Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

google search redirect with IE and Firefox


  • Please log in to reply

#1
bobbydigital450

bobbydigital450

    New Member

  • Member
  • Pip
  • 8 posts
Hello,

I am having some issues with my searches being redirected with all search engines and all internet browsers. I'm even getting some pop up windows when navigating to new sites. I have followed all the steps from the Malware and Spyware cleaning guide with the exception of the GMER rootkit scanner. I took over 10 hrs and ending up freezing after it was done. Below are the logs for MBAM AND OTL. Thanks in advance for your help.
Rob

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4076

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/8/2010 2:58:06 AM
mbam-log-2010-05-08 (02-58-06).txt

Scan type: Quick scan
Objects scanned: 116046
Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32\(default) (Hijack.Tray) -> Bad: (C:\WINDOWS\TEMP\1143599352.dll) Good: (stobject.dll) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



OTL logfile created on: 5/9/2010 11:14:46 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\bobby 2 heads\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 57.26 Gb Free Space | 38.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOBBY
Current User Name: bobby 2 heads
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/09 23:13:36 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bobby 2 heads\Desktop\OTL.exe
PRC - [2008/12/18 16:56:02 | 000,188,712 | ---- | M] () -- C:\Program Files\MOTU\Audio\MFWAKeys.exe
PRC - [2008/04/17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/17 14:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/10/23 02:00:00 | 000,385,024 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
PRC - [2005/02/25 11:42:46 | 000,466,944 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\lxcccoms.exe
PRC - [2005/02/21 06:21:18 | 000,192,512 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 3300 Series\lxccmon.exe
PRC - [2004/03/12 14:22:16 | 000,061,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2004/01/12 14:29:28 | 000,102,400 | ---- | M] (Wild Tangent) -- C:\Program Files\AIM\AIMWDInstall.exe


========== Modules (SafeList) ==========

MOD - [2010/05/09 23:13:36 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bobby 2 heads\Desktop\OTL.exe
MOD - [2008/04/13 18:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [Disabled | Stopped] -- -- (MsMpSvc)
SRV - File not found [Disabled | Stopped] -- -- (aspnet_state)
SRV - [2008/04/17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/02/25 11:42:46 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Running] -- C:\WINDOWS\System32\lxcccoms.exe -- (lxcc_device)


========== Driver Services (SafeList) ==========

DRV - [2009/06/18 19:48:04 | 000,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2008/12/18 16:56:36 | 000,023,600 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\motubus.sys -- (motubus)
DRV - [2008/12/18 16:56:30 | 000,026,160 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfwamidi.sys -- (mfwamidi)
DRV - [2008/12/18 16:56:24 | 000,445,488 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motufwa.sys -- (MotuFWA)
DRV - [2008/12/18 16:56:22 | 000,069,680 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfwawave.sys -- (mfwawave)
DRV - [2007/12/20 21:53:20 | 002,843,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/09/05 17:31:30 | 004,611,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/07 21:40:38 | 000,098,944 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/06/21 05:30:00 | 000,547,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/04/16 23:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/24 14:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/07/01 22:43:02 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/05/09 22:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2001/08/17 13:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enum1394.sys -- (ENUM1394)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



O1 HOSTS File: ([2001/08/23 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AIMWDInstallFilename] C:\Program Files\AIM\AIMWDInstall.exe (Wild Tangent)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [LXCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.DLL ()
O4 - HKLM..\Run: [lxccmon.exe] C:\Program Files\Lexmark 3300 Series\lxccmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MOTU Pedal Handler.lnk = C:\Program Files\MOTU\Audio\MFWAKeys.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1201222168595 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\riptopasu.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/24 04:21:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{57d9ba9a-50d4-11de-a96a-001b9e7d805a}\Shell\AutoRun\command - "" = H:\MI.exe -- File not found
O33 - MountPoints2\{abb87975-0dbf-11df-a9f8-001b9e7d805a}\Shell - "" = AutoRun
O33 - MountPoints2\{abb87975-0dbf-11df-a9f8-001b9e7d805a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{abb87975-0dbf-11df-a9f8-001b9e7d805a}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/01/23 20:09:33 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (11272609819787264)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/09 23:13:16 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bobby 2 heads\Desktop\OTL.exe
[2010/05/09 23:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/09 23:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/08 03:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Desktop\gmer
[2010/05/08 02:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Application Data\Malwarebytes
[2010/05/08 02:50:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/08 02:50:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/08 02:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/08 02:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/08 02:50:01 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\bobby 2 heads\Desktop\mbam-setup.exe
[2010/05/08 02:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/08 02:47:29 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\bobby 2 heads\Desktop\erunt_setup.exe
[2010/05/08 02:41:50 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bobby 2 heads\Desktop\TFC.exe
[2010/05/08 01:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Disk Cleaner
[2010/05/08 01:17:57 | 002,008,864 | ---- | C] (wisecleaner.com ) -- C:\Documents and Settings\bobby 2 heads\Desktop\WDCFree.exe
[2010/05/08 00:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Local Settings\Application Data\Temp
[2010/05/08 00:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Local Settings\Application Data\Google
[2010/05/08 00:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/05/07 21:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/07 19:34:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/07 19:33:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/07 19:33:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/07 19:33:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/07 19:33:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/07 19:32:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/07 19:32:30 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/05/07 19:32:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/07 17:30:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/05/03 05:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/03 05:08:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/01 23:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Desktop\It Prevails - Capture & embrace
[2010/05/01 23:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Desktop\New Folder
[2010/04/24 01:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Desktop\Red Dawn Final
[2010/04/23 04:18:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Desktop\IP transposed tuning
[2010/04/17 03:36:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Desktop\craigslist
[2010/03/29 21:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Desktop\It Prevails Learning
[2010/03/06 06:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Desktop\it prevails - mend again
[2010/03/06 06:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Desktop\it prevails - something more
[2010/03/02 23:34:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Desktop\placed in my hands - vocs
[2010/03/02 06:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Peavey Electronics
[2010/03/02 05:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Desktop\messin around
[2010/03/02 05:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Local Settings\Application Data\MOTU
[2010/03/02 04:59:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\MOTU
[2010/03/02 04:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\MOTU
[2010/02/18 03:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/02/12 04:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/02/12 04:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/02/12 04:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2010/02/12 04:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Local Settings\Application Data\Citrix
[2010/02/11 23:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Local Settings\Application Data\PCHealth
[2010/02/11 04:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Application Data\McAfee
[2010/02/11 04:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/02/11 03:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/02/11 03:14:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Local Settings\Application Data\fvouhs
[2010/02/11 03:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Local Settings\Application Data\aaxltb

========== Files - Modified Within 90 Days ==========

[2010/05/09 23:13:36 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bobby 2 heads\Desktop\OTL.exe
[2010/05/09 22:57:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/09 22:56:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/09 22:56:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/08 03:19:55 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\bobby 2 heads\NTUSER.DAT
[2010/05/08 03:06:29 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Desktop\gmer.zip
[2010/05/08 03:00:09 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\bobby 2 heads\ntuser.ini
[2010/05/08 02:50:49 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/08 02:50:16 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\bobby 2 heads\Desktop\mbam-setup.exe
[2010/05/08 02:48:02 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Desktop\NTREGOPT.lnk
[2010/05/08 02:48:02 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Desktop\ERUNT.lnk
[2010/05/08 02:47:37 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\bobby 2 heads\Desktop\erunt_setup.exe
[2010/05/08 02:41:51 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bobby 2 heads\Desktop\TFC.exe
[2010/05/08 01:18:07 | 002,008,864 | ---- | M] (wisecleaner.com ) -- C:\Documents and Settings\bobby 2 heads\Desktop\WDCFree.exe
[2010/05/08 01:04:36 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1284227242-839522115-1003Core.job
[2010/05/08 00:58:02 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Desktop\Google Chrome.lnk
[2010/05/08 00:14:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/08 00:14:31 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/07 19:46:49 | 000,000,501 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/07 19:46:49 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/07 19:46:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/03 18:42:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/03 17:47:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/05/02 02:22:14 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/01 00:14:21 | 000,104,436 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Desktop\vacay.jpg
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/21 14:08:04 | 000,098,304 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/18 01:41:20 | 201,642,934 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Desktop\ip final mix.zip
[2010/04/18 01:36:11 | 038,468,336 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Desktop\something more cd.wav
[2010/04/18 00:41:53 | 006,108,492 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Desktop\mend again myspace.mp3
[2010/04/18 00:18:23 | 008,713,224 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Desktop\something more myspace.mp3
[2010/04/17 23:34:31 | 008,814,492 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Desktop\placed in my hands myspace.mp3
[2010/04/14 03:03:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/27 00:04:47 | 000,404,582 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/27 00:04:47 | 000,345,322 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/27 00:04:47 | 000,053,486 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/02 04:59:25 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MOTU Pedal Handler.lnk
[2010/02/25 00:24:38 | 003,971,569 | ---- | M] () -- C:\WINDOWS\System32\riptopasu.dll
[2010/02/25 00:24:38 | 003,447,779 | ---- | M] () -- C:\WINDOWS\System32\hwinshecra.dll
[2010/02/25 00:24:38 | 001,776,449 | ---- | M] () -- C:\WINDOWS\System32\ggiorlin.dll
[2010/02/12 04:00:18 | 000,061,224 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\GoToAssistDownloadHelper.exe
[2010/02/12 02:35:52 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/02/12 02:35:52 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/02/12 02:35:52 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/02/12 02:35:52 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/02/12 02:35:52 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/02/12 02:35:52 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/02/12 01:58:43 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Local Settings\Application Data\housecall.guid.cache

========== Files Created - No Company Name ==========

[2010/05/08 03:06:15 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Desktop\gmer.zip
[2010/05/08 02:50:49 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/08 02:48:02 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Desktop\NTREGOPT.lnk
[2010/05/08 02:48:02 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Desktop\ERUNT.lnk
[2010/05/08 00:58:02 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Desktop\Google Chrome.lnk
[2010/05/08 00:55:54 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1284227242-839522115-1003Core.job
[2010/05/08 00:14:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/08 00:14:31 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/07 19:35:04 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/07 19:34:58 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/07 19:33:04 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/07 19:33:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/07 19:33:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/07 19:33:04 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/07 19:33:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/01 00:14:20 | 000,104,436 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Desktop\vacay.jpg
[2010/04/18 19:51:52 | 038,468,336 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Desktop\something more cd.wav
[2010/04/18 01:53:20 | 201,642,934 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Desktop\ip final mix.zip
[2010/04/18 00:31:38 | 008,713,224 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Desktop\something more myspace.mp3
[2010/04/18 00:31:36 | 008,814,492 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Desktop\placed in my hands myspace.mp3
[2010/04/18 00:31:19 | 006,108,492 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Desktop\mend again myspace.mp3
[2010/03/03 03:18:43 | 004,979,989 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Desktop\Highfive- The sweaty giant album sample mix2.mp3
[2010/03/03 03:03:31 | 006,498,483 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Desktop\It Prevails - capture & embrace - defenses down.mp3
[2010/03/02 04:59:25 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MOTU Pedal Handler.lnk
[2010/02/25 00:24:38 | 003,971,569 | ---- | C] () -- C:\WINDOWS\System32\riptopasu.dll
[2010/02/25 00:24:38 | 003,447,779 | ---- | C] () -- C:\WINDOWS\System32\hwinshecra.dll
[2010/02/25 00:24:38 | 001,776,449 | ---- | C] () -- C:\WINDOWS\System32\ggiorlin.dll
[2010/02/12 04:00:17 | 000,061,224 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\GoToAssistDownloadHelper.exe
[2010/02/12 01:58:43 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Local Settings\Application Data\housecall.guid.cache
[2010/02/11 04:46:39 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/09/04 12:34:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/28 03:14:04 | 000,000,196 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/01/28 03:13:51 | 000,000,866 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2009/01/28 03:05:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2008/02/28 06:40:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2008/01/24 20:13:45 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2008/01/24 19:40:55 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/01/24 19:40:55 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/01/24 19:40:55 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/01/24 19:40:55 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/01/24 19:40:55 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2006/07/13 08:36:36 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2004/03/03 06:06:00 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dll
[2002/05/03 16:40:32 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== LOP Check ==========

[2010/02/12 04:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/11/04 03:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2008/01/24 19:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/02 02:40:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{902029B2-957E-4066-85FA-30DA31731718}
[2009/07/02 02:40:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}
[2008/01/24 19:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobby 2 heads\Application Data\Aim
[2010/01/29 02:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobby 2 heads\Application Data\Amazon
[2010/01/22 06:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobby 2 heads\Application Data\GetRightToGo
[2009/10/20 03:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobby 2 heads\Application Data\OpenOffice.org
[2008/01/25 05:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobby 2 heads\Application Data\Steinberg
[2008/01/24 05:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobby 2 heads\Application Data\WinBatch
[2010/05/02 02:22:14 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/08/11 06:18:55 | 000,000,216 | ---- | M] () -- C:\ASLog.txt
[2008/01/24 04:21:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/03 17:47:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/05/07 19:46:49 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2008/01/24 04:21:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/08 03:08:18 | 000,013,354 | ---- | M] () -- C:\drwtsn32.log
[2008/02/29 04:35:15 | 000,000,076 | ---- | M] () -- C:\DVDPATH.TXT
[2008/01/24 04:21:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/30 23:21:25 | 000,002,112 | ---- | M] () -- C:\lxcc.log
[2009/09/04 12:34:10 | 000,000,000 | ---- | M] () -- C:\lxccfire.csv
[2009/09/04 12:34:42 | 000,000,291 | ---- | M] () -- C:\LXCCINST.csv
[2010/05/07 06:01:35 | 000,066,501 | ---- | M] () -- C:\lxccscan.log
[2008/01/24 04:21:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/01/24 19:38:58 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/21 00:36:29 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/09 22:56:37 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008/01/24 19:33:30 | 000,000,567 | ---- | M] () -- C:\RHDSetup.log
[2008/01/26 00:35:55 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/02/25 00:24:35 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/23 20:12:37 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/01/23 20:12:37 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/01/23 20:12:37 | 000,438,272 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 07:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/11 06:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >


OTL Extras logfile created on: 5/9/2010 11:14:46 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\bobby 2 heads\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 57.26 Gb Free Space | 38.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOBBY
Current User Name: bobby 2 heads
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B68672F-C64F-4D29-9EDC-ECDCBE3C5F19}" = ArcSoft TotalMedia Extreme
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0F8F3415-CB0A-49A6-A23A-D8390444B127}" = DeadAIM
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{33691AFF-9ABF-4278-BDB6-902EE07D9237}" = Native Instruments Guitar Rig 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician
"{8094F7AE-CA21-4AF2-A256-BC918CE0E796}" = EZXClaustrophobic
"{82DF9225-13EC-41BD-BE31-AAB121B38166}" = EZXNashville
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{973749BA-E139-4179-93D8-B1E7B483169B}" = DeadAIM
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{D1EBF11E-8CE3-4EF5-8E2D-FD5B8D6BD294}" = EZXTwisted
"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
"{DD23CAA4-8872-4B95-B263-EA46FD82CF19}" = LaserAIO
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAAF4F08-107F-42B4-B01C-B5BACB65E7D3}" = MOTU FireWire/USB2 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Advanced DVD Player_is1" = Advanced DVD Player
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"AOL Instant Messenger" = AOL Instant Messenger
"AP Tuner 3.08" = AP Tuner 3.08
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"ERUNT_is1" = ERUNT 1.1j
"FastStone Photo Resizer" = FastStone Photo Resizer 2.8
"hp LaserJet-all-in-one" = hp LaserJet-all-in-one
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InterActual Player" = InterActual Player
"Lexmark 3300 Series" = Lexmark 3300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MultiRes (remove only)" = MultiRes (remove only)
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Native Instruments Service Center" = Native Instruments Service Center
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PE Builder_is1" = PE Builder 3.1.10a
"QuicktimeAlt_is1" = QuickTime Alternative 1.66
"Radeon Omega Drivers for Windows XP/2kv4.8.442" = Radeon Omega Drivers v4.8.442 Setup Files and Tools
"ReValver Mk III_is1" = ReValver Mk III
"Soulseek2" = SoulSeek 157 NS 13c
"Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/8/2010 5:03:49 AM | Computer Name = BOBBY | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 5/8/2010 5:08:09 AM | Computer Name = BOBBY | Source = Application Error | ID = 1000
Description = Faulting application ctfmon.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x04af0eb4.

Error - 5/8/2010 5:08:15 AM | Computer Name = BOBBY | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x04af10dc.

Error - 5/8/2010 5:09:45 AM | Computer Name = BOBBY | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, faulting module
gmer.exe, version 1.0.15.15281, fault address 0x0005c887.

Error - 5/8/2010 5:09:54 AM | Computer Name = BOBBY | Source = Application Error | ID = 1001
Description = Fault bucket 1608445813.

Error - 5/8/2010 5:19:05 AM | Computer Name = BOBBY | Source = Application Error | ID = 1000
Description = Faulting application ctfmon.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x00f60eb4.

Error - 5/8/2010 5:19:14 AM | Computer Name = BOBBY | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00f60eb4.

Error - 5/8/2010 5:19:22 AM | Computer Name = BOBBY | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 5/8/2010 5:19:26 AM | Computer Name = BOBBY | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00f610dc.

Error - 5/10/2010 12:58:53 AM | Computer Name = BOBBY | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 5/8/2010 4:46:21 AM | Computer Name = BOBBY | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/8/2010 5:01:35 AM | Computer Name = BOBBY | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 5/8/2010 5:01:35 AM | Computer Name = BOBBY | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/8/2010 5:09:38 AM | Computer Name = BOBBY | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 5/8/2010 5:09:38 AM | Computer Name = BOBBY | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/8/2010 5:21:17 AM | Computer Name = BOBBY | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 5/8/2010 5:21:17 AM | Computer Name = BOBBY | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/10/2010 12:57:06 AM | Computer Name = BOBBY | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 5/10/2010 12:57:06 AM | Computer Name = BOBBY | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/10/2010 1:01:28 AM | Computer Name = BOBBY | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,047 posts
Hello bobbydigital450,

Firstly, please go to Start > Control Panel >Add or Remove Programs (Programs and Features if you are a Vista user) and uninstall the following if they exist:

Viewpoint, Viewpoint Manager, Viewpoint Media Player.:

Viewpoint Manager is considered to be foistware. You can go to the link below to read about it.

http://www.clickz.com/news/article.php/3561546

Now

You have used ComboFix.

Please go to :\Qoobox folder (most likely C:\Qoobox\ComboFix.txt) and copy & past the contents of the text file back here. Note: ComboFix.txt are numbered so if there was more than one run for instance you might find C:\Qoobox\ComboFix2.txt. etc.
  • 0

#3
bobbydigital450

bobbydigital450

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok,

I uninstalled viewpoint media player. Here is the log from combofix:

ComboFix 10-05-09.04 - bobby 2 heads 05/10/2010 1:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1574 [GMT -6:00]
Running from: c:\documents and settings\bobby 2 heads\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\bobby 2 heads\GoToAssistDownloadHelper.exe
c:\windows\vckbsp.dll

Infected copy of c:\windows\system32\drivers\kbdclass.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 )))))))))))))))))))))))))))))))
.

2010-05-10 05:42 . 2010-05-10 05:42 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-08 08:50 . 2010-05-08 08:50 -------- d-----w- c:\documents and settings\bobby 2 heads\Application Data\Malwarebytes
2010-05-08 08:50 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-08 08:50 . 2010-05-08 08:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-08 08:50 . 2010-05-08 08:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-08 08:50 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-08 08:48 . 2010-05-08 08:48 -------- d-----w- c:\program files\ERUNT
2010-05-08 07:18 . 2010-05-08 07:38 -------- d-----w- c:\program files\Wise Disk Cleaner
2010-05-08 06:55 . 2010-05-08 06:57 -------- d-----w- c:\documents and settings\bobby 2 heads\Local Settings\Application Data\Temp
2010-05-08 06:55 . 2010-05-08 06:57 -------- d-----w- c:\documents and settings\bobby 2 heads\Local Settings\Application Data\Google
2010-05-08 06:14 . 2010-05-08 06:14 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-08 06:14 . 2010-05-08 06:14 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-08 03:19 . 2010-05-08 03:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-07 23:30 . 2010-05-07 23:41 -------- d-----w- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 07:55 . 2008-06-04 05:46 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-05-08 07:54 . 2010-02-11 09:57 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-08 07:54 . 2010-02-11 10:31 -------- d-----w- c:\program files\McAfee
2010-05-08 07:54 . 2010-02-12 10:22 -------- d-----w- c:\program files\Common Files\McAfee
2010-05-08 07:35 . 2008-01-26 08:34 -------- d-----w- c:\program files\AdvancedDVDPlayer
2010-05-08 02:02 . 2009-09-04 18:35 -------- d-----w- c:\program files\Lx_cats
2010-05-01 11:35 . 2008-01-27 09:58 -------- d-----w- c:\documents and settings\bobby 2 heads\Application Data\dvdcss
2010-04-09 11:34 . 2009-10-20 09:33 1 ----a-w- c:\documents and settings\bobby 2 heads\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-12 06:36 . 2008-01-26 06:34 -------- d-----w- c:\program files\Yahoo!
2010-03-10 06:15 . 2002-08-29 09:41 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2010-02-25 06:24 3971569 ----a-w- c:\windows\system32\riptopasu.dll
2010-02-25 06:24 . 2010-02-25 06:24 3447779 ----a-w- c:\windows\system32\hwinshecra.dll
2010-02-25 06:24 . 2010-02-25 06:24 1776449 ----a-w- c:\windows\system32\ggiorlin.dll
2010-02-25 06:24 . 2002-08-29 09:41 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2002-08-29 07:59 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2002-08-29 07:04 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2002-08-29 01:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2002-08-29 09:40 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2002-08-29 07:37 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2004-03-12 61440]
"Google Update"="c:\documents and settings\bobby 2 heads\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-08 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 385024]
"DeadAIM"="c:\progra~1\AIM\\DeadAIM.ocm" [2004-02-23 144896]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-02-21 192512]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-1 113664]
MOTU Pedal Handler.lnk - c:\program files\MOTU\Audio\MFWAKeys.exe [2008-12-18 188712]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^bobby 2 heads^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\bobby 2 heads\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^bobby 2 heads^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\bobby 2 heads\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
2004-03-12 20:22 61440 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
2006-02-22 01:05 344064 ----a-w- c:\windows\system32\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-02-26 08:01 437160 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-02-01 05:13 385024 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MsMpSvc"=2 (0x2)
"ClipSrv"=3 (0x3)
"aspnet_state"=3 (0x3)
"AgereModemAudio"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=

R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [1/25/2008 5:40 AM 33792]
R3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\motubus.sys [12/18/2008 4:56 PM 23600]
S3 mfwamidi;MOTU Audio MIDI;c:\windows\system32\drivers\mfwamidi.sys [12/18/2008 4:56 PM 26160]
S3 mfwawave;MOTU Audio Wave;c:\windows\system32\drivers\mfwawave.sys [12/18/2008 4:56 PM 69680]
S3 MotuFWA;MotuFWA;c:\windows\system32\drivers\motufwa.sys [12/18/2008 4:56 PM 445488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:57]

2010-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1284227242-839522115-1003Core.job
- c:\documents and settings\bobby 2 heads\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-08 06:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\bobby 2 heads\Application Data\Mozilla\Firefox\Profiles\41ur5ado.default\
FF - plugin: c:\documents and settings\bobby 2 heads\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\bobby 2 heads\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Jjajovotu - c:\windows\vckbsp.dll
MSConfigStartUp-PC Connection Agent - c:\program files\Microsoft ActiveSync\wcescomm.exe
MSConfigStartUp-Microsoft Location Finder - c:\program files\Microsoft Location Finder\LocationFinder.exe
MSConfigStartUp-ukgbylyw - c:\documents and settings\bobby 2 heads\Local Settings\Application Data\fvouhs\mdbvsftav.exe
MSConfigStartUp-vknmgsfx - c:\documents and settings\bobby 2 heads\Local Settings\Application Data\aaxltb\mufrsftav.exe
AddRemove-2kv4.8.442 - c:\windows\Radeon Omega Drivers v4.8.442



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-10 01:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32

c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,[email protected]??????????????????????????????????????????????????????????????????????????????????????????????????????????

?????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\docume~1\BOBBY2~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-05-10 01:55:09
ComboFix-quarantined-files.txt 2010-05-10 07:55

Pre-Run: 61,371,383,808 bytes free
Post-Run: 61,408,825,344 bytes free

- - End Of File - - 8CDC65134B91075B4AE89B378B134991
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,047 posts
Hello again bobbydigital450,

Your Java is out to date. Older versions are vunerable to attack.

Please follow these steps:

  • Download from here Java Runtime Environment (JDK) Update
  • Scroll to where it says "Windows 7/Vista/2000/2003/2008 online" and download and follow the instructions.

    Reboot your computer.
    You also need to uininstall older versions of Java.

  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
Now

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{57d9ba9a-50d4-11de-a96a-001b9e7d805a}\Shell\AutoRun\command - "" = H:\MI.exe -- File not found
    O33 - MountPoints2\{abb87975-0dbf-11df-a9f8-001b9e7d805a}\Shell - "" = AutoRun
    O33 - MountPoints2\{abb87975-0dbf-11df-a9f8-001b9e7d805a}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{abb87975-0dbf-11df-a9f8-001b9e7d805a}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    
    :Commands
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
Next

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.
So when you return please post
  • OTL fix log
  • OTL scan log - OTL.txt

  • 0

#5
bobbydigital450

bobbydigital450

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Updated Java
Uninstalled older versions
ran custom fix

Fix Log:

========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57d9ba9a-50d4-11de-a96a-001b9e7d805a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57d9ba9a-50d4-11de-a96a-001b9e7d805a}\ not found.
File H:\MI.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abb87975-0dbf-11df-a9f8-001b9e7d805a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{abb87975-0dbf-11df-a9f8-001b9e7d805a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abb87975-0dbf-11df-a9f8-001b9e7d805a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{abb87975-0dbf-11df-a9f8-001b9e7d805a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abb87975-0dbf-11df-a9f8-001b9e7d805a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{abb87975-0dbf-11df-a9f8-001b9e7d805a}\ not found.
File E:\setup.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.

OTL by OldTimer - Version 3.2.4.1 log created on 05102010_025403



Scan Log:

OTL logfile created on: 5/10/2010 2:55:56 AM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\bobby 2 heads\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 57.21 Gb Free Space | 38.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOBBY
Current User Name: bobby 2 heads
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/09 23:13:36 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bobby 2 heads\Desktop\OTL.exe
PRC - [2010/04/01 11:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/12/18 16:56:02 | 000,188,712 | ---- | M] () -- C:\Program Files\MOTU\Audio\MFWAKeys.exe
PRC - [2008/04/17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/17 14:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/10/23 02:00:00 | 000,385,024 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
PRC - [2005/02/25 11:42:46 | 000,466,944 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\lxcccoms.exe
PRC - [2005/02/21 06:21:18 | 000,192,512 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 3300 Series\lxccmon.exe
PRC - [2004/03/12 14:22:16 | 000,061,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2004/01/12 14:29:28 | 000,102,400 | ---- | M] (Wild Tangent) -- C:\Program Files\AIM\AIMWDInstall.exe


========== Modules (SafeList) ==========

MOD - [2010/05/09 23:13:36 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bobby 2 heads\Desktop\OTL.exe
MOD - [2008/04/13 18:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (MsMpSvc)
SRV - File not found [Disabled | Stopped] -- -- (aspnet_state)
SRV - [2008/04/17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/02/25 11:42:46 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Running] -- C:\WINDOWS\System32\lxcccoms.exe -- (lxcc_device)


========== Driver Services (SafeList) ==========

DRV - [2009/06/18 19:48:04 | 000,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2008/12/18 16:56:36 | 000,023,600 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\motubus.sys -- (motubus)
DRV - [2008/12/18 16:56:30 | 000,026,160 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfwamidi.sys -- (mfwamidi)
DRV - [2008/12/18 16:56:24 | 000,445,488 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motufwa.sys -- (MotuFWA)
DRV - [2008/12/18 16:56:22 | 000,069,680 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfwawave.sys -- (mfwawave)
DRV - [2007/12/20 21:53:20 | 002,843,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/09/05 17:31:30 | 004,611,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/07 21:40:38 | 000,098,944 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/06/21 05:30:00 | 000,547,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/04/16 23:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/24 14:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/07/01 22:43:02 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/05/09 22:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2001/08/17 13:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enum1394.sys -- (ENUM1394)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/10 01:03:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/10 02:42:36 | 000,000,000 | ---D | M]

