Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Start menu, desktop icons and taskbar disappear and reappear

Started by livedead , Apr 21 2009 11:56 AM

Page 3 of 5
1
2
3
4
5

Please log in to reply

#31
livedead

Posted 04 May 2009 - 09:07 AM

Member

Topic Starter
Member
29 posts

Hi Jimmy2012

Please find attached the files you needed.

Cheers
livedead

virusinfo_syscure.zip 15.35KB 197 downloads

virusinfo_syscheck.zip 14.35KB 97 downloads

#32
Jimmy2012

Posted 04 May 2009 - 10:34 PM

Trusted Helper

Retired Staff
6,238 posts

Hello livedead,

Make sure to use Internet Explorer for this
Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
- C:\WINDOWS\system32\tolodlls.dll
Click on the Upload button
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

#33
livedead

Posted 04 May 2009 - 11:01 PM

Member

Topic Starter
Member
29 posts

Hi Jimmy2012

Please find below the results of the scan:

VirSCAN.org Scanned Report :
Scanned time : 2009/05/05 00:40:15 (EDT)
Scanner results: 18% Scanner(7/38) found malware!
File Name : tolodlls.dll
File Size : 1925137 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 5167bfdc8002b7b93796121ceb72c235
SHA1 : 592333453c517a36a45a9ef1dd06f6f122200ca6
Online report : http://virscan.org/r...920566aebd.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090504213754 2009-05-04 3.34 -
AhnLab V3 2009.05.05.00 2009.05.05 2009-05-05 3.63 -
AntiVir 7.9.0.160 7.1.3.150 2009-05-04 2.13 TR/Crypt.FKM.Gen
Antiy 2.0.18 20090503.2333071 2009-05-03 0.02 -
Arcavir 2009 200905041616 2009-05-04 0.10 -
Authentium 5.1.1 200905041818 2009-05-04 1.56 W32/SysVenFak.A.gen!Eldorado (Possible)
AVAST! 3.0.1 090504-1 2009-05-04 0.04 Win32:Trojan-gen {Other}
AVG 7.5.52.442 270.12.11/2089 2009-04-30 2.06 -
BitDefender 7.81008.2901809 7.25204 2009-05-05 2.74 Gen:Trojan.Heur.5738C7D6D6
CA (VET) 9.0.0.143 31.6.6488 2009-05-05 11.64 -
ClamAV 0.95 9325 2009-05-04 0.58 -
Comodo 3.8 1149 2009-05-03 2.17 -
CP Secure 1.1.0.715 2009.05.05 2009-05-05 8.87 -
Dr.Web 4.44.0.9170 2009.05.05 2009-05-05 4.58 -
F-Prot 4.4.4.56 20090504 2009-05-04 1.53 W32/SysVenFak.A.gen!Eldorado (generic, not disinfectable)
F-Secure 5.51.6100 2009.05.04.11 2009-05-04 0.08 -
Fortinet 2.81-3.117 10.352 2009-05-04 0.96 -
GData 19.5035/19.320 20090505 2009-05-05 20.88 -
ViRobot 20090504 2009.05.04 2009-05-04 1.15 -
Ikarus T3.1.01.49 2009.05.04.72670 2009-05-04 2.92 -
JiangMin 11.0.706 2009.05.04 2009-05-04 1.94 -
Kaspersky 5.5.10 2009.05.05 2009-05-05 0.05 -
KingSoft 2009.2.5.15 2009.5.5.7 2009-05-05 3.33 -
McAfee 5.3.00 5605 2009-05-04 2.85 -
Microsoft 1.4602 2009.05.05 2009-05-05 7.62 Backdoor:Win32/Losfondup.A
mks_vir 2.01 2009.05.04 2009-05-04 2.77 -
Norman 6.01.05 6.01.00 2009-05-04 4.01 W32/Malware.GKOZ
Panda 9.05.01 2009.05.04 2009-05-04 18.32 -
Trend Micro 8.700-1004 6.108.01 2009-05-04 0.03 -
Quick Heal 10.00 2009.05.04 2009-05-04 4.14 -
Rising 20.0 21.28.04.00 2009-05-04 1.76 -
Sophos 2.86.0 4.41 2009-05-05 2.36 -
Sunbelt 5120 5120 2009-05-04 2.19 -
Symantec 1.3.0.24 20090504.005 2009-05-04 0.40 -
nProtect 20090504.01 3571553 2009-05-04 40.13 -
The Hacker 6.3.4.1 v00318 2009-05-04 3.30 -
VBA32 3.12.10.4 20090504.1321 2009-05-04 2.00 -
VirusBuster 4.5.11.10 10.105.15/1315556 2009-05-04 2.11 -

#34
Jimmy2012

Posted 05 May 2009 - 05:11 PM

Trusted Helper

Retired Staff
6,238 posts

Hello livedead,

Please run a scan with OTListIt2 (like you did the first time running it) and post the OTListIt.txt in your next reply.

