[RESOLVED] Trojan got my credit card number

Started By jacke, Apr 30 2011 11:37 PM

You cannot start a new topic
You cannot reply to this topic

17 replies to this topic

#1 jacke

Member

12 posts
Joined: April 30, 2011
1 topics
Skin: IP.Board
Local time: 02:02 PM

Zodiac:Aquarius
OS:Windows XP
Country:

Offline

:

Posted 30 April 2011 - 11:37 PM

My granddaughters got on my computer and got infected. I thought I had to buy the fake program and I give my credit card number. I have since called the credit card company and got a new card on the way. Now I have to finish cleaning my pc. Could someone check to see how bad it is. I was able to do a system restore so I could work with this computer. Here are your required logs.

GMER 1.0.15.15572 - http://www.gmer.net
Rootkit scan 2011-04-30 18:28:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380215A rev.3.AAD
Running: mhuuenbm.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kfnoapoc.sys

---- Kernel code sections - GMER 1.0.15 ----

? ermu.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[564] ADVAPI32.dll!RegSetValueExW 77DDD767 7 Bytes JMP 10150610 C:\Documents and Settings\Owner\Local Settings\Application Data\Elf_1.13\tbElf0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] ADVAPI32.dll!RegSetValueExA 77DDEAE7 7 Bytes JMP 10150550 C:\Documents and Settings\Owner\Local Settings\Application Data\Elf_1.13\tbElf0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] ADVAPI32.dll!RegSetValueA 77DFC79E 5 Bytes JMP 101503D0 C:\Documents and Settings\Owner\Local Settings\Application Data\Elf_1.13\tbElf0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] ADVAPI32.dll!RegSetValueW 77E36116 5 Bytes JMP 10150490 C:\Documents and Settings\Owner\Local Settings\Application Data\Elf_1.13\tbElf0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 101507E0 C:\Documents and Settings\Owner\Local Settings\Application Data\Elf_1.13\tbElf0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10150B40 C:\Documents and Settings\Owner\Local Settings\Application Data\Elf_1.13\tbElf0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 10150A50 C:\Documents and Settings\Owner\Local Settings\Application Data\Elf_1.13\tbElf0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 10150960 C:\Documents and Settings\Owner\Local Settings\Application Data\Elf_1.13\tbElf0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 10150CC0 C:\Documents and Settings\Owner\Local Settings\Application Data\Elf_1.13\tbElf0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1014FAC0 C:\Documents and Settings\Owner\Local Settings\Application Data\Elf_1.13\tbElf0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 10150DA0 C:\Documents and Settings\Owner\Local Settings\Application Data\Elf_1.13\tbElf0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[564] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 1014FC20 C:\Documents and Settings\Owner\Local Settings\Application Data\Elf_1.13\tbElf0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] ADVAPI32.dll!RegSetValueExW 77DDD767 7 Bytes JMP 03D40610 C:\Documents and Settings\Owner\Local Settings\Application Data\Elf_1.13\tbElf0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] ADVAPI32.dll!RegSetValueExA 77DDEAE7 7 Bytes JMP 03D40550 C:\Documents and Settings\Owner\Local Settings\Application Data\Elf_1.13\tbElf0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] ADVAPI32.dll!RegSetValueA 77DFC79E 5 Bytes JMP 03D403D0 C:\Documents and Settings\Owner\Local Settings\Application Data\Elf_1.13\tbElf0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] ADVAPI32.dll!RegSetValueW 77E36116 5 Bytes JMP 03D40490 C:\Documents and Settings\Owner\Local Settings\Application Data\Elf_1.13\tbElf0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 04FA0B00 C:\Documents and Settings\Owner\Local Settings\Application Data\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 04FA0E60 C:\Documents and Settings\Owner\Local Settings\Application Data\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 04FA0D70 C:\Documents and Settings\Owner\Local Settings\Application Data\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 04FA0C80 C:\Documents and Settings\Owner\Local Settings\Application Data\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 04FA0FE0 C:\Documents and Settings\Owner\Local Settings\Application Data\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 04F9FDE0 C:\Documents and Settings\Owner\Local Settings\Application Data\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 04FA10C0 C:\Documents and Settings\Owner\Local Settings\Application Data\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 04F9FF40 C:\Documents and Settings\Owner\Local Settings\Application Data\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 0414F983 C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 0414FAE7 C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CB583B C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CB6378 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CB5683 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CB5713 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CB5C8E C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2952] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CB667C C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[2952] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [2664] 0x758C0000
Library C:\Program (*** hidden *** ) @ C:\Program Files\LogMeIn\x86\LogMeIn.exe [2980] 0x758C0000

---- EOF - GMER 1.0.15 ----

Back to top

#2 jacke Re: [RESOLVED] Trojan got my credit card number

Member

12 posts
Joined: April 30, 2011
1 topics
Skin: IP.Board
Local time: 02:02 PM

Zodiac:Aquarius
OS:Windows XP
Country:

Offline

:

Posted 30 April 2011 - 11:40 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/17/2010 8:38:28 PM
System Uptime: 4/30/2011 4:37:10 PM (2 hours ago)
.
Motherboard: Dell Computer Corporation | |
Processor: Intel® Pentium® 4 CPU 1.80GHz | Socket 478 | 1794/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 65.373 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP306: 1/31/2011 9:54:16 AM - Software Distribution Service 3.0
RP307: 2/1/2011 10:45:21 AM - System Checkpoint
RP308: 2/2/2011 9:52:15 AM - Software Distribution Service 3.0
RP309: 2/2/2011 2:56:44 PM - Software Distribution Service 3.0
RP310: 2/2/2011 3:27:24 PM - Software Distribution Service 3.0
RP311: 2/3/2011 3:09:05 PM - Software Distribution Service 3.0
RP312: 2/4/2011 3:37:49 PM - System Checkpoint
RP313: 2/5/2011 10:41:02 AM - Software Distribution Service 3.0
RP314: 2/6/2011 1:46:46 AM - Software Distribution Service 3.0
RP315: 2/6/2011 10:40:22 AM - Software Distribution Service 3.0
RP316: 2/7/2011 10:40:25 AM - Software Distribution Service 3.0
RP317: 2/8/2011 10:40:04 AM - Software Distribution Service 3.0
RP318: 2/9/2011 10:40:38 AM - Software Distribution Service 3.0
RP319: 2/10/2011 3:00:16 AM - Software Distribution Service 3.0
RP320: 2/11/2011 3:23:53 AM - System Checkpoint
RP321: 2/11/2011 3:26:44 AM - Software Distribution Service 3.0
RP322: 2/12/2011 3:26:46 AM - Software Distribution Service 3.0
RP323: 2/13/2011 1:39:07 AM - Software Distribution Service 3.0
RP324: 2/14/2011 2:33:17 AM - System Checkpoint
RP325: 2/14/2011 9:36:13 PM - Software Distribution Service 3.0
RP326: 2/15/2011 9:40:43 PM - System Checkpoint
RP327: 2/16/2011 7:43:49 AM - Software Distribution Service 3.0
RP328: 2/17/2011 8:40:43 AM - System Checkpoint
RP329: 2/18/2011 7:44:12 AM - Software Distribution Service 3.0
RP330: 2/19/2011 8:26:38 AM - System Checkpoint
RP331: 2/19/2011 10:27:43 AM - Software Distribution Service 3.0
RP332: 2/20/2011 1:47:06 AM - Software Distribution Service 3.0
RP333: 2/20/2011 11:47:07 AM - Software Distribution Service 3.0
RP334: 2/21/2011 11:47:15 AM - Software Distribution Service 3.0
RP335: 2/22/2011 11:47:07 AM - Software Distribution Service 3.0
RP336: 2/23/2011 11:47:11 AM - Software Distribution Service 3.0
RP337: 2/24/2011 11:48:23 AM - Software Distribution Service 3.0
RP338: 2/25/2011 11:47:08 AM - Software Distribution Service 3.0
RP339: 2/26/2011 12:10:02 PM - System Checkpoint
RP340: 2/26/2011 3:12:39 PM - Software Distribution Service 3.0
RP341: 2/27/2011 1:32:19 AM - Software Distribution Service 3.0
RP342: 2/27/2011 3:12:23 PM - Software Distribution Service 3.0
RP343: 2/28/2011 3:12:48 PM - Software Distribution Service 3.0
RP344: 3/1/2011 4:10:02 PM - System Checkpoint
RP345: 3/2/2011 3:12:22 PM - Software Distribution Service 3.0
RP346: 3/3/2011 3:12:22 PM - Software Distribution Service 3.0
RP347: 3/4/2011 3:12:26 PM - Software Distribution Service 3.0
RP348: 3/5/2011 3:12:52 PM - Software Distribution Service 3.0
RP349: 3/6/2011 1:31:17 AM - Software Distribution Service 3.0
RP350: 3/6/2011 3:12:50 PM - Software Distribution Service 3.0
RP351: 3/7/2011 3:12:35 PM - Software Distribution Service 3.0
RP352: 3/8/2011 3:12:43 PM - Software Distribution Service 3.0
RP353: 3/9/2011 3:00:15 AM - Software Distribution Service 3.0
RP354: 3/9/2011 3:12:50 PM - Software Distribution Service 3.0
RP355: 3/10/2011 3:13:04 PM - Software Distribution Service 3.0
RP356: 3/11/2011 3:57:17 PM - System Checkpoint
RP357: 3/11/2011 10:59:50 PM - Software Distribution Service 3.0
RP358: 3/12/2011 11:59:38 PM - Software Distribution Service 3.0
RP359: 3/13/2011 4:00:15 AM - Software Distribution Service 3.0
RP360: 3/14/2011 4:21:45 AM - System Checkpoint
RP361: 3/14/2011 4:24:35 AM - Software Distribution Service 3.0
RP362: 3/15/2011 4:24:15 AM - Software Distribution Service 3.0
RP363: 3/16/2011 4:24:20 AM - Software Distribution Service 3.0
RP364: 3/17/2011 4:24:32 AM - Software Distribution Service 3.0
RP365: 3/18/2011 4:24:34 AM - Software Distribution Service 3.0
RP366: 3/19/2011 5:20:42 AM - System Checkpoint
RP367: 3/19/2011 5:23:42 PM - Software Distribution Service 3.0
RP368: 3/20/2011 1:57:47 AM - Software Distribution Service 3.0
RP369: 3/20/2011 5:23:03 PM - Software Distribution Service 3.0
RP370: 3/21/2011 5:23:36 PM - Software Distribution Service 3.0
RP371: 3/22/2011 5:23:07 PM - Software Distribution Service 3.0
RP372: 3/23/2011 6:22:46 PM - System Checkpoint
RP373: 3/24/2011 6:36:39 PM - System Checkpoint
RP374: 3/25/2011 3:00:15 AM - Software Distribution Service 3.0
RP375: 3/25/2011 10:46:30 AM - Software Distribution Service 3.0
RP376: 3/26/2011 10:40:22 AM - Software Distribution Service 3.0
RP377: 3/27/2011 2:21:50 AM - Software Distribution Service 3.0
RP378: 3/28/2011 2:27:07 AM - System Checkpoint
RP379: 3/28/2011 10:29:41 AM - Software Distribution Service 3.0
RP380: 3/29/2011 11:17:37 AM - System Checkpoint
RP381: 3/30/2011 9:20:30 AM - Software Distribution Service 3.0
RP382: 3/31/2011 9:19:48 AM - Software Distribution Service 3.0
RP383: 4/1/2011 10:18:36 AM - System Checkpoint
RP384: 4/1/2011 1:21:27 PM - Software Distribution Service 3.0
RP385: 4/2/2011 1:21:15 PM - Software Distribution Service 3.0
RP386: 4/3/2011 1:58:42 AM - Software Distribution Service 3.0
RP387: 4/3/2011 1:21:06 PM - Software Distribution Service 3.0
RP388: 4/4/2011 1:23:00 PM - System Checkpoint
RP389: 4/4/2011 6:25:45 PM - Software Distribution Service 3.0
RP390: 4/5/2011 6:44:55 PM - System Checkpoint
RP391: 4/5/2011 8:47:40 PM - Software Distribution Service 3.0
RP392: 4/6/2011 8:47:32 PM - Software Distribution Service 3.0
RP393: 4/7/2011 8:47:18 PM - Software Distribution Service 3.0
RP394: 4/8/2011 8:47:26 PM - Software Distribution Service 3.0
RP395: 4/9/2011 8:47:30 PM - Software Distribution Service 3.0
RP396: 4/10/2011 1:45:16 AM - Software Distribution Service 3.0
RP397: 4/10/2011 8:47:26 PM - Software Distribution Service 3.0
RP398: 4/11/2011 8:47:17 PM - Software Distribution Service 3.0
RP399: 4/12/2011 9:44:43 PM - System Checkpoint
RP400: 4/13/2011 12:47:24 PM - Software Distribution Service 3.0
RP401: 4/14/2011 12:47:11 PM - Software Distribution Service 3.0
RP402: 4/15/2011 3:00:14 AM - Software Distribution Service 3.0
RP403: 4/16/2011 3:24:25 AM - System Checkpoint
RP404: 4/16/2011 3:27:26 AM - Software Distribution Service 3.0
RP405: 4/17/2011 1:56:33 AM - Software Distribution Service 3.0
RP406: 4/18/2011 2:25:28 AM - System Checkpoint
RP407: 4/18/2011 6:29:47 PM - Software Distribution Service 3.0
RP408: 4/19/2011 6:30:38 PM - System Checkpoint
RP409: 4/20/2011 6:33:28 AM - Software Distribution Service 3.0
RP410: 4/21/2011 6:33:04 AM - Software Distribution Service 3.0
RP411: 4/22/2011 6:32:38 AM - Software Distribution Service 3.0
RP412: 4/23/2011 7:29:57 AM - System Checkpoint
RP413: 4/23/2011 11:31:39 AM - Software Distribution Service 3.0
RP414: 4/24/2011 2:24:04 AM - Software Distribution Service 3.0
RP415: 4/24/2011 11:31:32 AM - Software Distribution Service 3.0
RP416: 4/25/2011 12:28:51 PM - System Checkpoint
RP417: 4/30/2011 2:24:24 PM - Restore Operation
RP418: 4/30/2011 2:43:59 PM - Software Distribution Service 3.0
RP419: 4/30/2011 3:05:03 PM - Software Distribution Service 3.0
RP420: 4/30/2011 4:43:15 PM - Installed Java™ 6 Update 24
RP421: 4/30/2011 4:45:50 PM - Installed Java™ 6 Update 25
RP422: 4/30/2011 4:49:45 PM - Installed LogMeIn
RP423: 4/30/2011 4:52:09 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
ABBYY FineReader 5.0 Sprint
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.3
BCM V.92 56K Modem
Bing Bar
Britannica Ready Reference
CCleaner
Charter Browser Updater
Charter Toolbar
Conduit Engine
Dell ResourceCD
Driver Robot
Elf 1.13 Toolbar
FaxTools
File Extension Finder
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Extreme Graphics Driver Software
Java Auto Updater
Java™ 6 Update 25
Lexmark X74-X75
LogMeIn
Malwarebytes' Anti-Malware
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Security Client
Microsoft Security Essentials
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
QuickTime
Search Toolbar
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SoundMAX
TranslatorBar 1.2 Toolbar
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office 2002
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
4/30/2011 5:17:31 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
4/30/2011 5:09:17 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
4/30/2011 4:37:50 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
4/30/2011 3:06:55 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows Malicious Software Removal Tool - April 2011 (KB890830).
4/30/2011 2:23:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/27/2011 9:10:27 AM, error: Service Control Manager [7022] - The SeaPort service hung on starting.
4/26/2011 2:01:32 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/26/2011 1:56:35 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
4/26/2011 1:30:21 PM, error: Service Control Manager [7022] - The Google Update Service (gupdate) service hung on starting.
4/26/2011 1:28:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.
4/26/2011 1:28:58 PM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/25/2011 7:04:57 PM, error: Service Control Manager [7022] - The Java Quick Starter service hung on starting.
4/25/2011 6:53:31 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 18 time(s).
4/25/2011 6:52:22 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 17 time(s).
4/25/2011 6:51:28 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 16 time(s).
4/25/2011 6:51:22 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 15 time(s).
4/25/2011 6:49:30 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 14 time(s).
4/25/2011 6:45:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SeaPort service to connect.
4/25/2011 6:45:51 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
4/25/2011 6:45:50 PM, error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/25/2011 6:43:39 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 6 time(s).
4/25/2011 6:39:31 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 5 time(s).
4/25/2011 6:39:31 PM, error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The pipe has been ended.
4/25/2011 6:39:30 PM, error: DCOM [10005] - DCOM got error "%109" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
4/25/2011 6:38:16 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 4 time(s).
4/25/2011 6:36:30 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 3 time(s).
4/25/2011 6:36:29 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 2 time(s).
4/25/2011 6:36:25 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Microsoft\BingBar\SeaPort.EXE. Reference error message: The operation completed successfully. .
4/25/2011 6:36:25 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Microsoft\BingBar\SeaPort.EXE" on line 0.
4/25/2011 6:36:25 PM, error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.
4/25/2011 6:36:25 PM, error: DCOM [10005] - DCOM got error "%14001" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
4/25/2011 6:36:23 PM, error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: Access is denied.
4/25/2011 6:36:23 PM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
4/25/2011 6:35:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Microsoft Antimalware Service service to connect.
4/25/2011 6:35:58 PM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/25/2011 6:35:53 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Live ID Sign-in Assistant service to connect.
4/25/2011 6:35:53 PM, error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/25/2011 6:35:43 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
4/25/2011 6:35:42 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
4/25/2011 6:35:42 PM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
4/25/2011 6:35:42 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/25/2011 6:35:42 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
4/25/2011 6:33:04 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 13 time(s).
4/25/2011 6:32:20 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 12 time(s).
4/25/2011 6:31:50 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 11 time(s).
4/25/2011 6:28:08 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 10 time(s).
4/25/2011 6:26:03 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 9 time(s).
4/25/2011 6:25:35 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 8 time(s).
4/25/2011 6:24:00 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 7 time(s).
4/25/2011 6:03:21 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
4/25/2011 6:03:06 PM, error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
4/25/2011 5:34:57 PM, error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 3 time(s).
4/25/2011 11:32:06 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.387.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80072ee2 Error description: The operation timed out
.
==== End Of File ===========================