[2010/05/10 01:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobby 2 heads\Application Data\Mozilla\Extensions
[2010/05/10 01:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bobby 2 heads\Application Data\Mozilla\Firefox\Profiles\41ur5ado.default\extensions
[2010/05/10 02:42:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/10 01:02:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/10 02:42:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2001/08/23 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AIMWDInstallFilename] C:\Program Files\AIM\AIMWDInstall.exe (Wild Tangent)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [LXCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.DLL ()
O4 - HKLM..\Run: [lxccmon.exe] C:\Program Files\Lexmark 3300 Series\lxccmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MOTU Pedal Handler.lnk = C:\Program Files\MOTU\Audio\MFWAKeys.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1201222168595 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/24 04:21:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/10 02:49:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/10 02:42:36 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/10 02:42:36 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/10 02:42:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/10 02:42:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/10 02:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/10 01:03:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Application Data\Mozilla
[2010/05/10 01:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/10 01:02:36 | 008,608,600 | ---- | C] (Mozilla) -- C:\Documents and Settings\bobby 2 heads\Desktop\yahoo_firefox_3.6.3_setup_usk.exe
[2010/05/09 23:13:16 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bobby 2 heads\Desktop\OTL.exe
[2010/05/09 23:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/09 23:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/08 03:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Desktop\gmer
[2010/05/08 02:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Application Data\Malwarebytes
[2010/05/08 02:50:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/08 02:50:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/08 02:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/08 02:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/08 02:50:01 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\bobby 2 heads\Desktop\mbam-setup.exe
[2010/05/08 02:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/08 02:47:29 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\bobby 2 heads\Desktop\erunt_setup.exe
[2010/05/08 02:41:50 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bobby 2 heads\Desktop\TFC.exe
[2010/05/08 01:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Disk Cleaner
[2010/05/08 01:17:57 | 002,008,864 | ---- | C] (wisecleaner.com ) -- C:\Documents and Settings\bobby 2 heads\Desktop\WDCFree.exe
[2010/05/08 00:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Local Settings\Application Data\Temp
[2010/05/08 00:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Local Settings\Application Data\Google
[2010/05/08 00:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/05/07 21:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/07 19:34:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/07 19:33:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/07 19:33:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/07 19:33:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/07 19:33:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/07 19:32:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/07 19:32:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/07 17:30:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/05/03 05:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/03 05:08:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/01 23:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Desktop\It Prevails - Capture & embrace
[2010/05/01 23:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Desktop\New Folder
[2010/04/24 01:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Desktop\Red Dawn Final
[2010/04/23 04:18:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Desktop\IP transposed tuning
[2010/04/17 03:36:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobby 2 heads\Desktop\craigslist

========== Files - Modified Within 30 Days ==========

[2010/05/10 02:51:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/10 02:50:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/10 02:50:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/10 02:49:47 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\bobby 2 heads\NTUSER.DAT
[2010/05/10 02:49:47 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\bobby 2 heads\ntuser.ini
[2010/05/10 01:53:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/10 01:03:03 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/10 01:02:40 | 008,608,600 | ---- | M] (Mozilla) -- C:\Documents and Settings\bobby 2 heads\Desktop\yahoo_firefox_3.6.3_setup_usk.exe
[2010/05/10 01:00:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1284227242-839522115-1003Core.job
[2010/05/09 23:13:36 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bobby 2 heads\Desktop\OTL.exe
[2010/05/08 03:06:29 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Desktop\gmer.zip
[2010/05/08 02:50:49 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/08 02:50:16 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\bobby 2 heads\Desktop\mbam-setup.exe
[2010/05/08 02:48:02 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Desktop\NTREGOPT.lnk
[2010/05/08 02:48:02 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Desktop\ERUNT.lnk
[2010/05/08 02:47:37 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\bobby 2 heads\Desktop\erunt_setup.exe
[2010/05/08 02:41:51 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bobby 2 heads\Desktop\TFC.exe
[2010/05/08 01:18:07 | 002,008,864 | ---- | M] (wisecleaner.com ) -- C:\Documents and Settings\bobby 2 heads\Desktop\WDCFree.exe
[2010/05/08 00:58:02 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Desktop\Google Chrome.lnk
[2010/05/08 00:14:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/08 00:14:31 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/07 19:46:49 | 000,000,501 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/07 19:46:49 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/03 18:42:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/03 17:47:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/05/01 00:14:21 | 000,104,436 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Desktop\vacay.jpg
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/21 14:08:04 | 000,098,304 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/18 01:41:20 | 201,642,934 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Desktop\ip final mix.zip
[2010/04/18 01:36:11 | 038,468,336 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Desktop\something more cd.wav
[2010/04/18 00:41:53 | 006,108,492 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Desktop\mend again myspace.mp3
[2010/04/18 00:18:23 | 008,713,224 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Desktop\something more myspace.mp3
[2010/04/17 23:34:31 | 008,814,492 | ---- | M] () -- C:\Documents and Settings\bobby 2 heads\Desktop\placed in my hands myspace.mp3
[2010/04/14 03:03:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/12 15:19:02 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

