Post the log it produces.
My Security Wall and Antivirus Suite infection [Solved]
Started by
huskermule
, Apr 03 2010 12:03 AM
-
This topic is locked
#16
Posted 08 April 2010 - 11:31 PM
ali.B
-
- Malware Removal
-
- 3,086 posts
Trusted Helper
Post the log it produces.
#17
Posted 10 April 2010 - 03:52 PM
huskermule
- Topic Starter
-
- Member
-
- 13 posts
Member
looks like it says everything is clean...
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3976
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
4/10/2010 4:08:37 PM
mbam-log-2010-04-10 (16-08-37).txt
Scan type: Quick scan
Objects scanned: 134011
Time elapsed: 12 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3976
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
4/10/2010 4:08:37 PM
mbam-log-2010-04-10 (16-08-37).txt
Scan type: Quick scan
Objects scanned: 134011
Time elapsed: 12 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
#18
Posted 10 April 2010 - 04:05 PM
ali.B
-
- Malware Removal
-
- 3,086 posts
Trusted Helper
hi
are you still seeing that Security Wall in the bar?
are you still seeing that Security Wall in the bar?
#19
Posted 10 April 2010 - 04:10 PM
huskermule
- Topic Starter
-
- Member
-
- 13 posts
Member
well it only shows up when I log on as a certain user. so I haven't been logging on with that user. Should I try and see if it shows up?
#20
Posted 11 April 2010 - 01:19 AM
ali.B
-
- Malware Removal
-
- 3,086 posts
Trusted Helper
Open OTL again then check the box next to "Scan All Users"
Click the Quick Scan button. Post the log it produces in your next reply.
Click the Quick Scan button. Post the log it produces in your next reply.
#21
Posted 11 April 2010 - 08:49 AM
huskermule
- Topic Starter
-
- Member
-
- 13 posts
Member
ok here is the OTL post with all users. One question, I am still not able to download Java. It doesn't show up under programs when I go to control panel. when I try to install it, it still keeps giving me an error with a cab1 file and says its either corrupt or does not have a valid signature. I know thats a separate issue probably but I thought I'd throw it out there.
Thanks so much for all your help.
OTL logfile created on: 4/11/2010 9:28:50 AM - Run 4
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Cole\Desktop\virus fix
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
447.00 Mb Total Physical Memory | 99.00 Mb Available Physical Memory | 22.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 147.28 Gb Free Space | 79.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AH-EH7TXR61CVEM
Current User Name: Cole
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/04/03 02:03:22 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cole\Desktop\virus fix\OTL.com
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/09 18:30:40 | 011,344,653 | ---- | M] (Open Text Inc.) -- C:\Program Files\FirstClass\fcc32.exe
PRC - [2007/03/09 00:01:58 | 000,075,568 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2004/10/22 12:53:06 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
========== Modules (SafeList) ==========
MOD - [2010/04/03 02:03:22 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cole\Desktop\virus fix\OTL.com
MOD - [2004/08/04 02:57:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/03/30 13:40:49 | 001,265,264 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/03/09 00:01:58 | 000,075,568 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-507921405-854245398-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-507921405-854245398-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-507921405-854245398-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/24 21:02:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/24 21:02:39 | 000,000,000 | ---D | M]
[2010/04/04 00:38:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/04/03 16:47:45 | 000,000,023 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-854245398-725345543-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-507921405-854245398-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-507921405-854245398-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-507921405-854245398-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www5.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1205292681515 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\itss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/23 15:45:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 14 Days ==========
[2010/04/10 18:42:50 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Cole\Desktop\avgremover.exe
[2010/04/10 17:29:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/10 16:58:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cole\Desktop\baseball
[2010/04/10 15:23:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/10 14:50:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/10 14:50:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/10 14:50:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/10 14:50:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/10 14:50:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/10 14:49:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/08 23:39:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cole\Desktop\tfmm2010-04-14-MeetEvents-District 27-4A Meet 2010-002
[2010/04/08 23:27:16 | 000,000,000 | ---D | C] -- C:\TFTM3Data
[2010/04/08 23:23:47 | 000,000,000 | ---D | C] -- C:\Hy-Sport
[2010/04/08 23:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Dao
[2010/04/08 23:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Business Objects
[2010/04/08 23:18:24 | 046,868,269 | ---- | C] (HY-TEK Sports Software ) -- C:\Documents and Settings\Cole\Desktop\TF_TEAM_MANAGER_Lite.exe
