Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Alureon-AM (RTK) & Trojan-gen (Other) [Solved]

Started by ch0ices , May 23 2009 10:02 AM

  • This topic is locked This topic is locked

#16
ch0ices
Posted 25 May 2009 - 10:05 AM

ch0ices

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
New OTL Log;

OTListIt logfile created on: 5/25/2009 10:57:46 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Users\Jessica\Desktop\For Matthew
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 57.21% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): c:\pagefile.sys 4090 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.19 Gb Total Space | 33.48 Gb Free Space | 15.00% Space Free | Partition Type: NTFS
Drive D: | 9.70 Gb Total Space | 3.97 Gb Free Space | 40.97% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JESSICA-PC
Current User Name: Jessica
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\Program Files\Common Files\COMODO\Firewall\cmdagent.exe ()
PRC - C:\Windows\system32\crypserv.exe (Kenonic Controls Ltd.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
PRC - C:\Windows\system32\lxczcoms.exe ( )
PRC - C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
PRC - C:\Windows\system32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Windows\notepad.exe (Microsoft Corporation)
PRC - C:\Windows\sttray.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\COMODO\Firewall\cfp.exe ()
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)
PRC - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Users\Jessica\Desktop\For Matthew\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (cmdAgent [Auto | Running]) -- C:\Program Files\Common Files\COMODO\Firewall\cmdagent.exe ()
SRV - (Crypkey License [Auto | Running]) -- C:\Windows\system32\crypserv.exe (Kenonic Controls Ltd.)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Running]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (IAANTMON [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (lxcz_device [Auto | Running]) -- C:\Windows\system32\lxczcoms.exe ( )
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Roxio UPnP Renderer 9 [On_Demand | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9 [Auto | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (RoxLiveShare9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (ac97intc [On_Demand | Stopped]) -- C:\Windows\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\Windows\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt [Auto | Running]) -- C:\Windows\system32\DRIVERS\aswMonFlt.sys (ALWIL Software)
DRV - (aswRdr [System | Running]) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (bcm4sbxp [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdGuard [System | Running]) -- C:\Windows\System32\DRIVERS\cmdguard.sys (COMODO)
DRV - (cmdHlp [System | Running]) -- C:\Windows\System32\DRIVERS\cmdhlp.sys (COMODO)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (e1express [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\e1e6032.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (hamachi [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (HECI [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HECI.sys (Intel Corporation)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWBS2 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (iaStorV [Boot | Running]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (Inspect [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\inspect.sys (COMODO)
DRV - (IntelDH [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\IntelDH.sys (Intel Corporation)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (netr73 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\WUSB54GCx86.sys (Ralink Technology Inc.)
DRV - (NETw2v32 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\NETw2v32.sys (Intel® Corporation)
DRV - (NetworkX [System | Running]) -- C:\Windows\system32\ckldrv.sys ()
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (pavboot [Boot | Running]) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RimUsb [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\RimUsb.sys (Research In Motion Limited)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\Windows\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (snpstd [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\snpstd.sys ()
DRV - (sptd [Boot | Running]) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SRS_SSCFilter [On_Demand | Running]) -- C:\Windows\system32\drivers\srs_sscfilter_i386.sys ()
DRV - (STHDA [On_Demand | Running]) -- C:\Windows\system32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vncmirror [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\vncmirror.sys (RealVNC Ltd.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...DTP&M=DX430
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"



[2009/01/07 14:22:34 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\8kndky55.default\extensions
[2009/04/19 12:03:39 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\8kndky55.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/12/09 19:06:44 | 00,002,158 | ---- | M] () -- C:\Users\Jessica\AppData\Roaming\Mozilla\FireFox\Profiles\8kndky55.default\searchplugins\MySpace.xml

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MySpace Toolbar) - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files\MySpace\Toolbar\1.0.32.5\MySpaceToolbar.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (MySpace Toolbar) - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files\MySpace\Toolbar\1.0.32.5\MySpaceToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [COMODO Internet Security] "C:\Program Files\Common Files\COMODO\Firewall\cfp.exe" -h ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {36A4B20A-2B75-4101-86CE-F9B03CA4B91C} http://bgweb.nowcdn....DownStarter.cab (DownStarter Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} http://webserver.dyy...nt/DyynoCAB.CAB (DyynoX Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....NPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gatew...rvest/gwCID.CAB (compid Class)
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://disteng.neffi...ffyLauncher.cab (NeffyLauncherCtl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace...ronGameHost.cab (Oberon Flash Game Host)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\system32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/25 10:38:27 | 00,000,000 | R--D | M]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/05/25 10:26:58 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/24 12:33:15 | 00,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Roaming\Malwarebytes
[2009/05/24 12:30:13 | 00,000,856 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/24 12:30:07 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/24 12:30:01 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/24 12:30:00 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/05/24 12:29:59 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/24 12:28:40 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jessica\Desktop\mbam-setup.exe
[2009/05/24 10:48:38 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/05/24 10:46:57 | 00,389,632 | ---- | C] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTMoveIt3.exe
[2009/05/23 12:32:03 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/05/23 12:31:17 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/05/23 12:01:22 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/05/23 12:01:22 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/05/23 12:01:22 | 00,139,776 | ---- | C] () -- C:\Windows\PEV.exe
[2009/05/23 12:01:22 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/05/23 12:01:22 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/05/23 12:01:22 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/05/23 12:01:22 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/05/23 12:01:22 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/05/23 11:58:29 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/23 11:57:38 | 02,979,472 | R--- | C] () -- C:\Users\Jessica\Desktop\ComboFix.exe
[2009/05/23 10:17:21 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/22 12:50:34 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/05/22 12:50:34 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/05/22 12:50:34 | 00,001,887 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/05/22 12:50:26 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/05/22 12:50:25 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/05/22 12:50:25 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/05/22 12:50:06 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/05/22 12:50:06 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2009/05/22 12:50:06 | 00,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/05/22 12:50:04 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/22 12:49:22 | 34,346,616 | ---- | C] () -- C:\Users\Jessica\Desktop\setupeng.exe
[2009/05/22 12:34:34 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/05/22 12:33:54 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/20 16:04:40 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Jessica\Desktop\erunt_setup.exe
[2009/05/20 16:04:15 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Users\Jessica\Desktop\SysRestorePoint.exe
[2009/05/20 15:55:50 | 00,001,912 | ---- | C] () -- C:\Users\Jessica\Desktop\HijackThis.lnk
[2009/05/20 15:55:49 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/20 15:55:13 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jessica\Desktop\HJTInstall.exe
[2009/05/16 00:25:38 | 00,126,768 | ---- | C] () -- C:\Users\Jessica\Desktop\mms.wav
[2009/05/15 12:36:28 | 00,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2009/05/15 11:28:16 | 00,000,000 | ---D | C] -- C:\Users\Jessica\Documents\RCT3
[2009/05/15 11:28:16 | 00,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Roaming\Atari
[2009/05/15 11:13:17 | 00,001,957 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon® 3.lnk
[2009/05/15 11:11:29 | 00,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Roaming\Leadertech
[2009/05/15 11:11:24 | 00,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/05/15 11:11:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PocketSoft
[2009/05/15 11:07:37 | 00,000,000 | ---D | C] -- C:\Program Files\Atari
[2009/05/14 11:06:56 | 00,000,122 | ---- | C] () -- C:\Windows\WA.INI
[2009/05/14 11:04:17 | 00,001,698 | ---- | C] () -- C:\Users\Jessica\Desktop\Worms Armageddon.lnk
[2009/05/14 11:04:02 | 01,594,558 | ---- | C] () -- C:\Windows\WANEUninstaller.exe
[2009/05/14 10:59:21 | 00,000,000 | ---D | C] -- C:\Games
[2009/05/08 14:29:21 | 00,016,384 | ---- | C] () -- C:\Users\Jessica\Desktop\Jessica Resume through state agency.doc
[2009/04/29 23:03:43 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/04/29 23:03:20 | 15,669,6397 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/04/29 16:14:03 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2009/04/29 16:13:59 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/04/29 09:07:27 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2009/04/26 18:21:27 | 21,198,56128 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/26 15:41:02 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/04/26 15:41:01 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/04/26 15:39:52 | 63,049,904 | ---- | C] (AVG Technologies) -- C:\Users\Jessica\Desktop\avg_free_stf_en_85_285a1462.exe
[2009/04/26 15:19:52 | 16,438,680 | ---- | C] () -- C:\Users\Jessica\Desktop\jre-6u13-windows-i586-p-s.exe
[2009/04/26 13:04:46 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/04/26 12:32:24 | 00,000,000 | R--D | C] -- C:\Users\Jessica\Desktop\Favorites
[2008/10/15 21:48:23 | 00,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2008/09/07 18:04:13 | 00,001,361 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2008/07/21 19:42:32 | 00,042,320 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2008/06/23 13:47:06 | 00,042,112 | ---- | C] () -- C:\Windows\System32\drivers\csiidecoder_kern_i386.sys
[2008/06/23 13:47:05 | 00,047,360 | ---- | C] () -- C:\Windows\System32\drivers\Surroundhp_kern_i386.sys
[2008/06/23 13:47:05 | 00,047,104 | ---- | C] () -- C:\Windows\System32\drivers\tshd4_kern_i386.sys
[2008/06/23 13:47:05 | 00,039,808 | ---- | C] () -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys
[2008/05/30 12:22:22 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/05/30 12:18:56 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/05/30 12:18:56 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/05/30 12:18:00 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/05/23 16:38:31 | 00,147,192 | ---- | C] () -- C:\Windows\System32\guard32.dll
[2008/04/22 09:06:04 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/04/22 08:26:01 | 00,685,816 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/04/15 15:33:37 | 00,001,125 | ---- | C] () -- C:\Windows\Winamp.ini
[2008/04/15 15:33:31 | 00,000,041 | ---- | C] () -- C:\Windows\winampa.ini
[2008/01/22 00:25:55 | 00,000,060 | ---- | C] () -- C:\Windows\Crypkey.ini
[2008/01/22 00:25:52 | 00,024,608 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2008/01/22 00:25:52 | 00,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2008/01/22 00:19:38 | 00,296,448 | ---- | C] () -- C:\Windows\Xenofex.ini
[2008/01/22 00:16:40 | 00,000,110 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2008/01/22 00:02:37 | 00,000,848 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/01/21 19:18:14 | 00,000,234 | ---- | C] () -- C:\Windows\Lexstat.ini
[2008/01/21 19:14:07 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
[2008/01/21 19:14:07 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
[2008/01/21 19:14:07 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
[2008/01/21 19:14:07 | 00,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll
[2008/01/21 19:14:06 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll
[2008/01/21 19:14:06 | 00,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
[2008/01/21 19:14:06 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
[2008/01/21 19:14:06 | 00,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll
[2008/01/21 19:14:06 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll
[2008/01/21 19:14:06 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
[2008/01/21 19:14:05 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
[2008/01/21 19:14:05 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
[2008/01/21 19:14:04 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
[2008/01/21 19:14:03 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
[2008/01/11 18:43:44 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2008/01/11 18:43:44 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/01/11 18:43:41 | 00,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007/02/07 21:58:12 | 00,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007/01/22 12:49:34 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxczcoin.dll
[2006/12/12 14:13:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2006/12/12 13:48:16 | 00,467,264 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2006/12/12 13:02:50 | 00,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:23:31 | 00,000,265 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 05:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/06/07 17:23:04 | 00,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
[2006/03/27 15:19:14 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
[2006/03/07 15:59:04 | 00,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
[2006/01/10 21:11:06 | 00,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2006/01/10 21:11:06 | 00,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
[2004/02/19 00:12:00 | 00,299,776 | ---- | C] () -- C:\Windows\System32\drivers\snpstd.sys
[2004/02/16 03:15:00 | 00,015,541 | ---- | C] () -- C:\Windows\snpstd.ini
[2004/01/28 02:59:00 | 00,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd.dll
[2003/12/09 23:17:00 | 00,057,344 | ---- | C] ( ) -- C:\Windows\System32\csnpstd.dll
[2003/10/21 18:40:00 | 00,053,248 | ---- | C] () -- C:\Windows\System32\dsnpstd.dll
[2003/01/07 17:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/05/25 10:59:28 | 00,000,530 | ---- | M] () -- C:\Users\Jessica\Documents\My Sharing Folders.lnk
[2009/05/25 10:42:39 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/05/25 10:42:39 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/05/25 10:42:39 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/05/25 10:40:29 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/05/25 10:38:08 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/05/25 10:38:08 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/05/25 10:38:08 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/25 10:38:00 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/25 10:37:58 | 21,198,56128 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/24 13:37:22 | 00,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{61DAC4E2-C802-4C4B-810A-D4A37892152D}.job
[2009/05/24 12:30:13 | 00,000,856 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/24 12:28:47 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jessica\Desktop\mbam-setup.exe
[2009/05/24 10:46:59 | 00,389,632 | ---- | M] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTMoveIt3.exe
[2009/05/23 17:25:44 | 00,139,776 | ---- | M] () -- C:\Windows\PEV.exe
[2009/05/23 12:26:10 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/05/23 12:25:47 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/05/23 11:55:57 | 02,979,472 | R--- | M] () -- C:\Users\Jessica\Desktop\ComboFix.exe
[2009/05/22 12:50:34 | 00,001,887 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/05/22 12:50:25 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/05/22 12:49:24 | 34,346,616 | ---- | M] () -- C:\Users\Jessica\Desktop\setupeng.exe
[2009/05/20 16:04:46 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Jessica\Desktop\erunt_setup.exe
[2009/05/20 16:04:16 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Users\Jessica\Desktop\SysRestorePoint.exe
[2009/05/20 15:55:50 | 00,001,912 | ---- | M] () -- C:\Users\Jessica\Desktop\HijackThis.lnk
[2009/05/20 15:55:16 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jessica\Desktop\HJTInstall.exe
[2009/05/20 15:40:40 | 00,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2009/05/16 00:25:53 | 00,126,768 | ---- | M] () -- C:\Users\Jessica\Desktop\mms.wav
[2009/05/15 11:22:56 | 00,001,957 | ---- | M] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon® 3.lnk
[2009/05/14 11:15:55 | 00,000,122 | ---- | M] () -- C:\Windows\WA.INI
[2009/05/14 11:04:20 | 01,594,558 | ---- | M] () -- C:\Windows\WANEUninstaller.exe
[2009/05/14 11:04:17 | 00,001,698 | ---- | M] () -- C:\Users\Jessica\Desktop\Worms Armageddon.lnk
[2009/05/12 23:09:02 | 15,669,6397 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/05/08 14:29:32 | 00,016,384 | ---- | M] () -- C:\Users\Jessica\Desktop\Jessica Resume through state agency.doc
[2009/04/26 15:39:52 | 63,049,904 | ---- | M] (AVG Technologies) -- C:\Users\Jessica\Desktop\avg_free_stf_en_85_285a1462.exe
[2009/04/26 15:19:52 | 16,438,680 | ---- | M] () -- C:\Users\Jessica\Desktop\jre-6u13-windows-i586-p-s.exe
< End of report >
  • 0

Advertisements

#17
Rorschach112
Posted 25 May 2009 - 11:00 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image



  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.



Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



Below I have included a number of recommendations for how to protect your computer against malware infections.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here


    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0

#18
ch0ices
Posted 25 May 2009 - 11:07 AM

ch0ices

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thank you much. One question though. The first thing you ask me to do - I'm running Vista, not XP, so I don't have a "run" - I do have my search box, but, it acts as though it wants to install it when I type in Combofix /u ?
Should I go ahead and do that?
Sorry for sounding like a moron, I'd just rather not do things incorrectly.
Thank you.

Jessica
  • 0

#19
Rorschach112
Posted 25 May 2009 - 11:09 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
leave that and just do this

Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

1. Create a new Restore Point
  • Click on the Start button to open your Start Menu.
  • Click on the Control Panel menu option.
  • Click on the System and Maintenance menu option.
  • Click on the System menu option.
  • Click on System Protection in the left-hand task list.
  • Create the manual restore point you should click on the Create button. When you press this button a prompt will appear asking you to provide a title for this manual restore point.
  • Type in a title for the manual restore point and press the Create button.
  • Close the System window after you have been advised that the procedure has been successfully completed.
.
2. Clear your existing system restore points except for the new clean restore point you just created:
  • Go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Next to System Restore click Clean up
  • This will remove all restore points except the new one you just created.

  • 0

#20
ch0ices
Posted 25 May 2009 - 11:25 AM

ch0ices

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
okae, I've set a restore point as well as deleted any others (I don't think I actually ever had one on here) Do you want me to NOT do any of the things in the post prior then ?
  • 0

#21
Rorschach112
Posted 25 May 2009 - 11:30 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
go and do the other steps in my previous post
  • 0

#22
Rorschach112
Posted 28 May 2009 - 08:12 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP