18 20:01:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/12/17 14:07:32 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\jakipase [2009/12/17 14:06:51 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/12/17 14:06:09 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Alec\Desktop\mbam-setup.exe [2009/12/17 13:52:39 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009/12/17 13:52:39 | 00,002,301 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MOTU Pedal Handler.lnk [2009/12/17 13:52:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/17 13:52:26 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/12/17 13:52:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/12/17 13:51:44 | 09,961,472 | -H-- | M] () -- C:\Documents and Settings\Alec\NTUSER.DAT [2009/12/17 13:51:20 | 00,464,860 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/12/17 13:51:20 | 00,397,560 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/12/17 13:51:20 | 00,059,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/12/17 13:51:19 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Alec\ntuser.ini [2009/12/17 13:48:34 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alec\Desktop\OTL.exe [2009/12/17 10:00:28 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\bibanizu.exe [2009/12/16 20:11:16 | 00,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz [2009/12/16 20:11:16 | 00,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll [2009/12/16 20:09:54 | 00,000,032 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss [2009/12/16 20:09:54 | 00,000,032 | ---- | M] () -- C:\WINDOWS\System32\msvcsv60.dll [2009/12/16 20:09:54 | 00,000,032 | ---- | M] () -- C:\WINDOWS\msocreg32.dat [2009/12/16 15:59:39 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\kasewari.exe [2009/12/15 22:27:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/12/15 21:58:52 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\lirifufe.exe [2009/12/15 20:01:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/12/15 03:58:09 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\kuvihube.exe [2009/12/14 16:46:12 | 00,004,638 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\Attach.zip [2009/12/14 09:57:21 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\gidobedi.exe [2009/12/14 03:56:08 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Alec\defogger_reenable [2009/12/14 03:50:06 | 00,050,621 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\Defogger.exe [2009/12/14 02:46:48 | 00,292,864 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\wthdvcyp.exe [2009/12/14 02:46:36 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\dds.scr [2009/12/13 23:29:51 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\HijackThis.lnk [2009/12/12 02:15:11 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\fasihebu.exe [2009/12/10 23:37:56 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\Alec\My Documents\Default.rdp [2009/12/08 21:36:10 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\vodarowo.exe [2009/12/04 21:19:47 | 00,005,485 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\mob barley CD.nra [2009/12/04 10:53:40 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\zolahipu.exe [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/11/29 00:10:55 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\kuwovogi.exe [2009/11/22 21:54:39 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\gugatemi.exe [2009/11/22 03:53:03 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\nageyefu.exe [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/17 14:06:51 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/12/17 10:00:28 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\bibanizu.exe [2009/12/16 15:59:39 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\kasewari.exe [2009/12/15 21:58:52 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\lirifufe.exe [2009/12/15 03:58:09 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\kuvihube.exe [2009/12/14 16:46:12 | 00,004,638 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\Attach.zip [2009/12/14 09:57:21 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\gidobedi.exe [2009/12/14 03:56:08 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Alec\defogger_reenable [2009/12/14 03:55:08 | 00,050,621 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\Defogger.exe [2009/12/14 02:56:32 | 00,292,864 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\wthdvcyp.exe [2009/12/14 02:56:28 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\dds.scr [2009/12/13 23:29:51 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\HijackThis.lnk [2009/12/12 02:15:11 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\fasihebu.exe [2009/12/10 23:37:56 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\Alec\My Documents\Default.rdp [2009/12/08 21:36:10 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\vodarowo.exe [2009/12/04 10:53:40 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\zolahipu.exe [2009/12/03 21:19:16 | 00,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys [2009/11/29 00:10:55 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\kuwovogi.exe [2009/11/22 21:54:39 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\gugatemi.exe [2009/11/22 03:53:03 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\nageyefu.exe [2009/10/17 21:58:44 | 00,107,008 | ---- | C] () -- C:\Program Files\r.exe [2009/10/07 00:50:14 | 00,005,224 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini [2009/07/17 21:58:45 | 00,107,008 | -HS- | C] () -- C:\WINDOWS\System32\wasubezu.dll [2009/07/17 21:58:45 | 00,107,008 | -HS- | C] () -- C:\WINDOWS\System32\navavaze.dll [2009/07/04 16:00:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\hjgruimqpmeyxy.sys [2009/04/17 14:19:31 | 00,000,398 | ---- | C] () -- C:\WINDOWS\AudioConverter.INI [2009/02/15 21:34:12 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2009/02/15 21:34:12 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2009/02/15 21:34:12 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2009/02/15 21:34:12 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2009/02/15 21:34:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2008/08/07 13:26:05 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll [2008/05/06 21:55:12 | 00,000,032 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll [2008/04/25 21:10:38 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008/04/25 00:45:56 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\ceme20.dll [2008/04/24 20:27:08 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibsd.dll [2008/04/24 20:27:08 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibgs.dll [2008/04/24 20:27:08 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibff.dll [2008/04/24 20:27:08 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibeh.dll [2008/04/24 20:27:08 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\slibsd.dll [2008/04/24 20:27:08 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\slibkhj.dll [2008/04/24 19:24:09 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2008/04/24 15:50:33 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2008/04/23 16:03:10 | 00,045,056 | ---- | C] () -- C:\Documents and Settings\Alec\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/04/06 13:53:03 | 00,000,122 | ---- | C] () -- C:\WINDOWS\msmmdx9.ini [2007/01/30 18:31:46 | 00,002,372 | ---- | C] () -- C:\WINDOWS\EaseAudioConverter.ini [2006/10/22 11:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/10/22 11:22:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/10/22 11:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/10/22 11:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006/10/22 11:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/10/22 11:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006/10/22 11:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006/04/14 09:37:26 | 00,000,031 | ---- | C] () -- C:\WINDOWS\aceg.ini [2004/03/04 04:50:40 | 00,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll < End of report > DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications) DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software) DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software) DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software) DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.) DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (TPkd) -- C:\WINDOWS\system32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (mfwamidi) -- C:\WINDOWS\system32\drivers\MFWAMIDI.sys (Mark of the Unicorn) DRV - (mfwagsif) -- C:\WINDOWS\system32\drivers\mfwagsif.sys (MOTU) DRV - (mfwawave) -- C:\WINDOWS\system32\drivers\MFWAWave.sys (MOTU) DRV - (MotuFWA) -- C:\WINDOWS\system32\drivers\motufwa.sys (Mark of the Unicorn) DRV - (motubus) -- C:\WINDOWS\system32\drivers\motubus.sys (Mark of the Unicorn) DRV - (CLEDX) -- C:\WINDOWS\system32\drivers\cledx.sys (Team H2O) DRV - (MotuUsb) -- C:\WINDOWS\system32\drivers\motuusb.sys (Mark of the Unicorn) DRV - (MotuMidi) -- C:\WINDOWS\system32\drivers\motumidi.sys (Mark of the Unicorn) DRV - (MPD16USB) -- C:\WINDOWS\system32\drivers\MPD16USB.sys (AKAI professional M.I. Corp.) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006 FF - prefs.js..extensions.enabledItems: {B0D73270-E6E4-4C73-8B84-83D69FCB2C6C}:1.0 FF - HKLM\software\mozilla\Firefox\Extensions\\{B0D73270-E6E4-4C73-8B84-83D69FCB2C6C}: C:\Documents and Settings\Alec\Local Settings\Application Data\{B0D73270-E6E4-4C73-8B84-83D69FCB2C6C} [2009/03/04 18:15:24 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/08 17:54:16 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/08 17:54:16 | 00,000,000 | ---D | M] [2008/12/08 22:36:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alec\Application Data\Mozilla\Extensions [2009/10/17 21:49:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alec\Application Data\Mozilla\Firefox\Profiles\t1nev64u.default\extensions [2009/04/15 18:03:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alec\Application Data\Mozilla\Firefox\Profiles\t1nev64u.default\extensions\moveplayer@movenetworks.com [2009/10/17 21:49:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: (0 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin) O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mmbbaamm.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\Alec\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MOTU Pedal Handler.lnk = C:\WINDOWS\Installer\{FAAF4F08-107F-42B4-B01C-B5BACB65E7D3}\_A09C8DBB3D0A4282F8972C.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1208922522685 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1208922515357 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O20 - AppInit_DLLs: (jilubeju.dll) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/04/22 22:16:20 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3e9de16b-5247-11de-ac86-0050fcce1ce2}\Shell - "" = AutoRun O33 - MountPoints2\{3e9de16b-5247-11de-ac86-0050fcce1ce2}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3e9de16b-5247-11de-ac86-0050fcce1ce2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2009/12/17 14:06:49 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/17 14:06:48 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/12/17 14:06:06 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Alec\Desktop\mbam-setup.exe [2009/12/17 13:54:34 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alec\Desktop\OTL.exe [2009/12/16 05:16:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Audio Damage [2009/12/14 16:44:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alec\Desktop\Attach [2009/12/14 01:28:19 | 00,032,824 | ---- | C] (Resplendence Software Projects Sp) -- C:\WINDOWS\System32\rrMon.sys [2009/12/13 23:29:51 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/12/13 23:25:53 | 00,000,000 | ---D | C] -- C:\Program Files\Sonnox [2009/12/13 23:09:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alec\Desktop\Prime.Loops.Dubstep.Producer.REX2.WAV-DYNAMiCS [2009/12/13 23:02:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alec\Desktop\Sonnox.Oxford.R3.EQ.Native.VST.v1.6.1-AiR [2009/12/13 23:01:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alec\Desktop\Audio.Damage.Dubstation.VST.v1.5-peace-out [2009/03/14 20:52:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2009/03/14 20:51:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2009/03/14 20:51:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2009/03/14 20:51:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2008/11/18 20:01:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/12/17 14:07:32 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\jakipase [2009/12/17 14:06:51 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/12/17 14:06:09 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Alec\Desktop\mbam-setup.exe [2009/12/17 13:52:39 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009/12/17 13:52:39 | 00,002,301 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MOTU Pedal Handler.lnk [2009/12/17 13:52:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/17 13:52:26 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/12/17 13:52:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/12/17 13:51:44 | 09,961,472 | -H-- | M] () -- C:\Documents and Settings\Alec\NTUSER.DAT [2009/12/17 13:51:20 | 00,464,860 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/12/17 13:51:20 | 00,397,560 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/12/17 13:51:20 | 00,059,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/12/17 13:51:19 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Alec\ntuser.ini [2009/12/17 13:48:34 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alec\Desktop\OTL.exe [2009/12/17 10:00:28 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\bibanizu.exe [2009/12/16 20:11:16 | 00,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz [2009/12/16 20:11:16 | 00,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll [2009/12/16 20:09:54 | 00,000,032 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss [2009/12/16 20:09:54 | 00,000,032 | ---- | M] () -- C:\WINDOWS\System32\msvcsv60.dll [2009/12/16 20:09:54 | 00,000,032 | ---- | M] () -- C:\WINDOWS\msocreg32.dat [2009/12/16 15:59:39 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\kasewari.exe [2009/12/15 22:27:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/12/15 21:58:52 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\lirifufe.exe [2009/12/15 20:01:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/12/15 03:58:09 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\kuvihube.exe [2009/12/14 16:46:12 | 00,004,638 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\Attach.zip [2009/12/14 09:57:21 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\gidobedi.exe [2009/12/14 03:56:08 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Alec\defogger_reenable [2009/12/14 03:50:06 | 00,050,621 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\Defogger.exe [2009/12/14 02:46:48 | 00,292,864 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\wthdvcyp.exe [2009/12/14 02:46:36 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\dds.scr [2009/12/13 23:29:51 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\HijackThis.lnk [2009/12/12 02:15:11 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\fasihebu.exe [2009/12/10 23:37:56 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\Alec\My Documents\Default.rdp [2009/12/08 21:36:10 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\vodarowo.exe [2009/12/04 21:19:47 | 00,005,485 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\mob barley CD.nra [2009/12/04 10:53:40 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\zolahipu.exe [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/11/29 00:10:55 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\kuwovogi.exe [2009/11/22 21:54:39 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\gugatemi.exe [2009/11/22 03:53:03 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\nageyefu.exe [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/17 14:06:51 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/12/17 10:00:28 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\bibanizu.exe [2009/12/16 15:59:39 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\kasewari.exe [2009/12/15 21:58:52 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\lirifufe.exe [2009/12/15 03:58:09 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\kuvihube.exe [2009/12/14 16:46:12 | 00,004,638 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\Attach.zip [2009/12/14 09:57:21 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\gidobedi.exe [2009/12/14 03:56:08 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Alec\defogger_reenable [2009/12/14 03:55:08 | 00,050,621 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\Defogger.exe [2009/12/14 02:56:32 | 00,292,864 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\wthdvcyp.exe [2009/12/14 02:56:28 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\dds.scr [2009/12/13 23:29:51 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Alec\Desktop\HijackThis.lnk [2009/12/12 02:15:11 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\fasihebu.exe [2009/12/10 23:37:56 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\Alec\My Documents\Default.rdp [2009/12/08 21:36:10 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\vodarowo.exe [2009/12/04 10:53:40 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\zolahipu.exe [2009/12/03 21:19:16 | 00,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys [2009/11/29 00:10:55 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\kuwovogi.exe [2009/11/22 21:54:39 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\gugatemi.exe [2009/11/22 03:53:03 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\nageyefu.exe [2009/10/17 21:58:44 | 00,107,008 | ---- | C] () -- C:\Program Files\r.exe [2009/10/07 00:50:14 | 00,005,224 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini [2009/07/17 21:58:45 | 00,107,008 | -HS- | C] () -- C:\WINDOWS\System32\wasubezu.dll [2009/07/17 21:58:45 | 00,107,008 | -HS- | C] () -- C:\WINDOWS\System32\navavaze.dll [2009/07/04 16:00:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\hjgruimqpmeyxy.sys [2009/04/17 14:19:31 | 00,000,398 | ---- | C] () -- C:\WINDOWS\AudioConverter.INI [2009/02/15 21:34:12 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2009/02/15 21:34:12 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2009/02/15 21:34:12 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2009/02/15 21:34:12 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2009/02/15 21:34:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2008/08/07 13:26:05 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll [2008/05/06 21:55:12 | 00,000,032 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll [2008/04/25 21:10:38 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008/04/25 00:45:56 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\ceme20.dll [2008/04/24 20:27:08 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibsd.dll [2008/04/24 20:27:08 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibgs.dll [2008/04/24 20:27:08 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibff.dll [2008/04/24 20:27:08 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibeh.dll [2008/04/24 20:27:08 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\slibsd.dll [2008/04/24 20:27:08 | 00,002,756 | ---- | C] () -- C:\WINDOWS\System32\slibkhj.dll [2008/04/24 19:24:09 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2008/04/24 15:50:33 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2008/04/23 16:03:10 | 00,045,056 | ---- | C] () -- C:\Documents and Settings\Alec\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/04/06 13:53:03 | 00,000,122 | ---- | C] () -- C:\WINDOWS\msmmdx9.ini [2007/01/30 18:31:46 | 00,002,372 | ---- | C] () -- C:\WINDOWS\EaseAudioConverter.ini [2006/10/22 11:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/10/22 11:22:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/10/22 11:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/10/22 11:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006/10/22 11:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/10/22 11:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006/10/22 11:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006/04/14 09:37:26 | 00,000,031 | ---- | C] () -- C:\WINDOWS\aceg.ini [2004/03/04 04:50:40 | 00,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll < End of report > [2009/12/17 14:07:09 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/12/17 14:06:51 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/12/17 14:06:09 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Alec\Desktop\mbam-setup.exe [2009/12/17 14:05:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox [2009/12/17 13:52:39 | 00,002,301 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MOTU Pedal Handler.lnk [2009/12/17 13:52:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/17 13:52:26 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/12/17 13:52:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/12/17 13:51:44 | 09,961,472 | -H-- | M] () -- C:\Documents and Settings\Alec\NTUSER.DAT [2009/12/17 13:51:19 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Alec\ntuser.ini [2009/12/17 13:48:34 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alec\Desktop\OTL.exe [2009/12/16 20:09:54 | 00,000,032 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss [2009/12/16 20:09:54 | 00,000,032 | ---- | M] () -- C:\WINDOWS\msocreg32.dat [2009/12/16 05:16:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Audio Damage [2009/12/15 22:27:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/12/15 20:01:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/12/14 16:46:12 | 00,004,638 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\Attach.zip [2009/12/14 03:56:08 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Alec\defogger_reenable [2009/12/14 03:50:06 | 00,050,621 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\Defogger.exe [2009/12/14 02:46:48 | 00,292,864 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\wthdvcyp.exe [2009/12/14 02:46:36 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\dds.scr [2009/12/13 23:29:51 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\HijackThis.lnk [2009/12/13 23:29:51 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro [2009/12/13 23:25:54 | 00,000,000 | ---D | M] -- C:\Program Files\Sonnox [2009/12/10 23:37:56 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\Alec\My Documents\Default.rdp [2009/12/08 21:36:10 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\vodarowo.exe [2009/12/04 21:19:47 | 00,005,485 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\mob barley CD.nra [2009/12/04 10:53:40 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\zolahipu.exe [2009/10/17 21:58:44 | 00,107,008 | ---- | M] () -- C:\Program Files\r.exe [2009/07/11 19:49:00 | 04,832,432 | -H-- | M] () -- C:\Documents and Settings\Alec\Local Settings\Application Data\IconCache.db [2009/04/05 20:42:19 | 00,043,896 | ---- | M] () -- C:\Documents and Settings\Alec\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/03/14 20:52:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2009/03/14 20:51:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2009/03/14 20:51:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2009/03/14 20:51:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2009/01/31 08:12:36 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Alec\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/11/18 20:01:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple [2008/04/22 18:08:25 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2008/04/22 18:08:25 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Alec\Application Data\desktop.ini [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/12/17 14:07:32 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\jakipase [2009/12/17 14:06:51 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/12/17 14:06:09 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Alec\Desktop\mbam-setup.exe [2009/12/17 13:52:39 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009/12/17 13:52:39 | 00,002,301 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MOTU Pedal Handler.lnk [2009/12/17 13:52:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/17 13:52:26 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/12/17 13:52:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/12/17 13:51:44 | 09,961,472 | -H-- | M] () -- C:\Documents and Settings\Alec\NTUSER.DAT [2009/12/17 13:51:20 | 00,464,860 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/12/17 13:51:20 | 00,397,560 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/12/17 13:51:20 | 00,059,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/12/17 13:51:19 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Alec\ntuser.ini [2009/12/17 13:48:34 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alec\Desktop\OTL.exe [2009/12/17 10:00:28 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\bibanizu.exe [2009/12/16 20:11:16 | 00,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz [2009/12/16 20:11:16 | 00,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll [2009/12/16 20:09:54 | 00,000,032 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss [2009/12/16 20:09:54 | 00,000,032 | ---- | M] () -- C:\WINDOWS\System32\msvcsv60.dll [2009/12/16 20:09:54 | 00,000,032 | ---- | M] () -- C:\WINDOWS\msocreg32.dat [2009/12/16 15:59:39 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\kasewari.exe [2009/12/15 22:27:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/12/15 21:58:52 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\lirifufe.exe [2009/12/15 20:01:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/12/15 03:58:09 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\kuvihube.exe [2009/12/14 16:46:12 | 00,004,638 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\Attach.zip [2009/12/14 09:57:21 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\gidobedi.exe [2009/12/14 03:56:08 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Alec\defogger_reenable [2009/12/14 03:50:06 | 00,050,621 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\Defogger.exe [2009/12/14 02:46:48 | 00,292,864 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\wthdvcyp.exe [2009/12/14 02:46:36 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\dds.scr [2009/12/13 23:29:51 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\HijackThis.lnk [2009/12/12 02:15:11 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\fasihebu.exe [2009/12/10 23:37:56 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\Alec\My Documents\Default.rdp [2009/12/08 21:36:10 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\vodarowo.exe [2009/12/04 21:19:47 | 00,005,485 | ---- | M] () -- C:\Documents and Settings\Alec\Desktop\mob barley CD.nra [2009/12/04 10:53:40 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\zolahipu.exe [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/11/29 00:10:55 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\kuwovogi.exe [2009/11/22 21:54:39 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\gugatemi.exe [2009/11/22 03:53:03 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\nageyefu.exe [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] < End of report >
- December 17, 2009
- 23 replies
In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

quannum posted a topic in Resolved Malware Removal Logs

hello! I was infected a while back by the System Security rogue-anti spyware program (and probably other things too). I used Avast AV & MBAM to clean the majority of items up, but found that my computer was still trying to connect to the internet (i disconnected it from the internet immediately upon noticing the infection, and have left it offline since) and was doing other odd things. such as opening "My Documents" upon startup, and most recently, my mouse randomly jumping and not responding as well as my keyboard not responding sometimes. I looked at any programs/files that looked suspicious to check if they were something that avast & mbam missed, and found a few (such as the file "4.tmp") and followed steps I read online to try and manually remove them and any registry entries (I should let you know that this is the first time I've ever messed with the registry, im not exactly a computer wiz, so I hope I haven't done any damage!) . I got hijackthis and ran it, again cross-referencing any files that looked suspect with known malware/trojans/virus etc, and used hijackthis to repair any obvious ones. there is one though that just won't go away....I can't delete it from the registry, rename it, anything...its listed in hijack this as "-020 AppInit_DLLs: Jilubeju.dll" I'm completely stumped, so I decided to throw in the towel and admit that im in over my head! so please help me and let me know what I need to do to get my PC back up and running! I would just reformat, but I bought this computer second-hand, so I don't have a windows disk. Thank you in advance! here are the logs requested: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:15:52 AM, on 12/14/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\MOTU\Audio\MFWAKeys.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe, O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mmbbaamm.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: MOTU Pedal Handler.lnk = ? O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208922522685 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208922515357 O20 - AppInit_DLLs: jilubeju.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe O23 - Service: Acronis Scheduler2 Service AcrSch2Svc LM Service (AcrSch2Svc LM Service) - Unknown owner - C:\WINDOWS\TEMP\4.tmp.exe (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6550 bytes DDS (Ver_09-12-01.01) - NTFSx86 Run by Alec at 3:57:30.70 on Mon 12/14/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1640 [GMT -5:00] AV: avast! antivirus 4.8.1356 [VPS 091017-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\MOTU\Audio\MFWAKeys.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Documents and Settings\Alec\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=c:\windows\system32\userinit.exe,userinit.exe, BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Acronis Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe" mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mmbbaamm.exe" /runcleanupscript StartupFolder: c:\docume~1\alec\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\motupe~1.lnk - c:\windows\installer\{faaf4f08-107f-42b4-b01c-b5bacb65e7d3}\_A09C8DBB3D0A4282F8972C.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208922522685 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208922515357 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab AppInit_DLLs: jilubeju.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Notification Packages = scecli navavaze.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\alec\applic~1\mozilla\firefox\profiles\t1nev64u.default\ FF - plugin: c:\documents and settings\alec\application data\mozilla\firefox\profiles\t1nev64u.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll FF - HiddenExtension: XUL Cache: {B0D73270-E6E4-4C73-8B84-83D69FCB2C6C} - c:\documents and settings\alec\local settings\application data\{B0D73270-E6E4-4C73-8B84-83D69FCB2C6C} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-7 64160] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-14 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-14 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-10-14 138680] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-10-14 254040] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-10-14 352920] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-4-23 33792] R3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\motubus.sys [2007-1-4 15360] S2 AcrSch2Svc LM Service;Acronis Scheduler2 Service AcrSch2Svc LM Service;c:\windows\temp\4.tmp service --> c:\windows\temp\4.tmp service [?] S2 grwqme;grwqme;\??\c:\windows\system32\drivers\gzqlu.sys --> c:\windows\system32\drivers\gzqlu.sys [?] S3 fireface;Service for Fireface (WDM);c:\windows\system32\drivers\fireface.sys --> c:\windows\system32\drivers\fireface.sys [?] S3 mfwagsif;MOTU Audio GSIF;c:\windows\system32\drivers\mfwagsif.sys [2006-8-23 17408] S3 mfwamidi;MOTU Audio MIDI;c:\windows\system32\drivers\MFWAMIDI.sys [2006-8-23 19968] S3 mfwawave;MOTU Audio Wave;c:\windows\system32\drivers\MFWAWave.sys [2006-8-23 27648] S3 MotuFWA;MotuFWA;c:\windows\system32\drivers\motufwa.sys [2006-8-23 251904] S3 MotuMidi;MOTU MIDI Device;c:\windows\system32\drivers\motumidi.sys [2008-8-15 26752] S3 MotuUsb;MotuUsb;c:\windows\system32\drivers\motuusb.sys [2008-8-15 34432] S3 MPD16USB;AKAIpro MPD16 Driver;c:\windows\system32\drivers\MPD16USB.sys [2008-4-23 21793] =============== Created Last 30 ================ 2009-12-14 08:56:08 0 ----a-w- c:\documents and settings\alec\defogger_reenable 2009-12-14 06:28:19 32824 ----a-w- c:\windows\system32\rrMon.sys 2009-12-14 04:29:51 0 d-----w- c:\program files\Trend Micro 2009-12-14 04:25:53 0 d-----w- c:\program files\Sonnox 2009-12-12 07:15:11 2713 --sh--w- c:\windows\system32\fasihebu.exe 2009-12-09 02:36:10 2713 --sh--w- c:\windows\system32\vodarowo.exe 2009-12-04 15:53:40 2713 --sh--w- c:\windows\system32\zolahipu.exe 2009-12-04 02:19:16 2240 ----a-w- c:\windows\LENDIG.sys 2009-11-29 05:10:55 2713 --sh--w- c:\windows\system32\kuwovogi.exe 2009-11-23 02:54:39 2713 --sh--w- c:\windows\system32\gugatemi.exe 2009-11-22 08:53:03 2713 --sh--w- c:\windows\system32\nageyefu.exe 2009-11-16 02:00:56 2713 --sh--w- c:\windows\system32\vagiluke.exe 2009-11-15 06:27:00 2713 --sh--w- c:\windows\system32\wakepule.exe ==================== Find3M ==================== 2009-11-11 23:59:40 2713 --sh--w- c:\windows\system32\yudufiyo.exe 2009-11-10 04:39:10 2713 --sh--w- c:\windows\system32\horijavu.exe 2009-10-29 03:17:37 2713 --sh--w- c:\windows\system32\walowiwu.exe 2009-10-28 09:16:18 2713 --sh--w- c:\windows\system32\jodilose.exe 2009-10-24 06:17:01 2713 --sh--w- c:\windows\system32\vapuhonu.exe 2009-10-20 07:00:58 2713 --sh--w- c:\windows\system32\behipaya.exe 2009-10-18 02:58:44 107008 ----a-w- c:\program files\r.exe 2009-10-13 02:27:39 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-10-07 10:02:41 30144 ---ha-w- c:\windows\system32\mlfcache.dat 2009-07-18 02:58:45 107008 --sha-w- c:\windows\system32\navavaze.dll 2009-07-18 02:58:45 107008 --sha-w- c:\windows\system32\wasubezu.dll 2009-07-14 14:22:16 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009071420090715\index.dat ============= FINISH: 3:57:52.32 =============== Malwarebytes' Anti-Malware 1.41 Database version: 2977 Windows 5.1.2600 Service Pack 3 12/14/2009 5:20:44 PM mbam-log-2009-12-14 (17-20-44).txt Scan type: Full Scan (C:\|) Objects scanned: 197842 Time elapsed: 31 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Attach.zip
- December 14, 2009
- 23 replies

Sign In

quannum

Posts

Joined

Last visited

Reputation

In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

In Over My Head!!! Need Help removing stubborn / hidden DLLs!!!

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information