[2010/04/06 23:11:19 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\0331417.sys
[2010/04/06 23:11:19 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\03314171.sys
[2010/04/06 23:11:19 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\03314172.sys
[2010/04/06 23:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cole\Desktop\Virus Removal Tool1
[2010/04/06 21:11:50 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\7714383.sys
[2010/04/06 21:11:50 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\77143831.sys
[2010/04/06 21:11:50 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\77143832.sys
[2010/04/06 21:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cole\Desktop\Virus Removal Tool
[2010/04/04 01:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/04/03 16:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cole\.SunDownloadManager
[2010/04/03 13:38:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/03 02:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cole\Desktop\virus fix
[2010/04/02 22:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/02 22:37:13 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Cole\Desktop\gohave fun.exe
[2010/04/02 22:09:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cole\Recent
[2010/03/19 02:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/19 02:35:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/19 02:35:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/19 02:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/02 04:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/02 04:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/09/16 01:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2008/03/13 19:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[1996/11/17 17:00:00 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\IMPLODE.DLL
========== Files - Modified Within 14 Days ==========
[2010/04/11 09:23:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/11 02:23:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/10 18:51:11 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/10 18:51:11 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/10 18:51:11 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/10 18:48:47 | 000,049,617 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/04/10 18:47:51 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/04/10 18:47:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/10 18:46:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/10 18:46:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/10 18:45:13 | 001,572,864 | -H-- | M] () -- C:\Documents and Settings\Cole\ntuser.dat
[2010/04/10 18:44:47 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Cole\ntuser.ini
[2010/04/10 18:42:54 | 000,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Cole\Desktop\avgremover.exe
[2010/04/10 15:37:41 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/10 15:23:16 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/10 14:47:13 | 003,911,577 | R--- | M] () -- C:\Documents and Settings\Cole\Desktop\ComboFix.exe
[2010/04/10 13:38:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/08 23:24:49 | 000,002,042 | ---- | M] () -- C:\Documents and Settings\Cole\Desktop\TFTM Lite.lnk
[2010/04/08 23:18:39 | 046,868,269 | ---- | M] (HY-TEK Sports Software ) -- C:\Documents and Settings\Cole\Desktop\TF_TEAM_MANAGER_Lite.exe
[2010/04/08 23:14:34 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Cole\Desktop\Central Catholic Schedule of Events.doc
[2010/04/08 00:11:36 | 004,308,738 | -H-- | M] () -- C:\Documents and Settings\Cole\Local Settings\Application Data\IconCache.db
[2010/04/06 19:13:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/04 20:28:35 | 000,039,120 | ---- | M] () -- C:\Documents and Settings\Cole\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/04 20:07:34 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Cole\Application Data\$_hpcst$.hpc
[2010/04/04 19:50:59 | 000,000,752 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/04 19:50:59 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/04/03 16:47:45 | 000,000,023 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/03 16:07:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cole\Desktop\jre-6u19-windows-i586.exe
[2010/04/03 16:07:20 | 000,001,190 | ---- | M] () -- C:\Documents and Settings\Cole\Desktop\jre-6u19-windows-i586.exe.sdm
[2010/04/03 16:05:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/03 14:01:15 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/03 02:14:24 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Cole\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/02 22:51:26 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Cole\Desktop\HijackThis.lnk
[2010/04/02 22:37:15 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Cole\Desktop\gohave fun.exe
[2010/04/02 22:28:39 | 000,007,252 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/04/02 22:24:07 | 001,401,344 | ---- | M] () -- C:\Documents and Settings\Cole\Desktop\iexplorer.msi
[2010/03/31 16:13:19 | 000,000,910 | ---- | M] () -- C:\Documents and Settings\Cole\Desktop\tfmm2010-04-14-MeetEvents-District 27-4A Meet 2010-002.zip
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2010/04/10 15:23:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/10 15:23:09 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/10 14:50:37 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/10 14:50:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/10 14:50:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/10 14:50:37 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/10 14:50:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/10 14:47:02 | 003,911,577 | R--- | C] () -- C:\Documents and Settings\Cole\Desktop\ComboFix.exe
[2010/04/08 23:24:49 | 000,002,042 | ---- | C] () -- C:\Documents and Settings\Cole\Desktop\TFTM Lite.lnk
[2010/04/08 23:14:33 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Cole\Desktop\Central Catholic Schedule of Events.doc
[2010/04/04 20:07:33 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Cole\Application Data\$_hpcst$.hpc
[2010/04/03 16:07:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cole\Desktop\jre-6u19-windows-i586.exe
[2010/04/03 16:07:20 | 000,001,190 | ---- | C] () -- C:\Documents and Settings\Cole\Desktop\jre-6u19-windows-i586.exe.sdm
[2010/04/02 22:38:11 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Cole\Desktop\HijackThis.lnk
[2010/04/02 22:24:00 | 001,401,344 | ---- | C] () -- C:\Documents and Settings\Cole\Desktop\iexplorer.msi
[2010/04/02 20:56:38 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/03/31 16:13:19 | 000,000,910 | ---- | C] () -- C:\Documents and Settings\Cole\Desktop\tfmm2010-04-14-MeetEvents-District 27-4A Meet 2010-002.zip
[2010/03/14 12:34:23 | 000,033,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2010/03/13 17:36:43 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Cole\Local Settings\Application Data\housecall.guid.cache
[2010/01/12 19:19:25 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/30 14:56:25 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/12/12 23:40:43 | 000,001,337 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/10 01:48:50 | 000,000,322 | ---- | C] () -- C:\WINDOWS\pagebreeze.ini
[2007/10/10 01:48:50 | 000,000,044 | ---- | C] () -- C:\WINDOWS\formbreeze.ini
[2007/09/10 16:28:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/13 15:03:34 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/07/01 15:31:08 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/05/28 14:13:12 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Cole\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/28 14:00:40 | 000,796,312 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007/05/23 23:24:11 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/05/23 16:05:14 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2008/03/12 23:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2010/03/19 02:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/10/08 22:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
[2008/06/30 12:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/12/04 01:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2007/06/28 21:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SwiftSwitch
[2010/04/02 21:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/07/02 20:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2010/03/13 14:34:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/10/27 22:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/19 15:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cole\Application Data\Aim
[2008/07/16 14:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cole\Application Data\alot
[2010/03/14 00:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cole\Application Data\GetRightToGo
[2007/05/26 20:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Aim
[2008/05/14 22:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\alot
[2007/09/21 17:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole\Application Data\Aim
[2008/04/29 08:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole\Application Data\alot
[2009/10/04 23:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole\Application Data\FileVOoM
[2007/06/12 10:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole\Application Data\Juniper Networks
[2007/07/17 02:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole\Application Data\Leadertech
[2009/09/21 23:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole\Application Data\Research In Motion
[2009/08/07 00:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole\Application Data\Smilebox
[2009/07/05 14:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole\Application Data\Viewpoint
[2007/06/11 13:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\Aim
[2008/09/20 16:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\appeon
[2009/12/04 02:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\Blackberry Desktop
[2009/06/24 10:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\eBookPro6
[2008/06/10 19:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\FileVOoM
[2008/06/30 12:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\HotSync
[2007/07/02 20:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\InterTrust
[2007/05/29 10:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\Juniper Networks
[2008/05/31 23:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\Leadertech
[2008/07/22 17:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\MailFrontier
[2009/09/16 00:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\Research In Motion
[2009/12/31 20:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\Smilebox
[2010/02/01 21:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\Smith Micro
[2009/02/14 01:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\Unity
[2010/01/31 21:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\uTorrent
[2009/06/05 12:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\Viewpoint
[2010/04/10 13:38:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/04/10 18:47:51 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
Thanks so much for all your help.
OTL logfile created on: 4/11/2010 9:28:50 AM - Run 4
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Cole\Desktop\virus fix
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
447.00 Mb Total Physical Memory | 99.00 Mb Available Physical Memory | 22.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 147.28 Gb Free Space | 79.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AH-EH7TXR61CVEM
Current User Name: Cole
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/04/03 02:03:22 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cole\Desktop\virus fix\OTL.com
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/09 18:30:40 | 011,344,653 | ---- | M] (Open Text Inc.) -- C:\Program Files\FirstClass\fcc32.exe
PRC - [2007/03/09 00:01:58 | 000,075,568 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2004/10/22 12:53:06 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
========== Modules (SafeList) ==========
MOD - [2010/04/03 02:03:22 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cole\Desktop\virus fix\OTL.com
MOD - [2004/08/04 02:57:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/03/30 13:40:49 | 001,265,264 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/03/09 00:01:58 | 000,075,568 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-507921405-854245398-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-507921405-854245398-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-507921405-854245398-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/24 21:02:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/24 21:02:39 | 000,000,000 | ---D | M]
[2010/04/04 00:38:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/04/03 16:47:45 | 000,000,023 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-854245398-725345543-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-507921405-854245398-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-507921405-854245398-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-507921405-854245398-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www5.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1205292681515 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\itss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/23 15:45:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 14 Days ==========
[2010/04/10 18:42:50 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Cole\Desktop\avgremover.exe
[2010/04/10 17:29:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/10 16:58:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cole\Desktop\baseball
[2010/04/10 15:23:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/10 14:50:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/10 14:50:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/10 14:50:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/10 14:50:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/10 14:50:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/10 14:49:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/08 23:39:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cole\Desktop\tfmm2010-04-14-MeetEvents-District 27-4A Meet 2010-002
[2010/04/08 23:27:16 | 000,000,000 | ---D | C] -- C:\TFTM3Data
[2010/04/08 23:23:47 | 000,000,000 | ---D | C] -- C:\Hy-Sport
[2010/04/08 23:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Dao
[2010/04/08 23:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Business Objects
[2010/04/08 23:18:24 | 046,868,269 | ---- | C] (HY-TEK Sports Software ) -- C:\Documents and Settings\Cole\Desktop\TF_TEAM_MANAGER_Lite.exe
[2010/04/06 23:11:19 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\0331417.sys
[2010/04/06 23:11:19 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\03314171.sys
[2010/04/06 23:11:19 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\03314172.sys
[2010/04/06 23:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cole\Desktop\Virus Removal Tool1
[2010/04/06 21:11:50 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\7714383.sys
[2010/04/06 21:11:50 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\77143831.sys
[2010/04/06 21:11:50 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\77143832.sys
[2010/04/06 21:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cole\Desktop\Virus Removal Tool
[2010/04/04 01:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/04/03 16:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cole\.SunDownloadManager
[2010/04/03 13:38:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/03 02:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cole\Desktop\virus fix
[2010/04/02 22:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/02 22:37:13 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Cole\Desktop\gohave fun.exe
[2010/04/02 22:09:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cole\Recent
[2010/03/19 02:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/19 02:35:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/19 02:35:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/19 02:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/02 04:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/02 04:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/09/16 01:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2008/03/13 19:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[1996/11/17 17:00:00 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\IMPLODE.DLL
========== Files - Modified Within 14 Days ==========
[2010/04/11 09:23:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/11 02:23:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/10 18:51:11 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/10 18:51:11 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/10 18:51:11 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/10 18:48:47 | 000,049,617 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/04/10 18:47:51 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/04/10 18:47:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/10 18:46:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/10 18:46:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/10 18:45:13 | 001,572,864 | -H-- | M] () -- C:\Documents and Settings\Cole\ntuser.dat
[2010/04/10 18:44:47 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Cole\ntuser.ini
[2010/04/10 18:42:54 | 000,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Cole\Desktop\avgremover.exe
[2010/04/10 15:37:41 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/10 15:23:16 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/10 14:47:13 | 003,911,577 | R--- | M] () -- C:\Documents and Settings\Cole\Desktop\ComboFix.exe
[2010/04/10 13:38:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/08 23:24:49 | 000,002,042 | ---- | M] () -- C:\Documents and Settings\Cole\Desktop\TFTM Lite.lnk
[2010/04/08 23:18:39 | 046,868,269 | ---- | M] (HY-TEK Sports Software ) -- C:\Documents and Settings\Cole\Desktop\TF_TEAM_MANAGER_Lite.exe
[2010/04/08 23:14:34 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Cole\Desktop\Central Catholic Schedule of Events.doc
[2010/04/08 00:11:36 | 004,308,738 | -H-- | M] () -- C:\Documents and Settings\Cole\Local Settings\Application Data\IconCache.db
[2010/04/06 19:13:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/04 20:28:35 | 000,039,120 | ---- | M] () -- C:\Documents and Settings\Cole\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/04 20:07:34 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Cole\Application Data\$_hpcst$.hpc
[2010/04/04 19:50:59 | 000,000,752 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/04 19:50:59 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/04/03 16:47:45 | 000,000,023 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/03 16:07:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cole\Desktop\jre-6u19-windows-i586.exe
[2010/04/03 16:07:20 | 000,001,190 | ---- | M] () -- C:\Documents and Settings\Cole\Desktop\jre-6u19-windows-i586.exe.sdm
[2010/04/03 16:05:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/03 14:01:15 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/03 02:14:24 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Cole\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/02 22:51:26 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Cole\Desktop\HijackThis.lnk
[2010/04/02 22:37:15 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Cole\Desktop\gohave fun.exe
[2010/04/02 22:28:39 | 000,007,252 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/04/02 22:24:07 | 001,401,344 | ---- | M] () -- C:\Documents and Settings\Cole\Desktop\iexplorer.msi
[2010/03/31 16:13:19 | 000,000,910 | ---- | M] () -- C:\Documents and Settings\Cole\Desktop\tfmm2010-04-14-MeetEvents-District 27-4A Meet 2010-002.zip
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2010/04/10 15:23:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/10 15:23:09 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/10 14:50:37 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/10 14:50:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/10 14:50:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/10 14:50:37 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/10 14:50:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/10 14:47:02 | 003,911,577 | R--- | C] () -- C:\Documents and Settings\Cole\Desktop\ComboFix.exe
[2010/04/08 23:24:49 | 000,002,042 | ---- | C] () -- C:\Documents and Settings\Cole\Desktop\TFTM Lite.lnk
[2010/04/08 23:14:33 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Cole\Desktop\Central Catholic Schedule of Events.doc
[2010/04/04 20:07:33 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Cole\Application Data\$_hpcst$.hpc
[2010/04/03 16:07:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cole\Desktop\jre-6u19-windows-i586.exe
[2010/04/03 16:07:20 | 000,001,190 | ---- | C] () -- C:\Documents and Settings\Cole\Desktop\jre-6u19-windows-i586.exe.sdm
[2010/04/02 22:38:11 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Cole\Desktop\HijackThis.lnk
[2010/04/02 22:24:00 | 001,401,344 | ---- | C] () -- C:\Documents and Settings\Cole\Desktop\iexplorer.msi
[2010/04/02 20:56:38 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/03/31 16:13:19 | 000,000,910 | ---- | C] () -- C:\Documents and Settings\Cole\Desktop\tfmm2010-04-14-MeetEvents-District 27-4A Meet 2010-002.zip
[2010/03/14 12:34:23 | 000,033,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2010/03/13 17:36:43 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Cole\Local Settings\Application Data\housecall.guid.cache
[2010/01/12 19:19:25 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/30 14:56:25 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/12/12 23:40:43 | 000,001,337 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/10 01:48:50 | 000,000,322 | ---- | C] () -- C:\WINDOWS\pagebreeze.ini
[2007/10/10 01:48:50 | 000,000,044 | ---- | C] () -- C:\WINDOWS\formbreeze.ini
[2007/09/10 16:28:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/13 15:03:34 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/07/01 15:31:08 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/05/28 14:13:12 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Cole\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/28 14:00:40 | 000,796,312 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007/05/23 23:24:11 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/05/23 16:05:14 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2008/03/12 23:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2010/03/19 02:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/10/08 22:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
[2008/06/30 12:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/12/04 01:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2007/06/28 21:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SwiftSwitch
[2010/04/02 21:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/07/02 20:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2010/03/13 14:34:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/10/27 22:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/19 15:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cole\Application Data\Aim
[2008/07/16 14:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cole\Application Data\alot
[2010/03/14 00:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cole\Application Data\GetRightToGo
[2007/05/26 20:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Aim
[2008/05/14 22:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\alot
[2007/09/21 17:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole\Application Data\Aim
[2008/04/29 08:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole\Application Data\alot
[2009/10/04 23:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole\Application Data\FileVOoM
[2007/06/12 10:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole\Application Data\Juniper Networks
[2007/07/17 02:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole\Application Data\Leadertech
[2009/09/21 23:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole\Application Data\Research In Motion
[2009/08/07 00:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole\Application Data\Smilebox
[2009/07/05 14:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole\Application Data\Viewpoint
[2007/06/11 13:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\Aim
[2008/09/20 16:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\appeon
[2009/12/04 02:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\Blackberry Desktop
[2009/06/24 10:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\eBookPro6
[2008/06/10 19:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\FileVOoM
[2008/06/30 12:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\HotSync
[2007/07/02 20:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\InterTrust
[2007/05/29 10:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\Juniper Networks
[2008/05/31 23:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\Leadertech
[2008/07/22 17:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\MailFrontier
[2009/09/16 00:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\Research In Motion
[2009/12/31 20:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\Smilebox
[2010/02/01 21:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\Smith Micro
[2009/02/14 01:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\Unity
[2010/01/31 21:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\uTorrent
[2009/06/05 12:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\Viewpoint
[2010/04/10 13:38:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/04/10 18:47:51 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
#22
Posted 11 April 2010 - 11:36 AM
ali.B
-
- Malware Removal
-
- 3,086 posts
Trusted Helper
hi
You shouldn't be asking for help at another forum, we are assisting you here and providing enough help
please stick to one forum and one topic.
now.
Log into the user where you see Security Wall traces and run MalwareBytes antimalware update it and run a quick scan.
Post the log it produces
You shouldn't be asking for help at another forum, we are assisting you here and providing enough help
please stick to one forum and one topic.
now.
Log into the user where you see Security Wall traces and run MalwareBytes antimalware update it and run a quick scan.
Post the log it produces
#23
Posted 11 April 2010 - 07:54 PM
huskermule
- Topic Starter
-
- Member
-
- 13 posts
Member
Sorry, that was my mistake. I didn't realize I was hindering the cleaning process by getting more input. I'm new at this so I really didn't know. Again, sorry about that. I will not post in any other forums about this topic. I do appreciate all of your help.
With that said her is the mbam log for the user that kept showing the my security wall icon. I don't see it anymore. Looks like it may be gone. Not sure what else it found though.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3976
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
4/11/2010 8:46:47 PM
mbam-log-2010-04-11 (20-46-47).txt
Scan type: Quick scan
Objects scanned: 88294
Time elapsed: 13 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/...q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/...q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
With that said her is the mbam log for the user that kept showing the my security wall icon. I don't see it anymore. Looks like it may be gone. Not sure what else it found though.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3976
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
4/11/2010 8:46:47 PM
mbam-log-2010-04-11 (20-46-47).txt
Scan type: Quick scan
Objects scanned: 88294
Time elapsed: 13 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/...q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/...q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
#24
Posted 11 April 2010 - 09:00 PM
ali.B
-
- Malware Removal
-
- 3,086 posts
Trusted Helper
do you still see security wall trace?
#25
Posted 11 April 2010 - 09:28 PM
huskermule
- Topic Starter
-
- Member
-
- 13 posts
Member
no I do not anymore... computer seems to be running much smoother now. thanks. Only thing is I can't download Java. I'm not sure whats going on with that. I don't know if its something with certificates or digital signatures. just stops at the same place every time and says something is wrong with data1.cab.
As far as the my security wall, I think you got rid of it though. Thank you thank you thank you.
As far as the my security wall, I think you got rid of it though. Thank you thank you thank you.
#26
Posted 13 April 2010 - 12:29 PM
ali.B
-
- Malware Removal
-
- 3,086 posts
Trusted Helper
hi
Congratulations your logs appear clean
Reset and Re-enable your System Restore
NEXT
Recommendations
See Here for a list of recommendations for free Antivirus\AntiSpyware applications.
Thank you
Congratulations your logs appear clean
Reset and Re-enable your System Restore
- Open OTL
- Under the Custom Scans/Fixes box at the bottom, paste the following:
:Commands [clearallrestorepoints] [createrestorepoint]
- Click the Run Fix button at the top
- It might ask you to reboot, if so click YES
NEXT
- Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
- Click on the CleanUp button.
- Click Yes to begin the cleanup process and remove tools, including this application
- You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes
Recommendations
See Here for a list of recommendations for free Antivirus\AntiSpyware applications.
- Keep Your windows up to date by regularly checking their website at:
http://windowsupdate.microsoft.com/
- SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
- SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
- Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
- MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
- Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here
If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
- NoScript - for blocking ads and other potential website attacks
- McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
- Click Here to learn how to keep a backup of your important files
- FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
Thank you
#27
Posted 15 April 2010 - 12:06 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
