Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

hundreds of infections...MyWebSearch, Trojan Vundo [Solved]

Started by countryboypride77 , Feb 28 2009 09:46 PM

This topic is locked

#1
countryboypride77

Posted 28 February 2009 - 09:46 PM

Member

Member
185 posts

This computer is a Custom Built PC: Intel® Pentium® D CPU 3.40GHz 1.70GHz 2.93GB of RAM OS is Windows XP Home Edition Service Pack 3.

Quick story to explain: This PC was my bosses until one day last year it shut down and wouldn't come back on. He took it to some Computer Tech who practically rebuilt it. New Motherboard, new hard drive, etc... I don't think he ever ran any virus/malware scans. Anyways, we get it back at the office and I don't think it lasted a week. It shut down and wouldn't come back on. My boss got fed up with it and went and bought a whole new PC. This one sat in our office unplugged since the end of October last year. Recently, the new PC at the office was acting strangely, I suspected viruses. Ran scans and I was correct. I went to my boss to explain it...anyways, that part doesn't matter. I asked my boss if I could have the old "garbage" PC and he said yeah he planned on throwing it out. I get it home a couple days ago. Couldn't get logged on. Took the side of tower off and unplugged some stuff and replugged them in. I have access now.

Problem is my PC is infested with nasties. I've tried running Malwarebytes, the first scan picked up 16 MyWebSearch and 1 Vundo. That wasn't a full quick scan though, honestly I can't recall why I aborted it. Anyhow, I deleted those nasties. Later I attempted to run the quick scan again and had to abort that one after it was running for like almost 4 hours. Then I ran SUPERSpyWare and it picked up 17 Adware.180solutions/Seekmo/Zango, 94 Adware.MyWebSearch/FunWebProducts, 106 Adware.Tracking Cookies, and 7 Trojan.Fake-Drop/Gen. I did the boot scan with Avanti and it said "Files\atgocext.dll is infected by win32: Trojan-gen {other}" then I proceeded to run a thorough scan with Avanti and it didn't pick anything up.

I've also done some major Cleaning house. I've deleted so much stuff out of the computer. It's unbelievable.

I know this PC is infected (I guess I get what I pay for

) These nasties are affecting my Security. Please Any Help would be So MUCH Appreciated. Thank you in Advance for your Help!

Here's the HJT Log: I do have the Malwarebytes scan upon Request.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22 45 Hrs, on 2/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....ch?fr=mcafee&p=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo....?fr=mcafee&p=%s
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1235794349562
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valu...018/flashax.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...ivex-latest.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0169821235867162) (0169821235867162mcinstcleanup) - Unknown owner - C:\DOCUME~1\SEATOW~1\LOCALS~1\Temp\016982~1.EXE (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5856 bytes
---------------------------------------------------------
Please note, I have a folder titled "seatow" I've attempted to get into it (on my Admin user account) and it keeps telling me I'm "blah blah blah Denied" Why can't I open the folder? Could a virus be preventing me from opening it? Also, in the Add/Remove Programs, I did some serious cleaning up. However, one program isn't allowing me to delete it. "Sea Tow" I don't know if this is a nasty issue or an XP issue. I guess, in due time, I'll find out.

Also, it's currently 9:50 am on 3/1/09 at the time of this edit. I ran the Malwarebytes full scan last night, hoping it would have completed by the time I woke up. Wrong...Before I left home for work some 9 hrs of scanning, it still wasn't finished. Nothing else is running on the PC. It should be finished by the time I get home later today. I intend on running the thorough Avanti Anti-Virus scan when I get home.
Thanks again in Advance!

Edited by countryboypride77, 01 March 2009 - 08:53 AM.

#2
handhfan

Posted 02 March 2009 - 01:22 AM

Trusted Helper

Expert
13,659 posts

Hello, countryboypride77, and welcome to GeeksToGo! Before I can help you, please do the following:

I'm certain quite a few of your issues is coming from having two antiviruses active (COMODO Internet Security and avast!). For now, I recommend uninstalling COMODO Internet Security, and just reinstalling the Firewall instead of the full product. That way, you will have one antivirus and one firewall, which will considerably make your computer feel better.

When you have done this, please post a new HijackThis log.

#3
countryboypride77

Posted 02 March 2009 - 01:51 AM

Member

Topic Starter
Member
185 posts

I only have the Comodo Firewall installed, when originally downloading and going through the install process, I was careful to make sure I was ONLY installing the Firewall. I just double checked and I only have the Firewall part installed.

Also, my avast just picked up the Win32: Agent-AW Trojan it was located in E:\hiberfil.sys

I tried sending it to the Chest but wasn't able too so I ended up deleting it.

I'll go ahead and uninstall Comodo and Re-install it although I'm positive I installed the Firewall standalone.

Edited by countryboypride77, 02 March 2009 - 02:11 AM.

#4
handhfan

Posted 02 March 2009 - 09:36 AM

Trusted Helper

Expert
13,659 posts

Yes, that is your only firewall.

I'm talking about 2 antiviruses here.

Okay. Don't forget to post a new HijackThis log.

Edited by handhfan, 02 March 2009 - 09:37 AM.

#5
countryboypride77

Posted 02 March 2009 - 11:19 AM

Member

Topic Starter
Member
185 posts

Hello handhfan, I apologize for not First, Thanking you for your Help!

I greatly appreciate your help in solving my issues. Thanks in Advance for your Help that's greatly appreciated!

okay, now back to business. (Note: I'm at work right now and will repost the Hijack This Log as soon as I get home today, sometime before 4pm est)

About my Comodo: I went ahead and uninstalled it. Please be advised when you go to dowload and install Comodo...Yes, it's an Internet Security Suite, that does indeed have both a Firewall and Anti-Virus. When the install Wizard appears and takes you through the install set-up steps, it gives you the choice of what precisely you want to install. You can choose ONLY the Firewall (which I did) or you can choose ONLY the Anti-Virus or you can choose to install BOTH. I, carefully checked the "Firewall ONLY" selection. In my add and remove programs, its name is still known as "Comodo Internet Security Suite" resulting in the same name being listed in the HJT Log. I think this is where the confusion is because it doesn't specify Firewall or Anti-Virus but chooses to keep the name as "Comodo Internet Security"

I copied the note from the Actual Comodo website--> Click Me!

I copied the following from the above mentioned link:

"Comodo Firewall is part of Comodo Internet Security

During the setup process you will be given the choice to:

-Install the Firewall as a standalone
-Install the AntiVirus as a standalone
-Install both Firewall and AntiVirus"

Please note, I have no intentions to sound like I'm arguing or disputing anything at all with you. I reassure I'm not. I'm just simply informing you of how Comodo installation process works. I can understand where you would think I have 2 anti-viruses installed and if I didn't take the extra research in Comodo, I, too, would be fooled into thinking I have 2 anti-viruses installed.

So, after I finish reinstalling Comodo, I will again check mark the Firewall ONLY option but the HJT Log will still show it as being the "Comodo Internet Security Suite" I can't help this. I have changed the name on my desktop to "Comodo Firewall" I assure you I have ONLY one Firewall and ONE Anti-Virus. I hope this helps to better Clarify Comodo. :killcomp:

I will repost the HJT Log as soon as I get home from work. Thank You again for your Help! :upset:

Edited by countryboypride77, 02 March 2009 - 11:37 AM.

#6
handhfan

Posted 02 March 2009 - 11:37 AM

Trusted Helper

Expert
13,659 posts

Okay. I'll trust ya.

It is hard to tell whether it's just the Firewall or both. Better safe than sorry.

Download OTListIt2 to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

The log for OTListIt2 will be very long and may not fit in one post, since there is a character limit on posts. Please make sure that it didn't get cut off, and feel free to post the rest of it in a separate reply.

#7
countryboypride77

Posted 02 March 2009 - 11:46 AM

Member

Topic Starter
Member
185 posts

Should I disable my Firewall and Anti-Virus before running OTListIt2?

I don't want them to conflict OTListIt2.

Also, you're Absolutely Correct in being better Safe than Sorry.

Like I said earlier, I'm currently at work and will have to wait until I get back home to run the OTListIt2.

Thanks again for your Help!

Edited by countryboypride77, 02 March 2009 - 11:46 AM.

#8
handhfan

Posted 02 March 2009 - 11:49 AM

Trusted Helper

Expert
13,659 posts

You don't need to disable either of them for it. It just displays information for me to analyze, much like HijackThis (just more of it).

#9
countryboypride77

Posted 02 March 2009 - 03:45 PM

Member

Topic Starter
Member
185 posts

Here is the New HighJackThis Log...I uninstalled the Comodo and reinstalled and was Very Careful to ONLY install the Firewall part.

I wanted to repost a new HJT Log because I've been doing a lot of deleting and changing around stuff on this PC since it originally my work PC and is now my home PC so I don't need half the garbage that was on it from work.

My next Posts will be the OTList Logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:48 PM, on 3/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1235794349562
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valu...018/flashax.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...ivex-latest.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0169821235867162) (0169821235867162mcinstcleanup) - Unknown owner - C:\DOCUME~1\SEATOW~1\LOCALS~1\Temp\016982~1.EXE (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5853 bytes

#10
countryboypride77

Posted 02 March 2009 - 04:02 PM

Member

Topic Starter
Member
185 posts

Here is OTListIt.txt:

OTListIt logfile created on: 3/2/2009 4:55:11 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.3.2 Folder = C:\Documents and Settings\Eric Emminger-Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 63.33 Gb Free Space | 85.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 37.30 Gb Total Space | 19.42 Gb Free Space | 52.08% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PACK_LEADER
Current User Name: Eric Emminger-Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ()
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Documents and Settings\Eric Emminger-Admin\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (0169821235867162mcinstcleanup [Auto | Stopped]) -- File not found
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (cmdAgent [Auto | Running]) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ()
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (cmdGuard [System | Running]) -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys (COMODO)
DRV - (cmdHlp [System | Running]) -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys (COMODO)
DRV - (DC21x4 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dc21x4.sys (Intel Corporation.)
DRV - (FETNDIS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\fetnd5.sys (VIA Technologies, Inc. )
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HidBatt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (Inspect [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (IPFilter [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\IPFilter.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> %SystemRoot%\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/02/28 00:05:04 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/02/28 01:23:30 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> %ProgramFiles%\MCAFEE\SITEADVISOR [C:\PROGRAM FILES\MCAFEE\SITEADVISOR] -> [2009/02/28 19:31:28 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/02/28 19:18:29 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/02/28 19:17:52 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Eric Emminger-Admin\Application Data\mozilla\Extensions [2009/03/02 02:57:08 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Eric Emminger-Admin\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/03/02 02:57:08 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Eric Emminger-Admin\Application Data\mozilla\Firefox\Profiles\nxd27349.default\extensions [2009/03/02 02:57:55 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Eric Emminger-Admin\Application Data\mozilla\Firefox\Profiles\nxd27349.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/03/02 02:57:55 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2009/02/28 20:03:07 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/02/28 19:19:39 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/02/28 19:17:53 00,000,000 | ---D | M]

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_12.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1235794349562 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valu...018/flashax.cab (FlashXControl Object)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.aka...ivex-latest.cab (DownloadManager Control)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - E:\AUTOEXEC.BAT () - [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/03/02 16:48:31 | 00,497,152 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eric Emminger-Admin\Desktop\OTListIt2.exe
[2009/03/02 16:31:00 | 00,062,216 | ---- | C] () -- C:\Documents and Settings\Eric Emminger-Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/02 16:29:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Emminger-Admin\My Documents\Downloaded Programs
[2009/03/02 16:24:51 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/02 16:24:50 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/02 16:24:38 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/02 16:24:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/02 16:13:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Emminger-Admin\Application Data\Malwarebytes
[2009/03/02 16:05:40 | 00,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO FIREWALL.lnk
[2009/03/02 16:02:27 | 00,155,384 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2009/03/02 16:02:27 | 00,110,992 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/03/02 16:02:27 | 00,080,400 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/03/02 16:02:27 | 00,024,336 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/03/02 06:55:58 | 03,229,024 | -H-- | C] () -- C:\Documents and Settings\Eric Emminger-Admin\Local Settings\Application Data\IconCache.db
[2009/03/02 02:57:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Emminger-Admin\Local Settings\Application Data\Mozilla
[2009/03/02 02:57:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Emminger-Admin\Application Data\Mozilla
[2009/03/01 19:18:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Emminger-Admin\My Documents\Malwarebytes' Anti-Malware
[2009/03/01 19:14:32 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\Eric Emminger-Admin\Desktop\SpywareBlaster.lnk
[2009/03/01 19:14:14 | 00,001,746 | ---- | C] () -- C:\Documents and Settings\Eric Emminger-Admin\Desktop\HijackThis.lnk
[2009/03/01 19:14:00 | 00,000,604 | ---- | C] () -- C:\Documents and Settings\Eric Emminger-Admin\Desktop\ERUNT.lnk
[2009/03/01 18:46:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Emminger-Admin\Application Data\Identities
[2009/03/01 18:46:02 | 00,000,090 | -HS- | C] () -- C:\Documents and Settings\Eric Emminger-Admin\My Documents\desktop.ini
[2009/03/01 18:46:02 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Eric Emminger-Admin\My Documents\My Pictures
[2009/03/01 18:46:02 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Eric Emminger-Admin\My Documents\My Music
[2009/03/01 18:45:50 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Eric Emminger-Admin\Application Data\desktop.ini
[2009/03/01 18:45:49 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Eric Emminger-Admin\Start Menu\Programs\Startup\desktop.ini
[2009/03/01 18:45:48 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Eric Emminger-Admin\Application Data\Microsoft
[2009/03/01 18:45:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Emminger-Admin\Local Settings\Application Data\Microsoft
[2009/02/28 21:29:03 | 00,000,000 | ---D | C] -- C:\SystemRestorePoint
[2009/02/28 21:26:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/02/28 20:08:59 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/02/28 20:07:28 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/02/28 19:27:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2009/02/28 19:26:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/02/28 19:23:38 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/02/28 19:23:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/02/28 19:18:10 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/02/28 19:17:42 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/02/28 15:42:30 | 00,000,000 | ---D | C] -- C:\Program Files\Index.dat Suite
[2009/02/28 14:45:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/02/28 10:19:20 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/02/28 01:54:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/02/28 01:19:35 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/02/28 01:19:35 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/02/28 01:19:34 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/02/28 01:19:33 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/02/28 01:19:30 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/02/28 01:19:28 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/02/28 01:19:28 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/02/28 01:19:28 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/02/28 01:19:28 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/02/28 01:18:46 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/02/28 01:18:46 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/02/28 01:18:37 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/02/28 00:52:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2009/02/28 00:52:34 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/02/28 00:43:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/28 00:42:39 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/02/28 00:30:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/02/28 00:30:22 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware.lnk
[2009/02/28 00:30:09 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/02/28 00:29:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/02/28 00:06:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/02/28 00:02:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/02/28 00:01:52 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/02/28 00:01:20 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/02/27 23:59:43 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/02/27 23:59:43 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/02/27 23:59:42 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/02/27 23:59:42 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/02/27 23:59:42 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/02/27 23:59:40 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/02/27 23:59:40 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/02/27 23:59:39 | 00,000,000 | ---D | C] -- C:\c94c9e89adf038b9403a
[2009/02/27 23:58:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/02/27 23:05:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/02/27 04:16:02 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/03/02 16:48:32 | 00,497,152 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric Emminger-Admin\Desktop\OTListIt2.exe
[2009/03/02 16:38:21 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/02 16:31:00 | 00,062,216 | ---- | M] () -- C:\Documents and Settings\Eric Emminger-Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/02 16:28:36 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Eric Emminger-Admin\Desktop\SysRestorePoint.exe
[2009/03/02 16:24:51 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/02 16:16:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/02 16:16:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/02 16:14:45 | 03,229,024 | -H-- | M] () -- C:\Documents and Settings\Eric Emminger-Admin\Local Settings\Application Data\IconCache.db
[2009/03/02 16:05:40 | 00,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO FIREWALL.lnk
[2009/03/02 16:02:05 | 00,155,384 | ---- | M] () -- C:\WINDOWS\System32\guard32.dll
[2009/03/02 16:02:05 | 00,110,992 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/03/02 16:02:05 | 00,080,400 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/03/02 16:02:05 | 00,024,336 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/03/01 19:14:32 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\Eric Emminger-Admin\Desktop\SpywareBlaster.lnk
[2009/03/01 19:14:14 | 00,001,746 | ---- | M] () -- C:\Documents and Settings\Eric Emminger-Admin\Desktop\HijackThis.lnk
[2009/03/01 19:14:00 | 00,000,604 | ---- | M] () -- C:\Documents and Settings\Eric Emminger-Admin\Desktop\ERUNT.lnk
[2009/03/01 18:46:24 | 00,000,090 | -HS- | M] () -- C:\Documents and Settings\Eric Emminger-Admin\My Documents\desktop.ini
[2009/03/01 17:04:58 | 00,000,031 | ---- | M] () -- C:\WINDOWS\warhead.ini
[2009/02/28 21:17:24 | 00,239,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/28 20:14:48 | 00,000,090 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/02/28 19:39:51 | 00,007,462 | ---- | M] () -- C:\WINDOWS\tides.ini
[2009/02/28 19:18:10 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/02/28 14:45:18 | 00,004,696 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/28 14:45:13 | 00,508,472 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/02/28 14:45:13 | 00,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/02/28 14:45:13 | 00,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/02/28 01:55:11 | 00,000,699 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/02/28 01:55:11 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/02/28 01:55:11 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/02/28 01:19:35 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/02/28 01:19:28 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/02/28 00:30:22 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware.lnk
[2009/02/11 20:56:18 | 21,244,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/05 16:11:35 | 01,256,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/02/05 16:08:19 | 00,093,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/02/05 16:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/02/05 16:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/02/05 16:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/02/05 16:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/02/05 16:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/02/05 16:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/02/05 16:04:45 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

========== LOP Check ==========

[2009/02/28 19:27:30 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/10/20 11:42:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{5CFA5109-5BFB-42A2-8805-4BCA32B855BA}
[2009/02/27 23:22:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/10/19 07:58:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/10/19 08:01:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/02/27 23:08:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2008/10/25 10:10:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/03/02 16:08:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2008/10/19 13:27:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/10/14 11:03:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2008/11/08 07:10:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2008/10/27 13:58:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/02/27 23:05:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/02/28 19:26:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2008/10/19 18:18:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/10/19 18:05:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2008/10/20 06:26:58 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/02/28 00:06:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2008/10/15 14:57:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/10/15 07:20:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2009/02/28 19:27:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2008/10/25 10:24:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2009/02/28 00:30:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/02/28 19:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/27 10:26:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/10/17 09:24:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2009/03/02 02:57:00 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Eric Emminger-Admin\Application Data
[2009/03/01 18:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric Emminger-Admin\Application Data\Identities
[2009/03/02 16:13:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric Emminger-Admin\Application Data\Malwarebytes
[2009/03/02 16:36:02 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Eric Emminger-Admin\Application Data\Microsoft
[2009/03/02 02:57:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric Emminger-Admin\Application Data\Mozilla
[2004/08/04 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/03/02 16:16:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

#11
countryboypride77

Posted 02 March 2009 - 04:14 PM

Member

Topic Starter
Member
185 posts

hmmm...only the one notepad came up after the scan...OTListIt.txt.

I searched my PC for the Extras.txt...their is none.

Then I looked over the OTListIt program and noticed on "Extra Registry" was clicked on "none" But since you told me not to change any settings without you telling me...I held off and have done nothing to the settings except for what you instructed me too.

I await further instructions.

Edited by countryboypride77, 02 March 2009 - 04:16 PM.

#12
handhfan

Posted 03 March 2009 - 11:08 AM

Trusted Helper

Expert
13,659 posts

Let's get a new scan with Malwarebytes'.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

#13
countryboypride77

Posted 03 March 2009 - 11:32 AM

Member

Topic Starter
Member
185 posts

I already have Malwarebytes installed on my computer. So, I'll just update it and then perform the quick scan. Also, I have 2 previous reports of MBAM one is a quick scan report the second one is a full scan. Would you like both of those reports?

(NOTE: Please be advised the quick scan on the problem PC isn't so quick. haha. It usually takes well over an hour for it. On my good home PC it normally takes 20-30 minutes. Huge Difference)

I'm currently at work and will do what you suggest as soon as I get home.

Thanks again for your Help : )

Edited by countryboypride77, 03 March 2009 - 11:34 AM.

#14
handhfan

Posted 03 March 2009 - 12:13 PM

Trusted Helper

Expert
13,659 posts

I would only need a new one. Whatever was done in the past probably doesn't exist anymore, and it would be unnecessary to see them.

Post back whenever you can with the new log.

No real rush.

#15
countryboypride77

Posted 03 March 2009 - 02:55 PM

Member

Topic Starter
Member
185 posts

Okay, I'm at home now and running the Malwarebytes quick scan.

I just wanted to mention that the PC takes a while to boot. Also, takes a while to get online and go from webpage to webpage.

I'm curious to know if you seen anything on my HJT Logs and the OTListIt logs??

I'll post the malwarebytes log as soon as it finishes.