#35
livedead

Posted 05 May 2009 - 05:35 PM

Member

Topic Starter
Member
29 posts

Hi Jimmy2012

Please find below the OTListit.txt contents

OTListIt logfile created on: 5/5/2009 4:21:32 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\New-April\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 307.16 Mb Available Physical Memory | 61.02% Memory free
1.20 Gb Paging File | 1.03 Gb Available in Paging File | 85.48% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.64 Gb Total Space | 38.80 Gb Free Space | 75.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RUPA-CE5DB493CD
Current User Name: New-April
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\New-April\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (bgsvcgen [Auto | Stopped]) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
SRV - (GoToAssist [On_Demand | Stopped]) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (gusvc [Disabled | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Stopped]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (NICCONFIGSVC [Auto | Stopped]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RoxLiveShare10 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxMediaDB10 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (RoxWatch10 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (wltrysvc [Auto | Stopped]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (APPDRV [System | Stopped]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (cercsr6 [Boot | Stopped]) -- C:\WINDOWS\System32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (HSFHWICH [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (SASDIFSV [System | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys ()
DRV - (STAC97 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (winachsf [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {124F0D6F-DAFC-4E89-A7CB-2ADFD142AAB4}:1.0
FF - prefs.js..extensions.enabledItems: {66332D95-872C-43F8-B0A7-E8254CC2E719}:1.0
FF - prefs.js..extensions.enabledItems: {39B3EB2F-6AEA-4BF7-ADB8-6A760A15E998}:1.0
FF - prefs.js..extensions.enabledItems: {4EE9FD1E-9D55-410F-BC75-296BC9AB9B54}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/06 14:23:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{124F0D6F-DAFC-4E89-A7CB-2ADFD142AAB4}: C:\DOCUMENTS AND SETTINGS\RUPA\LOCAL SETTINGS\APPLICATION DATA\{124F0D6F-DAFC-4E89-A7CB-2ADFD142AAB4} [2009/01/10 21:25:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{66332D95-872C-43F8-B0A7-E8254CC2E719}: C:\DOCUMENTS AND SETTINGS\NEW\LOCAL SETTINGS\APPLICATION DATA\{66332D95-872C-43F8-B0A7-E8254CC2E719} [2009/03/18 15:21:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{39B3EB2F-6AEA-4BF7-ADB8-6A760A15E998}: C:\DOCUMENTS AND SETTINGS\RUPARAJ\LOCAL SETTINGS\APPLICATION DATA\{39B3EB2F-6AEA-4BF7-ADB8-6A760A15E998} [2009/04/16 12:46:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{4EE9FD1E-9D55-410F-BC75-296BC9AB9B54}: C:\DOCUMENTS AND SETTINGS\NEW-APRIL\LOCAL SETTINGS\APPLICATION DATA\{4EE9FD1E-9D55-410F-BC75-296BC9AB9B54} [2009/04/20 09:14:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/29 21:28:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 11:41:01 | 00,000,000 | ---D | M]

[2009/04/15 13:13:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\New-April\Application Data\mozilla\Extensions
[2009/04/15 13:13:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\New-April\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/15 13:13:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\New-April\Application Data\mozilla\Firefox\Profiles\gj03h6mb.default\extensions
[2009/04/28 22:06:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 11:41:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/28 11:40:55 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 11:40:55 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/02 01:04:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/02 01:04:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/02 01:04:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/02 01:04:40 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/02 01:04:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/02 01:04:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/02 01:04:40 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (783 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 91.207.117.244 browser-security.microsoft.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://myed-nc.wach...perSetupSP1.cab (JuniperSetupSP1 Control)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\tolodlls.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/05 10:09:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Local Settings\Application Data\Identities
[2009/05/04 07:24:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Desktop\avz4
[2009/05/04 07:23:11 | 04,626,422 | ---- | C] () -- C:\Documents and Settings\New-April\Desktop\avz4.zip
[2009/05/03 10:01:22 | 00,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk
[2009/04/29 21:28:01 | 00,001,226 | ---- | C] () -- C:\Documents and Settings\New-April\Desktop\DrWeb.csv
[2009/04/29 20:20:59 | 13,835,096 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\New-April\Desktop\drweb-cureit.exe
[2009/04/29 14:39:45 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/29 14:39:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Application Data\Sun
[2009/04/29 14:27:08 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/29 14:27:08 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/29 14:27:06 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/29 14:27:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/29 14:26:06 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\New-April\Desktop\mbam-setup(2).exe
[2009/04/29 12:40:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Desktop\gmer
[2009/04/29 12:40:20 | 00,278,221 | ---- | C] () -- C:\Documents and Settings\New-April\Desktop\gmer.zip
[2009/04/28 23:22:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/04/28 23:19:02 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/04/28 21:59:48 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/04/28 21:59:43 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/04/28 21:59:42 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/04/28 21:45:31 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/04/28 21:45:31 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/04/28 21:45:31 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/04/28 21:45:31 | 00,113,152 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/04/28 21:45:31 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/28 21:45:31 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/28 21:45:31 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/28 21:45:31 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/28 21:28:23 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/28 21:27:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Local Settings\Application Data\Symantec
[2009/04/27 08:46:17 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/27 08:35:45 | 00,230,776 | ---- | C] (Alwil Software) -- C:\Documents and Settings\New-April\Desktop\aswclear.exe
[2009/04/26 09:16:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Application Data\AdobeUM
[2009/04/26 09:16:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Local Settings\Application Data\Adobe
[2009/04/26 09:16:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\My Documents\My eBooks
[2009/04/22 12:59:28 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\New-April\Desktop\draft.doc
[2009/04/21 11:48:08 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\New-April\My Documents\dtr.doc
[2009/04/21 11:05:46 | 00,073,216 | ---- | C] () -- C:\Documents and Settings\New-April\My Documents\Resume-Rupa-Rajamani.doc
[2009/04/21 09:08:45 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\New-April\Desktop\OTListIt2.exe
[2009/04/21 09:06:17 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/21 09:06:08 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\New-April\Desktop\Rooter.exe
[2009/04/21 08:27:15 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/04/21 08:24:57 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\New-April\Desktop\avast_home_setup.exe
[2009/04/20 13:35:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Application Data\Malwarebytes
[2009/04/20 13:35:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/20 13:34:23 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\New-April\Desktop\mbam-setup.exe
[2009/04/20 13:33:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/20 13:32:49 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\New-April\Desktop\NTREGOPT.lnk
[2009/04/20 13:32:49 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\New-April\Desktop\ERUNT.lnk
[2009/04/20 13:32:46 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/20 13:31:27 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\New-April\Desktop\erunt_setup.exe
[2009/04/20 13:28:38 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\New-April\Desktop\SysRestorePoint.exe
[2009/04/20 13:01:48 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/04/20 11:00:54 | 03,224,818 | -H-- | C] () -- C:\Documents and Settings\New-April\Local Settings\Application Data\IconCache.db
[2009/04/20 09:42:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/04/20 09:42:08 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/20 09:41:53 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/04/20 09:41:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Application Data\SUPERAntiSpyware.com
[2009/04/20 09:41:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/04/20 09:40:02 | 06,289,952 | ---- | C] () -- C:\Documents and Settings\New-April\Desktop\SUPERAntiSpyware.exe
[2009/04/20 09:14:48 | 00,000,000 | R--D | C] -- C:\Documents and Settings\New-April\My Documents\My Videos
[2009/04/20 09:14:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Local Settings\Application Data\PowerDVD DX
[2009/04/20 09:14:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Local Settings\Application Data\{4EE9FD1E-9D55-410F-BC75-296BC9AB9B54}
[2009/04/15 13:15:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Application Data\Macromedia
[2009/04/15 13:15:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Application Data\Adobe
[2009/04/15 13:12:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Local Settings\Application Data\Mozilla
[2009/04/15 13:12:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Application Data\Mozilla
[2009/04/15 13:09:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Application Data\Identities
[2009/04/15 13:09:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\New-April\My Documents\My Music
[2009/04/15 13:09:32 | 00,000,080 | -HS- | C] () -- C:\Documents and Settings\New-April\My Documents\desktop.ini
[2009/04/15 13:09:32 | 00,000,000 | R--D | C] -- C:\Documents and Settings\New-April\My Documents\My Pictures
[2009/04/15 13:09:26 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\New-April\Application Data\desktop.ini
[2009/04/15 13:09:25 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\New-April\Start Menu\Programs\Startup\desktop.ini
[2009/04/15 13:09:25 | 00,000,000 | --SD | C] -- C:\Documents and Settings\New-April\Application Data\Microsoft
[2009/04/15 13:09:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Local Settings\Application Data\Microsoft
[2009/04/14 12:00:51 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2009/04/14 12:00:47 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2009/04/14 12:00:46 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2009/04/14 12:00:46 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2009/04/14 11:46:40 | 00,086,016 | ---- | C] (B.H.A Corporation) -- C:\WINDOWS\System32\bgsvcgen.exe
[2009/04/14 11:46:40 | 00,057,344 | ---- | C] (B.H.A Corporation) -- C:\WINDOWS\System32\GenSvcInst.exe
[2009/04/14 11:46:40 | 00,049,152 | ---- | C] (BHA) -- C:\WINDOWS\System32\setupsvc.dll
[2009/04/14 11:46:38 | 00,032,256 | ---- | C] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys
[2009/04/14 11:41:53 | 00,208,896 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\WINDOWS\System32\FFRafShellEx.dll
[2009/04/14 11:41:52 | 00,274,432 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\WINDOWS\System32\FFTIFF16.dll
[2009/04/14 11:41:52 | 00,155,648 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\WINDOWS\System32\FFRAFLIB.DLL
[2009/04/06 06:44:57 | 00,000,048 | ---- | C] () -- C:\WINDOWS\webica.ini
[2009/04/06 06:43:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Resource
[2008/12/22 16:04:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/12/10 16:44:02 | 00,000,058 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2008/10/30 08:18:24 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/29 12:53:28 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/10/29 12:53:27 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/10/29 12:22:31 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2004/08/04 03:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 03:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 03:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/04 09:29:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/04 08:41:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/04 08:41:43 | 03,224,818 | -H-- | M] () -- C:\Documents and Settings\New-April\Local Settings\Application Data\IconCache.db
[2009/05/04 07:23:22 | 04,626,422 | ---- | M] () -- C:\Documents and Settings\New-April\Desktop\avz4.zip
[2009/05/03 10:01:53 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/03 10:01:53 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/03 10:01:53 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/29 21:28:01 | 00,001,226 | ---- | M] () -- C:\Documents and Settings\New-April\Desktop\DrWeb.csv
[2009/04/29 20:21:22 | 13,835,096 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\New-April\Desktop\drweb-cureit.exe
[2009/04/29 14:39:45 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/29 14:27:08 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/29 14:26:07 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\New-April\Desktop\mbam-setup(2).exe
[2009/04/29 12:40:22 | 00,278,221 | ---- | M] () -- C:\Documents and Settings\New-April\Desktop\gmer.zip
[2009/04/28 01:28:42 | 00,113,152 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/04/27 08:36:17 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/04/27 08:35:57 | 00,230,776 | ---- | M] (Alwil Software) -- C:\Documents and Settings\New-April\Desktop\aswclear.exe
[2009/04/22 12:59:29 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\New-April\Desktop\draft.doc
[2009/04/21 11:48:09 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\New-April\My Documents\dtr.doc
[2009/04/21 09:08:46 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\New-April\Desktop\OTListIt2.exe
[2009/04/21 09:06:09 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\New-April\Desktop\Rooter.exe
[2009/04/21 08:24:59 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\New-April\Desktop\avast_home_setup.exe
[2009/04/20 13:34:25 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\New-April\Desktop\mbam-setup.exe
[2009/04/20 13:32:49 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\New-April\Desktop\NTREGOPT.lnk
[2009/04/20 13:32:49 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\New-April\Desktop\ERUNT.lnk
[2009/04/20 13:31:28 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\New-April\Desktop\erunt_setup.exe
[2009/04/20 13:28:38 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\New-April\Desktop\SysRestorePoint.exe
[2009/04/20 09:42:09 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/20 09:40:05 | 06,289,952 | ---- | M] () -- C:\Documents and Settings\New-April\Desktop\SUPERAntiSpyware.exe
[2009/04/20 09:14:27 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/16 12:44:01 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/04/15 14:42:17 | 00,239,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/15 13:10:06 | 00,000,080 | -HS- | M] () -- C:\Documents and Settings\New-April\My Documents\desktop.ini
[2009/04/15 04:31:42 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/15 04:31:42 | 00,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/15 04:31:42 | 00,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/15 03:08:41 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/14 11:42:36 | 00,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 09:13:30 | 00,000,048 | ---- | M] () -- C:\WINDOWS\webica.ini
[2009/04/06 07:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 870 bytes -> C:\WINDOWS\System32\msln.exe:16cf792f68a2ab395c7c44cf475eb794
< End of report >

#36
Jimmy2012

Posted 06 May 2009 - 11:37 AM

Trusted Helper

Retired Staff
6,238 posts

Hello livedead,

Please open OTListIt2.exe
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
:Files
C:\WINDOWS\system32\tolodlls.dll

:Commands
[purity]
[emptytemp]
[reboot]
```
Return to OTListIt2, right click in the "Custom Scans/fixes" window (under the light blue bar) and choose Paste.
Click the Run Fix button.
Let the program run until it is finished, reboot when it is done.
It will produce a log for you on reboot, please post that log in your next reply.

#37
livedead

Posted 06 May 2009 - 12:53 PM

Member

Topic Starter
Member
29 posts

Hi Jimmy2012

I am unable to run the fix. Every time I try, my system hangs and Dr. Watson Post Morten Debugger opens an error page saying that the program needs to be closed. Do tell me what I need to do next.

Cheers
livedead

#38
Jimmy2012

Posted 06 May 2009 - 11:11 PM

Trusted Helper

Retired Staff
6,238 posts

Hello livedead,

Did you let OTListIt2 sit there and see if it would finish after you got that error?

#39
livedead

Posted 06 May 2009 - 11:23 PM

Member

Topic Starter
Member
29 posts

Hi Jimmy2012

I left it for half an hour and still there was no response. I tried this thrice. Do let me know what I should do next.

Cheers
livedead

#40
Jimmy2012

Posted 06 May 2009 - 11:34 PM

Trusted Helper

Retired Staff
6,238 posts

Hello livedead,

Please run a scan with OTListIt2 (like you did the first time running it) and post the OTListIt.txt in your next reply.
Lets see if it was able to remove that file before it gave you this error.

#41
livedead

Posted 06 May 2009 - 11:47 PM

Member

Topic Starter
Member
29 posts

Hi Jimmy2012

Please find below the OTListit.txt contents:

OTListIt logfile created on: 5/6/2009 10:43:51 PM - Run 4
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\New-April\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 351.71 Mb Available Physical Memory | 69.87% Memory free
1.20 Gb Paging File | 1.05 Gb Available in Paging File | 87.38% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.64 Gb Total Space | 38.79 Gb Free Space | 75.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RUPA-CE5DB493CD
Current User Name: New-April
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\system32\drwtsn32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\drwtsn32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\drwtsn32.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\New-April\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (bgsvcgen [Auto | Stopped]) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
SRV - (GoToAssist [On_Demand | Stopped]) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (gusvc [Disabled | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Stopped]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (NICCONFIGSVC [Auto | Stopped]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RoxLiveShare10 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxMediaDB10 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (RoxWatch10 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (wltrysvc [Auto | Stopped]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (APPDRV [System | Stopped]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (cercsr6 [Boot | Stopped]) -- C:\WINDOWS\System32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (HSFHWICH [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (SASDIFSV [System | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys ()
DRV - (STAC97 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (winachsf [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {124F0D6F-DAFC-4E89-A7CB-2ADFD142AAB4}:1.0
FF - prefs.js..extensions.enabledItems: {66332D95-872C-43F8-B0A7-E8254CC2E719}:1.0
FF - prefs.js..extensions.enabledItems: {39B3EB2F-6AEA-4BF7-ADB8-6A760A15E998}:1.0
FF - prefs.js..extensions.enabledItems: {4EE9FD1E-9D55-410F-BC75-296BC9AB9B54}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/06 14:23:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{124F0D6F-DAFC-4E89-A7CB-2ADFD142AAB4}: C:\DOCUMENTS AND SETTINGS\RUPA\LOCAL SETTINGS\APPLICATION DATA\{124F0D6F-DAFC-4E89-A7CB-2ADFD142AAB4} [2009/01/10 21:25:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{66332D95-872C-43F8-B0A7-E8254CC2E719}: C:\DOCUMENTS AND SETTINGS\NEW\LOCAL SETTINGS\APPLICATION DATA\{66332D95-872C-43F8-B0A7-E8254CC2E719} [2009/03/18 15:21:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{39B3EB2F-6AEA-4BF7-ADB8-6A760A15E998}: C:\DOCUMENTS AND SETTINGS\RUPARAJ\LOCAL SETTINGS\APPLICATION DATA\{39B3EB2F-6AEA-4BF7-ADB8-6A760A15E998} [2009/04/16 12:46:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{4EE9FD1E-9D55-410F-BC75-296BC9AB9B54}: C:\DOCUMENTS AND SETTINGS\NEW-APRIL\LOCAL SETTINGS\APPLICATION DATA\{4EE9FD1E-9D55-410F-BC75-296BC9AB9B54} [2009/04/20 09:14:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/29 21:28:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 11:41:01 | 00,000,000 | ---D | M]

[2009/04/15 13:13:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\New-April\Application Data\mozilla\Extensions
[2009/04/15 13:13:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\New-April\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/15 13:13:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\New-April\Application Data\mozilla\Firefox\Profiles\gj03h6mb.default\extensions
[2009/04/28 22:06:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 11:41:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/28 11:40:55 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 11:40:55 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/02 01:04:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/02 01:04:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/02 01:04:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/02 01:04:40 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/02 01:04:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/02 01:04:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/02 01:04:40 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (783 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 91.207.117.244 browser-security.microsoft.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://myed-nc.wach...perSetupSP1.cab (JuniperSetupSP1 Control)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\tolodlls.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2009/05/05 10:09:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Local Settings\Application Data\Identities
[2009/05/04 07:24:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Desktop\avz4
[2009/05/04 07:23:11 | 04,626,422 | ---- | C] () -- C:\Documents and Settings\New-April\Desktop\avz4.zip
[2009/05/03 10:01:22 | 00,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk
[2009/04/29 21:28:01 | 00,001,226 | ---- | C] () -- C:\Documents and Settings\New-April\Desktop\DrWeb.csv
[2009/04/29 20:20:59 | 13,835,096 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\New-April\Desktop\drweb-cureit.exe
[2009/04/29 14:39:45 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/29 14:39:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Application Data\Sun
[2009/04/29 14:27:08 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/29 14:27:08 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/29 14:27:06 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/29 14:27:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/29 14:26:06 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\New-April\Desktop\mbam-setup(2).exe
[2009/04/29 12:40:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Desktop\gmer
[2009/04/29 12:40:20 | 00,278,221 | ---- | C] () -- C:\Documents and Settings\New-April\Desktop\gmer.zip
[2009/04/28 23:22:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/04/28 23:19:02 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/04/28 21:59:48 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/04/28 21:59:43 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/04/28 21:59:42 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/04/28 21:45:31 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/04/28 21:45:31 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/04/28 21:45:31 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/04/28 21:45:31 | 00,113,152 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/04/28 21:45:31 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/28 21:45:31 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/28 21:45:31 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/28 21:45:31 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/28 21:28:23 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/28 21:27:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Local Settings\Application Data\Symantec
[2009/04/27 08:46:17 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/27 08:35:45 | 00,230,776 | ---- | C] (Alwil Software) -- C:\Documents and Settings\New-April\Desktop\aswclear.exe
[2009/04/26 09:16:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Application Data\AdobeUM
[2009/04/26 09:16:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Local Settings\Application Data\Adobe
[2009/04/26 09:16:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\My Documents\My eBooks
[2009/04/22 12:59:28 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\New-April\Desktop\draft.doc
[2009/04/21 11:48:08 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\New-April\My Documents\dtr.doc
[2009/04/21 11:05:46 | 00,073,216 | ---- | C] () -- C:\Documents and Settings\New-April\My Documents\Resume-Rupa-Rajamani.doc
[2009/04/21 09:08:45 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\New-April\Desktop\OTListIt2.exe
[2009/04/21 09:06:17 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/21 09:06:08 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\New-April\Desktop\Rooter.exe
[2009/04/21 08:27:15 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/04/21 08:24:57 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\New-April\Desktop\avast_home_setup.exe
[2009/04/20 13:35:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Application Data\Malwarebytes
[2009/04/20 13:35:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/20 13:34:23 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\New-April\Desktop\mbam-setup.exe
[2009/04/20 13:33:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/20 13:32:49 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\New-April\Desktop\NTREGOPT.lnk
[2009/04/20 13:32:49 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\New-April\Desktop\ERUNT.lnk
[2009/04/20 13:32:46 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/20 13:31:27 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\New-April\Desktop\erunt_setup.exe
[2009/04/20 13:28:38 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\New-April\Desktop\SysRestorePoint.exe
[2009/04/20 13:01:48 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/04/20 11:00:54 | 03,184,656 | -H-- | C] () -- C:\Documents and Settings\New-April\Local Settings\Application Data\IconCache.db
[2009/04/20 09:42:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/04/20 09:42:08 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/20 09:41:53 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/04/20 09:41:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Application Data\SUPERAntiSpyware.com
[2009/04/20 09:41:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/04/20 09:40:02 | 06,289,952 | ---- | C] () -- C:\Documents and Settings\New-April\Desktop\SUPERAntiSpyware.exe
[2009/04/20 09:14:48 | 00,000,000 | R--D | C] -- C:\Documents and Settings\New-April\My Documents\My Videos
[2009/04/20 09:14:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Local Settings\Application Data\PowerDVD DX
[2009/04/20 09:14:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Local Settings\Application Data\{4EE9FD1E-9D55-410F-BC75-296BC9AB9B54}
[2009/04/15 13:15:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Application Data\Macromedia
[2009/04/15 13:15:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Application Data\Adobe
[2009/04/15 13:12:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Local Settings\Application Data\Mozilla
[2009/04/15 13:12:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Application Data\Mozilla
[2009/04/15 13:09:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Application Data\Identities
[2009/04/15 13:09:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\New-April\My Documents\My Music
[2009/04/15 13:09:32 | 00,000,080 | -HS- | C] () -- C:\Documents and Settings\New-April\My Documents\desktop.ini
[2009/04/15 13:09:32 | 00,000,000 | R--D | C] -- C:\Documents and Settings\New-April\My Documents\My Pictures
[2009/04/15 13:09:26 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\New-April\Application Data\desktop.ini
[2009/04/15 13:09:25 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\New-April\Start Menu\Programs\Startup\desktop.ini
[2009/04/15 13:09:25 | 00,000,000 | --SD | C] -- C:\Documents and Settings\New-April\Application Data\Microsoft
[2009/04/15 13:09:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New-April\Local Settings\Application Data\Microsoft
[2009/04/14 12:00:51 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2009/04/14 12:00:47 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2009/04/14 12:00:46 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2009/04/14 12:00:46 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2009/04/14 11:46:40 | 00,086,016 | ---- | C] (B.H.A Corporation) -- C:\WINDOWS\System32\bgsvcgen.exe
[2009/04/14 11:46:40 | 00,057,344 | ---- | C] (B.H.A Corporation) -- C:\WINDOWS\System32\GenSvcInst.exe
[2009/04/14 11:46:40 | 00,049,152 | ---- | C] (BHA) -- C:\WINDOWS\System32\setupsvc.dll
[2009/04/14 11:46:38 | 00,032,256 | ---- | C] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys
[2009/04/14 11:41:53 | 00,208,896 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\WINDOWS\System32\FFRafShellEx.dll
[2009/04/14 11:41:52 | 00,274,432 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\WINDOWS\System32\FFTIFF16.dll
[2009/04/14 11:41:52 | 00,155,648 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\WINDOWS\System32\FFRAFLIB.DLL
[2009/04/06 06:44:57 | 00,000,048 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/12/22 16:04:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/12/10 16:44:02 | 00,000,058 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2008/10/30 08:18:24 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/29 12:53:28 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/10/29 12:53:27 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/10/29 12:22:31 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2004/08/04 03:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 03:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 03:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/06 11:10:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/06 11:09:13 | 03,184,656 | -H-- | M] () -- C:\Documents and Settings\New-April\Local Settings\Application Data\IconCache.db
[2009/05/04 08:41:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/04 07:23:22 | 04,626,422 | ---- | M] () -- C:\Documents and Settings\New-April\Desktop\avz4.zip
[2009/05/03 10:01:53 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/03 10:01:53 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/03 10:01:53 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/29 21:28:01 | 00,001,226 | ---- | M] () -- C:\Documents and Settings\New-April\Desktop\DrWeb.csv
[2009/04/29 20:21:22 | 13,835,096 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\New-April\Desktop\drweb-cureit.exe
[2009/04/29 14:39:45 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/29 14:27:08 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/29 14:26:07 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\New-April\Desktop\mbam-setup(2).exe
[2009/04/29 12:40:22 | 00,278,221 | ---- | M] () -- C:\Documents and Settings\New-April\Desktop\gmer.zip
[2009/04/28 01:28:42 | 00,113,152 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/04/27 08:36:17 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/04/27 08:35:57 | 00,230,776 | ---- | M] (Alwil Software) -- C:\Documents and Settings\New-April\Desktop\aswclear.exe
[2009/04/22 12:59:29 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\New-April\Desktop\draft.doc
[2009/04/21 11:48:09 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\New-April\My Documents\dtr.doc
[2009/04/21 09:08:46 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\New-April\Desktop\OTListIt2.exe
[2009/04/21 09:06:09 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\New-April\Desktop\Rooter.exe
[2009/04/21 08:24:59 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\New-April\Desktop\avast_home_setup.exe
[2009/04/20 13:34:25 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\New-April\Desktop\mbam-setup.exe
[2009/04/20 13:32:49 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\New-April\Desktop\NTREGOPT.lnk
[2009/04/20 13:32:49 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\New-April\Desktop\ERUNT.lnk
[2009/04/20 13:31:28 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\New-April\Desktop\erunt_setup.exe
[2009/04/20 13:28:38 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\New-April\Desktop\SysRestorePoint.exe
[2009/04/20 09:42:09 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/20 09:40:05 | 06,289,952 | ---- | M] () -- C:\Documents and Settings\New-April\Desktop\SUPERAntiSpyware.exe
[2009/04/20 09:14:27 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/16 12:44:01 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/04/15 14:42:17 | 00,239,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/15 13:10:06 | 00,000,080 | -HS- | M] () -- C:\Documents and Settings\New-April\My Documents\desktop.ini
[2009/04/15 04:31:42 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/15 04:31:42 | 00,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/15 04:31:42 | 00,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/15 03:08:41 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/14 11:42:36 | 00,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 870 bytes -> C:\WINDOWS\System32\msln.exe:16cf792f68a2ab395c7c44cf475eb794
< End of report >

#42
Jimmy2012

Posted 07 May 2009 - 05:37 PM

Trusted Helper

Retired Staff
6,238 posts

Hello livedead,
It is still there, please try the following. I would like to get another look at what OTListIt2 is showing.

Open Notepad and copy/paste the following code into the Notepad window.

@ECHO OFF
regedit.exe /e G2Glook.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"
start G2Glook.txt
del peek.bat

Click on File then Save As
In the Save in drop down box select Desktop
In the File name box type in peek.bat
In the Save as type drop down box select All Files
Close Notepad.

Now, find peek.bat on your Desktop and Double click it
A window will open and close, do not be concerned this is normal.

Please copy/paste the text in the notepad that opens in your next reply.

#43
livedead

Posted 07 May 2009 - 06:31 PM

Member

Topic Starter
Member
29 posts

Hi Jimmy2012

Please find below the text:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

#44
Jimmy2012

Posted 08 May 2009 - 04:01 PM

Trusted Helper

Retired Staff
6,238 posts

Hello livedead,
Please re-download ComboFix from one of the following locations:

Link 1
Link 2
Link 3

Once you have it downloaded, please try the following.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\tolodlls.dll

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt. Please post the following report into your next reply:

Combofix.txt .

#45
livedead

Posted 08 May 2009 - 05:29 PM

Member

Topic Starter
Member
29 posts

Hi Jimmy2012

Please find below ComboFix.txt:

ComboFix 09-05-08.03 - New-April 05/08/2009 16:20.3 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.404 [GMT -7:00]
Running from: c:\documents and settings\New-April\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\New-April\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning enabled* (Updated)

FILE ::
c:\windows\system32\tolodlls.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tolodlls.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-08 to 2009-05-08 )))))))))))))))))))))))))))))))
.

2009-05-05 17:09 . 2009-05-05 17:09 -------- d-----w c:\documents and settings\New-April\Local Settings\Application Data\Identities
2009-04-30 03:22 . 2009-04-30 03:24 -------- d-----w c:\documents and settings\New-April\DoctorWeb
2009-04-29 21:39 . 2009-04-29 21:39 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-29 21:27 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-29 21:27 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-29 21:27 . 2009-04-29 21:27 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-20 20:32 . 2009-04-20 20:32 -------- d-----w c:\program files\ERUNT
2009-04-20 20:01 . 2009-04-20 20:01 -------- d-----w C:\VundoFix Backups
2009-04-20 16:42 . 2009-04-20 16:42 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-20 16:41 . 2009-04-20 16:42 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-20 16:41 . 2009-04-20 16:41 -------- d-----w c:\documents and settings\New-April\Application Data\SUPERAntiSpyware.com
2009-04-20 16:41 . 2009-04-20 16:41 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-20 16:14 . 2009-04-20 16:14 -------- d-----w c:\documents and settings\New-April\Local Settings\Application Data\PowerDVD DX
2009-04-20 16:14 . 2009-04-20 16:14 -------- d-----w c:\documents and settings\New-April\Local Settings\Application Data\{4EE9FD1E-9D55-410F-BC75-296BC9AB9B54}
2009-04-16 19:46 . 2009-04-16 19:46 -------- d-----w c:\documents and settings\Ruparaj\Local Settings\Application Data\{39B3EB2F-6AEA-4BF7-ADB8-6A760A15E998}
2009-04-15 22:11 . 2009-04-15 22:11 -------- d-----w c:\documents and settings\Ruparaj\Local Settings\Application Data\PowerDVD DX
2009-04-15 21:49 . 2009-04-15 21:49 -------- d-----w c:\documents and settings\Ruparaj\Local Settings\Application Data\Mozilla
2009-04-15 20:12 . 2009-04-15 20:12 -------- d-----w c:\documents and settings\New-April\Local Settings\Application Data\Mozilla
2009-04-14 19:00 . 2001-08-18 05:36 5632 ----a-w c:\windows\system32\ptpusb.dll
2009-04-14 19:00 . 2004-08-04 07:56 159232 ----a-w c:\windows\system32\ptpusd.dll
2009-04-14 19:00 . 2004-08-04 05:58 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
2009-04-14 19:00 . 2004-08-04 05:58 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-04-14 18:46 . 2005-05-01 00:09 57344 ------w c:\windows\system32\GenSvcInst.exe
2009-04-14 18:46 . 2005-05-01 21:41 49152 ------w c:\windows\system32\setupsvc.dll
2009-04-14 18:46 . 2005-05-01 00:02 86016 ------w c:\windows\system32\bgsvcgen.exe
2009-04-14 18:46 . 2005-05-11 07:33 32256 ------w c:\windows\system32\drivers\cdrbsdrv.sys
2009-04-14 18:43 . 2009-04-15 21:36 -------- d-----w c:\documents and settings\New\Application Data\FUJIFILM
2009-04-14 18:41 . 2006-07-12 21:39 208896 ----a-w c:\windows\system32\FFRafShellEx.dll
2009-04-14 18:41 . 2003-09-03 23:45 274432 ----a-w c:\windows\system32\FFTIFF16.dll
2009-04-14 18:41 . 2004-07-25 04:28 155648 ----a-w c:\windows\system32\FFRAFLIB.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 04:36 . 2008-10-29 20:23 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-29 04:36 . 2008-10-29 20:23 -------- d-----w c:\program files\Symantec
2009-04-27 15:40 . 2009-04-21 15:27 -------- d-----w c:\program files\Alwil Software
2009-04-15 21:38 . 2008-11-17 23:16 -------- d-----w c:\program files\GMATPrep
2009-04-14 18:46 . 2008-10-29 19:22 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-06 13:42 . 2008-10-29 19:14 -------- d-----w c:\program files\Citrix
2009-03-25 22:25 . 2009-03-25 22:25 2709 ----a-w c:\windows\system32\wdllexup.dat
2009-03-25 22:12 . 2009-03-25 22:12 58584 ----a-w c:\documents and settings\New\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-19 05:55 . 2008-11-02 05:26 -------- d-----w c:\program files\Google
2009-03-06 14:00 . 2004-08-04 10:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:30 . 2006-03-04 03:33 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:30 . 2004-08-04 10:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:19 . 2004-08-04 10:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2004-08-04 10:00 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2004-08-04 10:00 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2004-08-04 10:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2004-08-04 10:00 715264 ----a-w c:\windows\system32\ntdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-06 136600]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-12-14 244208]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-29 19:14 10536 ----a-w c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [3/23/2009 2:07 PM 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 72944]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [12/14/2007 3:25 PM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [12/14/2007 3:25 PM 166384]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [12/14/2007 3:25 PM 1112560]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 7408]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.superantispyware.com/applicationdisplay.html?id=1000001553&trial=no&activated=no&appid={5CFCA3FC-A40D-4613-AE0C-62217A2BA002}
FF - ProfilePath - c:\documents and settings\New-April\Application Data\Mozilla\Firefox\Profiles\gj03h6mb.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-08 16:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2009-05-08 16:23
ComboFix-quarantined-files.txt 2009-05-08 23:23
ComboFix2.txt 2009-04-29 06:22
ComboFix3.txt 2009-04-29 05:04

Pre-Run: 41,634,410,496 bytes free
Post-Run: 41,632,309,248 bytes free

126 --- E O F --- 2009-04-15 10:09