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 18:28:38.26 on Sat 04/30/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.682 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LogMeInToolkit.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\BingBar\BingBar.exe
C:\Program Files\Microsoft\BingBar\BingApp.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2857573
uSearch Page = hxxp://www.charter.net/google/index.php?q=
uWindow Title = Powered by Charter Communications
uInternet Settings,ProxyOverride = hxxp://localhost;
uURLSearchHooks: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\prxtbElf0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Charter Toolbar: {4e7bd74f-2b8d-469e-85ab-af21f3d9ae2f} - c:\progra~1\charte~1\CHARTE~1.DLL
BHO: TranslatorBar 1.2 Toolbar: {548f6736-8fe4-4680-82f2-170d6c07e1d2} - c:\program files\translatorbar_1.2\prxtbTra0.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\prxtbElf0.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Charter Toolbar: {4e7bd74f-2b8d-469e-85ab-af21f3d9ae2f} - c:\progra~1\charte~1\CHARTE~1.DLL
TB: TranslatorBar 1.2 Toolbar: {548f6736-8fe4-4680-82f2-170d6c07e1d2} - c:\program files\translatorbar_1.2\prxtbTra0.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\prxtbElf0.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Lexmark X74-X75] "c:\program files\lexmark x74-x75\lxbbbmgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1274448789687
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165264]
R1 MpKsl07e1ee47;MpKsl07e1ee47;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6fe6cc37-231e-46ba-9253-f8088750d94d}\MpKsl07e1ee47.sys [2011-4-30 28752]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-3-1 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-4-30 47640]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-14 135664]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
.
=============== Created Last 30 ================
.
2011-04-30 21:50:32 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\LogMeIn
2011-04-30 21:50:27 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-04-30 21:50:27 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-04-30 21:50:27 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2011-04-30 21:50:27 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-04-30 21:50:15 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-04-30 21:50:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\LogMeIn
2011-04-30 21:49:50 -------- d-----w- c:\program files\LogMeIn
2011-04-30 21:46:22 472808 ----a-w- c:\windows\system32\REN51.tmp
2011-04-30 21:38:09 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{6fe6cc37-231e-46ba-9253-f8088750d94d}\MpKsl07e1ee47.sys
2011-04-30 19:44:16 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{6fe6cc37-231e-46ba-9253-f8088750d94d}\mpengine.dll
2011-04-30 19:33:10 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2011-04-30 19:33:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-30 19:33:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-30 19:32:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-30 19:32:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-30 19:26:29 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-30 19:26:29 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-25 21:49:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\jBa01803mFoIc01803
2011-04-14 08:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-04-30 19:30:58 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-14 07:40:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
============= FINISH: 18:29:29.57 ===============

Back to top

#3 jacke Re: [RESOLVED] Trojan got my credit card number

Member

12 posts
Joined: April 30, 2011
1 topics
Skin: IP.Board
Local time: 02:02 PM

Zodiac:Aquarius
OS:Windows XP
Country:

Offline

:

Posted 30 April 2011 - 11:40 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 120):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7D63000 \WINDOWS\system32\KDCOM.DLL
0xF7C73000 \WINDOWS\system32\BOOTVID.dll
0xF7863000 ermu.sys
0xF7814000 ACPI.sys
0xF7D65000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7803000 pci.sys
0xF7873000 isapnp.sys
0xF7E2B000 pciide.sys
0xF7AE3000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7883000 MountMgr.sys
0xF77E4000 ftdisk.sys
0xF7AEB000 PartMgr.sys
0xF7893000 VolSnap.sys
0xF77CC000 atapi.sys
0xF78A3000 disk.sys
0xF78B3000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF77AC000 fltmgr.sys
0xF779A000 sr.sys
0xF7783000 KSecDD.sys
0xF76F6000 Ntfs.sys
0xF76C9000 NDIS.sys
0xF76AF000 Mup.sys
0xF7983000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF7653000 \SystemRoot\System32\DRIVERS\ialmnt5.sys
0xF763F000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF7B83000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF761B000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7B8B000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF750E000 \SystemRoot\system32\DRIVERS\BCMSM.sys
0xF74EB000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7B93000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7993000 \SystemRoot\System32\DRIVERS\bcm4sbxp.sys
0xF79A3000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF79B3000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF746C000 \SystemRoot\system32\drivers\smwdm.sys
0xF7448000 \SystemRoot\system32\drivers\portcls.sys
0xF79E3000 \SystemRoot\system32\drivers\drmk.sys
0xF7D7D000 \SystemRoot\system32\drivers\aeaudio.sys
0xF7B9B000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF79F3000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7D1B000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF7434000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7A03000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7BA3000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7BAB000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7F67000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7A13000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7D1F000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF741D000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF7A23000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7A33000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7BB3000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF740C000 \SystemRoot\System32\DRIVERS\psched.sys
0xF7A43000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7BC3000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7BCB000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7A53000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7D7F000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF73AE000 \SystemRoot\System32\DRIVERS\update.sys
0xF7D37000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7A63000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEF229000 \SystemRoot\system32\drivers\ialmsbw.sys
0xEF217000 \SystemRoot\system32\drivers\ialmkchw.sys
0xF7A83000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7D81000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7BDB000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xEF1F0000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF7DB9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7F97000 \SystemRoot\System32\Drivers\Null.SYS
0xF7DBB000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7C13000 \SystemRoot\System32\drivers\vga.sys
0xF7DBD000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7DBF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7C1B000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7C23000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7667000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xEF1BD000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xEF164000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xEF13C000 \SystemRoot\System32\DRIVERS\netbt.sys
0xEF11A000 \SystemRoot\System32\drivers\afd.sys
0xF7AC3000 \SystemRoot\System32\DRIVERS\netbios.sys
0xEF0EF000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF7CF7000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
0xEF057000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF7903000 \SystemRoot\System32\Drivers\Fips.SYS
0xEF031000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF7913000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF7973000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEF019000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7DD9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF738E000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7C4B000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7EC7000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF01E000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF037000 \SystemRoot\System32\ialmdev5.DLL
0xBF05F000 \SystemRoot\System32\ialmdd5.DLL
0xEEEE9000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xEEB7C000 \SystemRoot\system32\drivers\wdmaud.sys
0xEEE71000 \SystemRoot\system32\drivers\sysaudio.sys
0xEE941000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7DC7000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEE821000 \SystemRoot\System32\DRIVERS\srv.sys
0xEE290000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7B53000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6FE6CC37-231E-46BA-9253-F8088750D94D}\MpKsl07e1ee47.sys
0xEE00E000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF7DE1000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
0xF7EAC000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0xEDF0E000 \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
0xED8D8000 \SystemRoot\system32\drivers\kmixer.sys
0xBF0E4000 \SystemRoot\System32\lmimirr.dll
0xBF0E9000 \SystemRoot\System32\lmimirr2.dll
0xF7DD5000 \SystemRoot\system32\drivers\splitter.sys
0xED267000 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\kfnoapoc.sys
0xF7B33000 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 45):
0 System Idle Process
4 System
532 C:\WINDOWS\system32\smss.exe
596 csrss.exe
620 C:\WINDOWS\system32\winlogon.exe
664 C:\WINDOWS\system32\services.exe
676 C:\WINDOWS\system32\lsass.exe
832 C:\WINDOWS\system32\svchost.exe
908 svchost.exe
1000 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1040 C:\WINDOWS\system32\svchost.exe
1132 svchost.exe
1240 svchost.exe
1504 C:\WINDOWS\explorer.exe
1592 C:\WINDOWS\system32\LEXBCES.EXE
1616 C:\WINDOWS\system32\LEXPPS.EXE
1624 C:\WINDOWS\system32\spoolsv.exe
436 svchost.exe
948 C:\Program Files\Microsoft\BingBar\SeaPort.EXE
1760 C:\WINDOWS\system32\hkcmd.exe
1768 C:\WINDOWS\BCMSMMSG.exe
1792 C:\Program Files\QuickTime\qttask.exe
1804 C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
1836 C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
1856 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1864 C:\Program Files\Microsoft Security Client\msseces.exe
1896 C:\WINDOWS\system32\ctfmon.exe
1924 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
160 C:\WINDOWS\system32\svchost.exe
216 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2516 alg.exe
3136 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
1432 C:\Program Files\Java\jre6\bin\jqs.exe
2664 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
2980 C:\Program Files\LogMeIn\x86\LogMeIn.exe
2872 C:\Program Files\LogMeIn\x86\ramaint.exe
1740 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
3708 C:\Program Files\LogMeIn\x86\LogMeInToolkit.exe
2592 C:\Program Files\LogMeIn\x86\LogMeIn.exe
564 C:\Program Files\Internet Explorer\iexplore.exe
2952 C:\Program Files\Internet Explorer\iexplore.exe
4016 C:\Program Files\Microsoft\BingBar\BingBar.exe
2964 C:\Program Files\Microsoft\BingBar\BingApp.exe
1736 wmiprvse.exe
2940 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST380215A, Rev: 3.AAD

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Back to top

#4 jacke Re: [RESOLVED] Trojan got my credit card number

Member

12 posts
Joined: April 30, 2011
1 topics
Skin: IP.Board
Local time: 02:02 PM

Zodiac:Aquarius
OS:Windows XP
Country:

Offline

:

Posted 30 April 2011 - 11:41 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6480

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/30/2011 3:04:19 PM
mbam-log-2011-04-30 (15-04-19).txt

Scan type: Quick scan
Objects scanned: 134843
Time elapsed: 7 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Owner\local settings\temporary internet files\Content.IE5\CC6XVVJT\video[1].exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\temporary internet files\Content.IE5\SHJE9A94\video[1].exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

Back to top

#5 Broni Re: [RESOLVED] Trojan got my credit card number

Malware Annihilator

24,880 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 01:02 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 30 April 2011 - 11:52 PM

Welcome aboard Posted Image

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Back to top

#6 jacke Re: [RESOLVED] Trojan got my credit card number

Member

12 posts
Joined: April 30, 2011
1 topics
Skin: IP.Board
Local time: 02:02 PM

Zodiac:Aquarius
OS:Windows XP
Country:

Offline

:

Posted 01 May 2011 - 01:37 AM

ComboFix 11-04-30.02 - Owner 04/30/2011 20:23:40.2.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.712 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Application Data\PriceGong
c:\documents and settings\Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Owner\WINDOWS
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-01 to 2011-05-01 )))))))))))))))))))))))))))))))
.
.
2011-05-01 01:16 . 2011-05-01 01:16 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-05-01 01:16 . 2011-05-01 01:16 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-05-01 01:16 . 2011-05-01 01:16 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-05-01 01:16 . 2011-05-01 01:16 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-05-01 01:16 . 2011-05-01 01:16 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-05-01 01:16 . 2011-05-01 01:16 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-05-01 01:15 . 2011-05-01 01:15 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-05-01 01:15 . 2011-05-01 01:15 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-05-01 01:15 . 2011-05-01 01:15 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-05-01 01:15 . 2011-05-01 01:15 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-05-01 01:15 . 2011-05-01 01:15 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-05-01 01:15 . 2011-05-01 01:15 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-05-01 01:15 . 2011-05-01 01:15 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-05-01 01:15 . 2011-05-01 01:15 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-05-01 01:15 . 2011-05-01 01:15 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-05-01 01:15 . 2011-05-01 01:15 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-05-01 01:15 . 2011-05-01 01:15 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-04-30 21:53 . 2011-04-30 21:53 -------- d-----w- c:\documents and settings\LogMeInRemoteUser
2011-04-30 21:50 . 2011-04-30 21:50 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\LogMeIn
2011-04-30 21:50 . 2011-03-01 17:12 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-04-30 21:50 . 2011-03-01 17:12 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-04-30 21:50 . 2011-03-01 17:12 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-04-30 21:50 . 2010-09-17 20:40 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2011-04-30 21:50 . 2011-03-01 17:12 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-04-30 21:50 . 2011-04-30 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2011-04-30 21:49 . 2011-04-30 21:53 -------- d-----w- c:\program files\LogMeIn
2011-04-30 21:46 . 2011-04-30 21:46 -------- d-----w- c:\program files\Common Files\Java
2011-04-30 19:44 . 2011-04-11 05:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6FE6CC37-231E-46BA-9253-F8088750D94D}\mpengine.dll
2011-04-30 19:33 . 2011-04-30 19:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-04-30 19:33 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-30 19:33 . 2011-04-30 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-30 19:32 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-30 19:32 . 2011-04-30 19:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-30 19:26 . 2011-04-30 19:26 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-26 19:01 . 2011-04-26 19:01 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\EXTERNALWRAPPER.JS
2011-04-26 19:01 . 2011-04-26 19:01 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\DIVWRAPPER.JS
2011-04-26 19:01 . 2011-04-26 19:01 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\CHECKBOX.JS
2011-04-26 19:01 . 2011-04-26 19:01 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\COMBOBOX.JS
2011-04-26 19:01 . 2011-04-26 19:01 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\BUTTON.JS
2011-04-25 21:49 . 2011-04-30 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\jBa01803mFoIc01803
2011-04-14 08:39 . 2011-04-14 08:39 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-30 19:30 . 2010-11-20 01:58 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-14 10:07 . 2010-05-23 01:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 07:40 . 2010-05-23 01:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-07 05:33 . 2010-05-18 01:33 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2002-09-03 17:09 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2002-09-03 17:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2002-09-03 17:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2002-09-03 16:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2002-09-03 16:35 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2002-09-03 16:42 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2002-09-03 17:04 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2010-05-21 14:31 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2002-09-03 16:27 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2002-09-03 16:57 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2002-09-03 16:32 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2002-09-03 16:41 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-08 13:33 . 2002-09-03 16:41 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-02 07:58 . 2010-05-18 01:32 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b80f591e-fe9a-46cf-a13e-180377240586}"= "c:\program files\Elf_1.13\prxtbElf0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{b80f591e-fe9a-46cf-a13e-180377240586}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{548f6736-8fe4-4680-82f2-170d6c07e1d2}]
2011-01-17 14:54 175912 ----a-w- c:\program files\TranslatorBar_1.2\prxtbTra0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b80f591e-fe9a-46cf-a13e-180377240586}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Elf_1.13\prxtbElf0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{548f6736-8fe4-4680-82f2-170d6c07e1d2}"= "c:\program files\TranslatorBar_1.2\prxtbTra0.dll" [2011-01-17 175912]
"{b80f591e-fe9a-46cf-a13e-180377240586}"= "c:\program files\Elf_1.13\prxtbElf0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{548f6736-8fe4-4680-82f2-170d6c07e1d2}]
.
[HKEY_CLASSES_ROOT\clsid\{b80f591e-fe9a-46cf-a13e-180377240586}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{548F6736-8FE4-4680-82F2-170D6C07E1D2}"= "c:\program files\TranslatorBar_1.2\prxtbTra0.dll" [2011-01-17 175912]
"{B80F591E-FE9A-46CF-A13E-180377240586}"= "c:\program files\Elf_1.13\prxtbElf0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{548f6736-8fe4-4680-82f2-170d6c07e1d2}]
.
[HKEY_CLASSES_ROOT\clsid\{b80f591e-fe9a-46cf-a13e-180377240586}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-06-20 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-06-20 114688]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-06-11 155648]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-06-25 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-03-01 17:12 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/14/2010 10:37 PM 135664]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [3/1/2011 12:11 PM 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 3:40 PM 12856]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 6:44 PM 183560]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 03:37]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 03:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2857573
uInternet Settings,ProxyOverride = hxxp://localhost;
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_AC0049E063DE2AEA.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-30 20:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-04-30 20:35:05
ComboFix-quarantined-files.txt 2011-05-01 01:34
.
Pre-Run: 70,116,696,064 bytes free
Post-Run: 70,268,678,144 bytes free
.
- - End Of File - - CD10EBC264AEACBC7B0F0DA7C4A1D0B6

Back to top

#7 Broni Re: [RESOLVED] Trojan got my credit card number

Malware Annihilator

24,880 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 01:02 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 01 May 2011 - 01:52 AM

Looks good now :)

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Back to top

#8 jacke Re: [RESOLVED] Trojan got my credit card number

Member

12 posts
Joined: April 30, 2011
1 topics
Skin: IP.Board
Local time: 02:02 PM

Zodiac:Aquarius
OS:Windows XP
Country:

Offline

:

Posted 01 May 2011 - 02:10 AM

OTL logfile created on: 4/30/2011 9:00:37 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 504.00 Mb Available Physical Memory | 49.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 65.46 Gb Free Space | 87.84% Space Free | Partition Type: NTFS
Drive D: | 15.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JACK-ZG88TXFHQV | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 20:58:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/03/01 12:12:00 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/03/01 12:11:56 | 002,012,552 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInToolkit.exe
PRC - [2011/03/01 12:11:56 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/02/28 18:44:14 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingBar.exe
PRC - [2011/02/28 18:44:14 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingApp.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/09/17 15:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/06/24 21:35:41 | 000,049,152 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
PRC - [2002/06/24 21:11:28 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe

========== Modules (SafeList) ==========

MOD - [2011/04/30 20:58:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/01 12:12:00 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/03/01 12:11:56 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)

========== Driver Services (SafeList) ==========

DRV - [2011/04/30 20:43:01 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6FE6CC37-231E-46BA-9253-F8088750D94D}\MpKsl1a9497b7.sys -- (MpKsl1a9497b7)
DRV - [2011/03/01 12:12:24 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2002/09/19 07:44:02 | 000,041,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-507921405-1972579041-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2857573
IE - HKU\S-1-5-21-507921405-1972579041-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.condui...&ctid=CT2391419
IE - HKU\S-1-5-21-507921405-1972579041-682003330-1003\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-507921405-1972579041-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-507921405-1972579041-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost;

IE - HKU\S-1-5-21-507921405-1972579041-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2011/04/30 20:31:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Charter Toolbar) - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\Program Files\chartertoolbar\chartertoolbar.dll (Charter Communications)
O2 - BHO: (TranslatorBar 1.2 Toolbar) - {548f6736-8fe4-4680-82f2-170d6c07e1d2} - C:\Program Files\TranslatorBar_1.2\prxtbTra0.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Charter Toolbar) - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\Program Files\chartertoolbar\chartertoolbar.dll (Charter Communications)
O3 - HKLM\..\Toolbar: (TranslatorBar 1.2 Toolbar) - {548f6736-8fe4-4680-82f2-170d6c07e1d2} - C:\Program Files\TranslatorBar_1.2\prxtbTra0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-507921405-1972579041-682003330-1003\..\Toolbar\WebBrowser: (Charter Toolbar) - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\Program Files\chartertoolbar\chartertoolbar.dll (Charter Communications)
O3 - HKU\S-1-5-21-507921405-1972579041-682003330-1003\..\Toolbar\WebBrowser: (TranslatorBar 1.2 Toolbar) - {548F6736-8FE4-4680-82F2-170D6C07E1D2} - C:\Program Files\TranslatorBar_1.2\prxtbTra0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-507921405-1972579041-682003330-1003\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-507921405-1972579041-682003330-1003\..\Toolbar\WebBrowser: (Elf 1.13 Toolbar) - {B80F591E-FE9A-46CF-A13E-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Lexmark X74-X75] C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-1972579041-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-507921405-1972579041-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-507921405-1972579041-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-507921405-1972579041-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-507921405-1972579041-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-507921405-1972579041-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1274448789687 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.177.176.38 97.81.22.195 24.178.162.3
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/17 20:36:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/30 20:57:50 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/30 20:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PriceGong
[2011/04/30 20:37:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/30 20:35:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/30 19:19:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/30 19:17:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/30 19:17:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/30 19:17:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/30 19:17:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/30 19:17:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/30 19:15:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/30 17:03:28 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2011/04/30 16:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn
[2011/04/30 16:50:27 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2011/04/30 16:50:27 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2011/04/30 16:50:27 | 000,029,568 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2011/04/30 16:50:15 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2011/04/30 16:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/04/30 16:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2011/04/30 16:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/30 14:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/04/30 14:33:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/30 14:33:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/30 14:33:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/30 14:32:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/30 14:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/30 14:25:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/04/30 14:24:43 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/04/25 18:34:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/04/25 16:49:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\jBa01803mFoIc01803

========== Files - Modified Within 30 Days ==========

[2011/04/30 20:58:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/30 20:40:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/30 20:39:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/30 20:31:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/30 19:20:11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/30 19:14:06 | 004,334,077 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/04/30 18:31:21 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/30 18:28:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/30 17:06:57 | 000,000,343 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SmartestComputing - Computer help forum.url
[2011/04/30 17:05:59 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/04/30 17:05:10 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2011/04/30 17:04:38 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\mhuuenbm.exe
[2011/04/30 17:03:41 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2011/04/30 16:50:14 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/04/30 16:37:26 | 000,153,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/30 15:07:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/30 14:33:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/30 14:22:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/26 13:57:58 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/04/25 18:05:41 | 000,012,146 | ---- | M] () -- C:\report ms removal
[2011/04/07 20:08:57 | 000,011,865 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Bobbie Med list 2011.wpd
[2011/04/07 15:50:13 | 000,014,715 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Income Tax 2010.wpd
[2011/04/07 08:33:35 | 000,011,395 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Bobbie medication list 2011.wpd
[2011/04/06 21:50:25 | 000,009,272 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\INCOME TAX 2010DR.wpd

========== Files Created - No Company Name ==========

[2011/04/30 19:20:11 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/30 19:20:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/30 19:17:26 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/30 19:17:26 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/30 19:17:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/30 19:17:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/30 19:17:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/30 19:13:19 | 004,334,077 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/04/30 17:06:57 | 000,000,343 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SmartestComputing - Computer help forum.url
[2011/04/30 17:05:40 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/04/30 17:05:09 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2011/04/30 17:04:09 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\mhuuenbm.exe
[2011/04/30 16:50:13 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/04/30 16:50:01 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
[2011/04/30 15:05:40 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/04/30 14:33:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/25 18:33:08 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/04/25 18:05:41 | 000,012,146 | ---- | C] () -- C:\report ms removal
[2011/04/07 08:39:24 | 000,011,865 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Bobbie Med list 2011.wpd
[2011/04/06 21:51:10 | 000,014,715 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Income Tax 2010.wpd
[2011/04/06 21:26:02 | 000,009,272 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\INCOME TAX 2010DR.wpd
[2010/09/02 16:23:43 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JPR.{PB
[2010/09/02 16:23:43 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JCM.{PB
[2010/07/03 06:53:05 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/11 08:59:11 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/06/10 17:40:38 | 000,000,273 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2010/05/21 09:00:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/05/21 08:21:45 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2010/05/21 08:21:21 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2010/05/21 08:21:20 | 000,009,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\a312.sys
[2010/05/17 20:38:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/17 20:33:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/17 15:14:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/17 15:13:26 | 000,153,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 12:17:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 12:16:59 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/03 11:52:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/03 11:52:00 | 000,311,934 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/03 11:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/03 11:51:54 | 000,040,196 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/03 11:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/03 11:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/03 11:41:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/03 11:32:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/03 11:30:33 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/06/24 21:59:00 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\lxbbcoin.ini

========== LOP Check ==========

[2010/06/10 17:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/08/06 09:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2011/04/30 14:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jBa01803mFoIc01803
[2011/04/30 16:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/06/10 17:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\CHARTERTOOLBAR
[2010/12/14 22:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Blitware
[2011/04/30 20:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CHARTERTOOLBAR
[2010/07/14 21:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2011/04/30 20:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/04/30 16:50:14 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/05/17 20:36:14 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/21 09:12:47 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/04/30 19:20:11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/04/30 20:35:06 | 000,017,698 | ---- | M] () -- C:\ComboFix.txt
[2010/05/17 20:36:14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/04/26 13:57:58 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2010/05/17 20:36:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/17 20:36:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/21 09:07:49 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/05/21 10:55:02 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/04/30 20:39:49 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
[2011/04/25 18:05:41 | 000,012,146 | ---- | M] () -- C:\report ms removal

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/05/17 20:35:48 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2011/03/01 12:12:16 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
[2002/06/24 21:56:35 | 000,079,872 | ---- | M] (Lexmark International) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBBPP5C.DLL
[2002/05/14 16:50:34 | 000,011,264 | ---- | M] (BVRP Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\wfxprint2000.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/05/17 15:12:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/05/17 15:12:41 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/05/17 15:12:41 | 000,389,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/05/21 11:00:53 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/05/21 09:23:06 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/05/17 21:40:20 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/04/30 19:14:06 | 004,334,077 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/04/30 17:05:10 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2011/04/30 17:04:38 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\mhuuenbm.exe
[2011/04/30 20:58:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/30 17:03:41 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2010/05/22 20:52:11 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Owner\My Documents\ccsetup231.exe
[2010/06/01 19:02:51 | 011,862,896 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\mssefullinstall-x86fre-en-us-xp.exe
[2010/11/10 21:48:53 | 000,891,168 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\upro_finder south carolina.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/05/21 09:23:06 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/04/30 20:57:38 | 000,049,152 | -HS- | M] () -- C:\Documents and Settings\Owner\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/09/03 11:39:47 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 12:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 12:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 15:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2002/09/03 11:49:05 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/09/03 11:49:07 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/09/03 11:51:10 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/20 12:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 13:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-30 21:54:21

< >

< End of report >

OTL Extras logfile created on: 4/30/2011 9:00:37 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 504.00 Mb Available Physical Memory | 49.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 65.46 Gb Free Space | 87.84% Space Free | Partition Type: NTFS
Drive D: | 15.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JACK-ZG88TXFHQV | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A36CF15-DF66-4756-9482-A9ABF3DDACE6}_is1" = Driver Robot
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 25
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4468EF97-A253-4699-9E1C-88CAE2C6832D}" = ABBYY FineReader 5.0 Sprint
"{45893FEB-30FD-4034-8661-3BA4238FE67A}" = Britannica Ready Reference
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
"{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}" = LogMeIn
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver Software
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DB0BB9FA-1B60-4036-8E29-3D56D8085256}" = WOT for Internet Explorer
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"CCleaner" = CCleaner
"chartertoolbar" = Charter Toolbar
"conduitEngine" = Conduit Engine
"Elf_1.13 Toolbar" = Elf 1.13 Toolbar
"File Extension Finder" = File Extension Finder
"ie8" = Windows Internet Explorer 8
"InstallShield_{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
"Lexmark X74-X75" = Lexmark X74-X75
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"TranslatorBar_1.2 Toolbar" = TranslatorBar 1.2 Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordPerfect Office 2002" = WordPerfect Office 2002
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-507921405-1972579041-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Charter Browser Updater" = Charter Browser Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/22/2011 12:21:44 PM | Computer Name = JACK-ZG88TXFHQV | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/22/2011 12:22:06 PM | Computer Name = JACK-ZG88TXFHQV | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 4/22/2011 12:23:50 PM | Computer Name = JACK-ZG88TXFHQV | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/22/2011 12:24:12 PM | Computer Name = JACK-ZG88TXFHQV | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 4/25/2011 12:32:06 PM | Computer Name = JACK-ZG88TXFHQV | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072ee2, P2 endsearch, P3 search, P4 3.0.8107.0,
P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 4/30/2011 6:11:36 PM | Computer Name = JACK-ZG88TXFHQV | Source = Application Error | ID = 1000
Description = Faulting application mhuuenbm.exe, version 1.0.15.15572, faulting
module mhuuenbm.exe, version 1.0.15.15572, fault address 0x0000c676.

Error - 4/30/2011 8:16:45 PM | Computer Name = JACK-ZG88TXFHQV | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 1.1.6802.0, P3 1.103.780.0, P4 1.103.780.0, P5 200015b3e9679dd8_2b6d8fdb2a6668bec6bd83c2a5c845333dc150c3,
P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 4/30/2011 8:20:25 PM | Computer Name = JACK-ZG88TXFHQV | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 1.1.6802.0, P3 1.103.780.0, P4 1.103.780.0, P5 200015b3e9679dd8_7fe7c07ea18f8807a2f6e7f55caadff2c40de931,
P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 4/30/2011 8:25:13 PM | Computer Name = JACK-ZG88TXFHQV | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 4/30/2011 9:27:57 PM | Computer Name = JACK-ZG88TXFHQV | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

[ System Events ]
Error - 4/30/2011 6:17:31 PM | Computer Name = JACK-ZG88TXFHQV | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 4/30/2011 6:17:31 PM | Computer Name = JACK-ZG88TXFHQV | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 4/30/2011 6:20:24 PM | Computer Name = JACK-ZG88TXFHQV | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 4/30/2011 9:16:08 PM | Computer Name = JACK-ZG88TXFHQV | Source = System Error | ID = 1003
Description = Error code 000000ca, parameter1 00000004, parameter2 838e76b0, parameter3
00000000, parameter4 00000000.

Error - 4/30/2011 9:19:43 PM | Computer Name = JACK-ZG88TXFHQV | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/30/2011 9:20:13 PM | Computer Name = JACK-ZG88TXFHQV | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm MpFilter OMCI

Error - 4/30/2011 9:35:30 PM | Computer Name = JACK-ZG88TXFHQV | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/30/2011 9:35:35 PM | Computer Name = JACK-ZG88TXFHQV | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/30/2011 9:37:23 PM | Computer Name = JACK-ZG88TXFHQV | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.

Error - 4/30/2011 9:38:17 PM | Computer Name = JACK-ZG88TXFHQV | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >

Back to top

#9 Broni Re: [RESOLVED] Trojan got my credit card number

Malware Annihilator

24,880 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 01:02 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 01 May 2011 - 02:32 AM

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
[2011/04/25 16:49:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\jBa01803mFoIc01803
[2011/04/30 20:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

===========================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Back to top

#10 jacke Re: [RESOLVED] Trojan got my credit card number

Member

12 posts
Joined: April 30, 2011
1 topics
Skin: IP.Board
Local time: 02:02 PM

Zodiac:Aquarius
OS:Windows XP
Country:

Offline

:

Posted 01 May 2011 - 03:01 AM

All processes killed
========== OTL ==========
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Folder C:\Documents and Settings\All Users\Application Data\jBa01803mFoIc01803\ not found.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data folder moved successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 3452 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 40378 bytes
->Temporary Internet Files folder emptied: 4184223 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2414 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.00 mb

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: LogMeInRemoteUser
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04302011_213856

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TJ9QH1WA\component[1].html moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TJ9QH1WA\like[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TJ9QH1WA\smsIcon[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TJ9QH1WA\smsIcon[2].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MDMVAQ8T\radioplayer[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\G6XFQICD\index[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\G6XFQICD\page__gopid__165724[1].txt moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\096JWRPK\radioplayer[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Back to top

#11 jacke Re: [RESOLVED] Trojan got my credit card number

Member

12 posts
Joined: April 30, 2011
1 topics
Skin: IP.Board
Local time: 02:02 PM

Zodiac:Aquarius
OS:Windows XP
Country:

Offline

:

Posted 01 May 2011 - 03:06 AM

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 25
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.4.4
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

Back to top

#12 Broni Re: [RESOLVED] Trojan got my credit card number

Malware Annihilator

24,880 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 01:02 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 01 May 2011 - 03:11 AM

Update Adobe Reader

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

Back to top

#13 jacke Re: [RESOLVED] Trojan got my credit card number

Member

12 posts
Joined: April 30, 2011
1 topics
Skin: IP.Board
Local time: 02:02 PM

Zodiac:Aquarius
OS:Windows XP
Country:

Offline

:

Posted 01 May 2011 - 11:20 AM

C:\Program Files\HeadlineAlley_29EI\Installr\1.bin\29EIPlug.dll a variant of Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application
C:\System Volume Information\_restore{9F9BC741-ED71-4A63-BE25-91D6DA888F35}\RP423\A0026645.dll Win32/Toolbar.Zugo application

Back to top

#14 Broni Re: [RESOLVED] Trojan got my credit card number

Malware Annihilator

24,880 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 01:02 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 01 May 2011 - 03:07 PM

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL

:Services

:Reg

:Files
C:\Program Files\HeadlineAlley_29EI\Installr\1.bin\29EIPlug.dll

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

=========================================================================================

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/v...ning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingc.../topic2520.html

12. Please, let me know, how your computer is doing.

Back to top

#15 jacke Re: [RESOLVED] Trojan got my credit card number

Member

12 posts
Joined: April 30, 2011
1 topics
Skin: IP.Board
Local time: 02:02 PM

Zodiac:Aquarius
OS:Windows XP
Country:

Offline

:

Posted 02 May 2011 - 12:57 AM

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\HeadlineAlley_29EI\Installr\1.bin\29EIPlug.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 9792 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 221010 bytes
->Temporary Internet Files folder emptied: 2642473 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14034 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3.00 mb

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: LogMeInRemoteUser
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05012011_194019

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Back to top

#16 jacke Re: [RESOLVED] Trojan got my credit card number

Member

12 posts
Joined: April 30, 2011
1 topics
Skin: IP.Board
Local time: 02:02 PM

Zodiac:Aquarius
OS:Windows XP
Country:

Offline

:

Posted 02 May 2011 - 01:23 AM

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 3452 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 8535289 bytes
->Temporary Internet Files folder emptied: 3796216 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2414 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 12.00 mb

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: LogMeInRemoteUser
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.22.3 log created on 05012011_195813

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_d08.dat not found!

Registry entries deleted on Reboot...