========== Files Created - No Company Name ==========

[2010/05/10 01:03:03 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/08 03:06:15 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Desktop\gmer.zip
[2010/05/08 02:50:49 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/08 02:48:02 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Desktop\NTREGOPT.lnk
[2010/05/08 02:48:02 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Desktop\ERUNT.lnk
[2010/05/08 00:58:02 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Desktop\Google Chrome.lnk
[2010/05/08 00:55:54 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1284227242-839522115-1003Core.job
[2010/05/08 00:14:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/08 00:14:31 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/07 19:35:04 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/07 19:34:58 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/07 19:33:04 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/07 19:33:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/07 19:33:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/07 19:33:04 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/07 19:33:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/01 00:14:20 | 000,104,436 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Desktop\vacay.jpg
[2010/04/18 19:51:52 | 038,468,336 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Desktop\something more cd.wav
[2010/04/18 01:53:20 | 201,642,934 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Desktop\ip final mix.zip
[2010/04/18 00:31:38 | 008,713,224 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Desktop\something more myspace.mp3
[2010/04/18 00:31:36 | 008,814,492 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Desktop\placed in my hands myspace.mp3
[2010/04/18 00:31:19 | 006,108,492 | ---- | C] () -- C:\Documents and Settings\bobby 2 heads\Desktop\mend again myspace.mp3
[2010/02/25 00:24:38 | 003,971,569 | ---- | C] () -- C:\WINDOWS\System32\riptopasu.dll
[2010/02/25 00:24:38 | 003,447,779 | ---- | C] () -- C:\WINDOWS\System32\hwinshecra.dll
[2010/02/25 00:24:38 | 001,776,449 | ---- | C] () -- C:\WINDOWS\System32\ggiorlin.dll
[2009/09/04 12:34:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/28 03:14:04 | 000,000,196 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/01/28 03:13:51 | 000,000,866 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2009/01/28 03:05:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2008/02/28 06:40:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2008/01/24 20:13:45 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2006/07/13 08:36:36 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2004/03/03 06:06:00 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dll
[2002/05/03 16:40:32 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
< End of report >
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,047 posts
Hello bobbydigital450,

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3.

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste that information in your next post.

So when you return please post
  • MBAM log
  • Kaspersky scan results
  • and tell me how your computer is performing now

  • 0

#7
bobbydigital450

bobbydigital450

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
MBAM LOG:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4085

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/10/2010 3:36:48 AM
mbam-log-2010-05-10 (03-36-48).txt

Scan type: Quick scan
Objects scanned: 116014
Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Kaspersky scan results:



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, May 10, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, May 10, 2010 07:41:48
Records in database: 4089988
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 254560
Threats found: 3
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 02:57:38


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\kbdclass.sys.vir Infected: Rootkit.Win32.TDSS.ap 1
C:\Qoobox\Quarantine\C\WINDOWS\vckbsp.dll.vir Infected: Trojan-Downloader.Win32.Mufanom.sdf 1
C:\WINDOWS\system32\ggiorlin.dll Infected: Trojan.Win32.Scar.cdnp 1
C:\WINDOWS\system32\hwinshecra.dll Infected: Trojan.Win32.Scar.cdnp 1
C:\WINDOWS\system32\riptopasu.dll Infected: Trojan.Win32.Scar.cdnp 1

Selected area has been scanned.


Despite the threats found above Thus far, the redirect problem seems to be taken care of.
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,047 posts
Hello bobbydigital450,

Despite the threats found above Thus far, the redirect problem seems to be taken care of.


Yes, looks like we are making progress. We will just get rid of those ones Kaspersky found.

Now

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\WINDOWS\system32\ggiorlin.dll
C:\WINDOWS\system32\hwinshecra.dll
C:\WINDOWS\system32\riptopasu.dll

Reboot::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.
  • 0

#9
bobbydigital450

bobbydigital450

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
combofix:

ComboFix 10-05-10.02 - bobby 2 heads 05/10/2010 16:01:36.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1354 [GMT -6:00]
Running from: c:\documents and settings\bobby 2 heads\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\bobby 2 heads\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\ggiorlin.dll"
"c:\windows\system32\hwinshecra.dll"
"c:\windows\system32\riptopasu.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ggiorlin.dll
c:\windows\system32\hwinshecra.dll
c:\windows\system32\riptopasu.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 )))))))))))))))))))))))))))))))
.

2010-05-10 08:49 . 2010-05-10 08:49 -------- d-----w- C:\_OTL
2010-05-10 08:42 . 2010-04-12 23:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-10 05:42 . 2010-05-10 05:42 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-08 08:50 . 2010-05-08 08:50 -------- d-----w- c:\documents and settings\bobby 2 heads\Application Data\Malwarebytes
2010-05-08 08:50 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-08 08:50 . 2010-05-08 08:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-08 08:50 . 2010-05-08 08:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-08 08:50 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-08 08:48 . 2010-05-08 08:48 -------- d-----w- c:\program files\ERUNT
2010-05-08 07:18 . 2010-05-08 07:38 -------- d-----w- c:\program files\Wise Disk Cleaner
2010-05-08 06:55 . 2010-05-08 06:57 -------- d-----w- c:\documents and settings\bobby 2 heads\Local Settings\Application Data\Temp
2010-05-08 06:55 . 2010-05-08 06:57 -------- d-----w- c:\documents and settings\bobby 2 heads\Local Settings\Application Data\Google
2010-05-08 06:14 . 2010-05-08 06:14 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-08 06:14 . 2010-05-08 06:14 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-08 03:19 . 2010-05-08 03:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-07 23:30 . 2010-05-07 23:41 -------- d-----w- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 08:48 . 2008-02-21 08:24 -------- d-----w- c:\program files\Common Files\Java
2010-05-10 08:47 . 2008-02-21 08:24 -------- d-----w- c:\program files\Java
2010-05-10 08:42 . 2010-05-10 08:42 503808 ----a-w- c:\documents and settings\bobby 2 heads\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-33b1c582-n\msvcp71.dll
2010-05-10 08:42 . 2010-05-10 08:42 499712 ----a-w- c:\documents and settings\bobby 2 heads\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-33b1c582-n\jmc.dll
2010-05-10 08:42 . 2010-05-10 08:42 348160 ----a-w- c:\documents and settings\bobby 2 heads\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-33b1c582-n\msvcr71.dll
2010-05-10 08:42 . 2010-05-10 08:42 61440 ----a-w- c:\documents and settings\bobby 2 heads\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2d047ed6-n\decora-sse.dll
2010-05-10 08:42 . 2010-05-10 08:42 12800 ----a-w- c:\documents and settings\bobby 2 heads\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2d047ed6-n\decora-d3d.dll
2010-05-10 08:38 . 2010-05-10 08:39 921376 ----a-w- c:\documents and settings\bobby 2 heads\Application Data\Sun\Java\JRERunOnce.exe
2010-05-08 07:55 . 2008-06-04 05:46 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-05-08 07:54 . 2010-02-11 09:57 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-08 07:54 . 2010-02-11 10:31 -------- d-----w- c:\program files\McAfee
2010-05-08 07:54 . 2010-02-12 10:22 -------- d-----w- c:\program files\Common Files\McAfee
2010-05-08 07:35 . 2008-01-26 08:34 -------- d-----w- c:\program files\AdvancedDVDPlayer
2010-05-08 02:02 . 2009-09-04 18:35 -------- d-----w- c:\program files\Lx_cats
2010-05-01 11:35 . 2008-01-27 09:58 -------- d-----w- c:\documents and settings\bobby 2 heads\Application Data\dvdcss
2010-04-09 11:34 . 2009-10-20 09:33 1 ----a-w- c:\documents and settings\bobby 2 heads\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-12 06:36 . 2008-01-26 06:34 -------- d-----w- c:\program files\Yahoo!
2010-03-10 06:15 . 2002-08-29 09:41 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2002-08-29 09:41 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2002-08-29 07:59 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2002-08-29 07:04 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2002-08-29 01:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2002-08-29 09:40 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2002-08-29 07:37 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((( [email protected]_07.53.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-10 22:06 . 2010-05-10 22:06 16384 c:\windows\temp\Perflib_Perfdata_6b4.dat
+ 2010-05-10 08:42 . 2010-04-12 23:29 153376 c:\windows\system32\javaws.exe
+ 2010-05-10 08:42 . 2010-04-12 23:29 145184 c:\windows\system32\javaw.exe
- 2008-03-15 06:53 . 2009-10-20 09:23 145184 c:\windows\system32\javaw.exe
+ 2010-05-10 08:42 . 2010-04-12 23:29 145184 c:\windows\system32\java.exe
- 2008-03-15 06:53 . 2009-10-20 09:23 145184 c:\windows\system32\java.exe
+ 2010-05-10 08:39 . 2010-05-10 08:39 180224 c:\windows\Installer\327724.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2004-03-12 61440]
"Google Update"="c:\documents and settings\bobby 2 heads\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-08 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 385024]
"DeadAIM"="c:\progra~1\AIM\\DeadAIM.ocm" [2004-02-23 144896]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-02-21 192512]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-1 113664]
MOTU Pedal Handler.lnk - c:\program files\MOTU\Audio\MFWAKeys.exe [2008-12-18 188712]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^bobby 2 heads^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\bobby 2 heads\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^bobby 2 heads^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\bobby 2 heads\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
2004-03-12 20:22 61440 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
2006-02-22 01:05 344064 ----a-w- c:\windows\system32\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-02-26 08:01 437160 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-02-01 05:13 385024 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MsMpSvc"=2 (0x2)
"ClipSrv"=3 (0x3)
"aspnet_state"=3 (0x3)
"AgereModemAudio"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=

R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [1/25/2008 5:40 AM 33792]
R3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\motubus.sys [12/18/2008 4:56 PM 23600]
S3 mfwamidi;MOTU Audio MIDI;c:\windows\system32\drivers\mfwamidi.sys [12/18/2008 4:56 PM 26160]
S3 mfwawave;MOTU Audio Wave;c:\windows\system32\drivers\mfwawave.sys [12/18/2008 4:56 PM 69680]
S3 MotuFWA;MotuFWA;c:\windows\system32\drivers\motufwa.sys [12/18/2008 4:56 PM 445488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:57]

2010-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1284227242-839522115-1003Core.job
- c:\documents and settings\bobby 2 heads\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-08 06:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\bobby 2 heads\Application Data\Mozilla\Firefox\Profiles\41ur5ado.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\bobby 2 heads\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\bobby 2 heads\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-10 16:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(568)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3088)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\AIM\AIMWDI~1.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxcccoms.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-10 16:12:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-10 22:12
ComboFix2.txt 2010-05-10 07:55

Pre-Run: 61,353,664,512 bytes free
Post-Run: 61,426,274,304 bytes free

- - End Of File - - 0D79310E808F4CA824205869E7A4C850
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,047 posts
Hello again bobbydigital450,

Your machine looks clean to me.

We have a couple of last steps to perform and then you're all set.Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    Posted Image
Step 2
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep. Erunt can also be uninstalled via the add/remove programs utility, for some though, it may be a useful backup program to hold on to.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that your machine is clean here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.
  • Download from here Java Runtime Environment (JDK) Update
  • Scroll to where it says "Windows XP/Vista/2000/2003/2008 online" and download and follow the instructions to install.

    Reboot your computer.
    You also need to uininstall older versions of Java.

  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week.

For ease of use, you might consider the following free program:--------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* Consider using an alternate browser.

Opera may be downloaded from here. It is one of the least targeted of all browers.

Avant may be downloaded from here. Another one that is less well known.

Firefox may be downloaded from Here. I use Firefox because I like it. Used to be one of the safest but now targeted probably as much as IE.

Adblock Plus is a good Add-on for Firefox that helps prevent those annoying pop ups.
-----------------------------------------------------------------------------------------------------------------------

Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

  • It is recommended that you do set Windows to check, download and install your updates automatically.

    * Click Start > Control Panel > Automatic Updates
    * Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
    * Click Apply then OK.

    And to keep your system clean consider choosing from these free for home use malware scanners and updating and running weekly.
  • Malwarebytes
  • SuperAntiSpyWare
Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

Have a safe and happy computing day!
  • 0

#11
bobbydigital450

bobbydigital450

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks a ton! I really appreciate the help. Computer is now std free thanks to you!
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,047 posts
You are very welcome. Posted Image

I will keep this topic open for a day or two in case any issues develop.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP