[MajorPelham]

I need help with a browser redirect that keeps sending me to the wrong websites. I do my search, the search results show correctly, but when I click on the one I want I am redirected to another site, if I go back, it takes me to MFeed.COM

Here is my HIJACKTHIS scan:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:00:52 PM, on 6/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Cisco Systems\VPN client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\BellSouth\Connection Manager\CManager.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\PROGRA~1\BROADJ~1\CLIENT~1\CFD.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: 84.16.244.54 www.google.com
O1 - Hosts: 84.16.244.54 us.search.yahoo.com
O1 - Hosts: 84.16.244.54 uk.search.yahoo.com
O1 - Hosts: 84.16.244.54 search.yahoo.com
O1 - Hosts: 84.16.244.54 www.google.com.br
O1 - Hosts: 84.16.244.54 www.google.it
O1 - Hosts: 84.16.244.54 www.google.es
O1 - Hosts: 84.16.244.54 www.google.co.jp
O1 - Hosts: 84.16.244.54 www.google.com.mx
O1 - Hosts: 84.16.244.54 www.google.ca
O1 - Hosts: 84.16.244.54 www.google.com.au
O1 - Hosts: 84.16.244.54 www.google.nl
O1 - Hosts: 84.16.244.54 www.google.co.za
O1 - Hosts: 84.16.244.54 www.google.be
O1 - Hosts: 84.16.244.54 www.google.gr
O1 - Hosts: 84.16.244.54 www.google.at
O1 - Hosts: 84.16.244.54 www.google.se
O1 - Hosts: 84.16.244.54 www.google.ch
O1 - Hosts: 84.16.244.54 www.google.pt
O1 - Hosts: 84.16.244.54 www.google.dk
O1 - Hosts: 84.16.244.54 www.google.fi
O1 - Hosts: 84.16.244.54 www.google.ie
O1 - Hosts: 84.16.244.54 www.google.no
O1 - Hosts: 84.16.244.54 www.google.de
O1 - Hosts: 84.16.244.54 www.google.fr
O1 - Hosts: 84.16.244.54 www.google.co.uk
O1 - Hosts: 84.16.244.54 www.bing.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec....000096.000001d8
O4 - Startup: Connection Manager.lnk = C:\Program Files\BellSouth\Connection Manager\CManager.exe
O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Fidelity CorpRAS VPN Client.lnk = C:\Program Files\Cisco Systems\VPN client\vpngui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://static.ak.fac...fbootloader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1238545561109
O18 - Filter hijack: text/html - {3ae63a2d-1112-4c89-ad43-2f0afaca9e36} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\Cisco Systems\VPN client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe

--
End of file - 10655 bytes

[Advertisements]

Hello,

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
• Please make sure to carefully read any instruction that I give you.
  Reading too lightly will cause you to miss important steps, which could have destructive effects.
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
• Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message on here.
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Launch Notepad, and copy/paste everything in the codebox below into the new document. Go up to "File Save As" and click the drop-down box to change the "Save As Type" to "All Files" and save it to your desktop as runme.bat.

@echo off
attrib -r -h -s "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS"
del /q /f "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS"
echo 127.0.0.1 localhost > "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS"
del %0

Double click on runme.bat



NEXT:



OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under Custom Scan paste this in
  

  
  netsvcs
  drivers32
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\user32.dll /md5
  %systemroot%\system32\ws2_32.dll /md5
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /180
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
  

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
• You may need two posts to fit them both in.

NEXT:



Scanning with GMER

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
• Now click the Scan button. If you see a rootkit warning window, click OK.
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
• Click the Copy button and paste the results into your next reply.
• Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)
3. The log that was produced after running GMER
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Edited by SweetTech, 15 June 2010 - 03:20 PM.

[SweetTech]

Hello,

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
• Please make sure to carefully read any instruction that I give you.
  Reading too lightly will cause you to miss important steps, which could have destructive effects.
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
• Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message on here.
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Launch Notepad, and copy/paste everything in the codebox below into the new document. Go up to "File Save As" and click the drop-down box to change the "Save As Type" to "All Files" and save it to your desktop as runme.bat.

@echo off
attrib -r -h -s "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS"
del /q /f "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS"
echo 127.0.0.1 localhost > "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS"
del %0

Double click on runme.bat



NEXT:



OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under Custom Scan paste this in
  

  
  netsvcs
  drivers32
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\user32.dll /md5
  %systemroot%\system32\ws2_32.dll /md5
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /180
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
  

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
• You may need two posts to fit them both in.

NEXT:



Scanning with GMER

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
• Now click the Scan button. If you see a rootkit warning window, click OK.
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
• Click the Copy button and paste the results into your next reply.
• Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)
3. The log that was produced after running GMER
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Edited by SweetTech, 15 June 2010 - 03:20 PM.

[MajorPelham]

SweetTech, thank you for your assistance. I ran OTL as you required, however, the only output that I received was the OTL.Txt which I am including below. I will not run the next step GMER until I hear from you about the missing EXTRAS.Txt and why we would not get it and if we need it.

OTL logfile created on: 6/15/2010 5:50:46 PM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\HP_Owner\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.00 Mb Total Physical Memory | 142.00 Mb Available Physical Memory | 37.00% Memory free
921.00 Mb Paging File | 461.00 Mb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.96 Gb Total Space | 113.80 Gb Free Space | 79.60% Space Free | Partition Type: NTFS
Drive D: | 6.07 Gb Total Space | 0.71 Gb Free Space | 11.72% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCOTTPC1
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Owner\My Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)
PRC - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - c:\Program Files\Cisco Systems\VPN client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard)
PRC - C:\Program Files\BellSouth\Connection Manager\CManager.exe ()
PRC - C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
PRC - C:\Program Files\BroadJump\CorrectConnect Engine\CCD.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\HP_Owner\My Documents\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\IObit\IObit Security 360\is360mon.dll (IObit)
MOD - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll (Symantec Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Documents and Settings\HP_Owner\Local Settings\Temp\IadHide5.dll (BackWeb)


========== Win32 Services (SafeList) ==========

SRV - (IS360service) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (CVPND) -- c:\Program Files\Cisco Systems\VPN client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)


========== Driver Services (SafeList) ==========

DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100604.004\IDSXpx86.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100522.001\BHDrvx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100615.005\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100615.005\NAVENG.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS (Symantec Corporation)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (fasttx2k) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (SISAGP) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/05/26 20:15:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/02/28 16:14:51 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/06/15 17:41:01 | 000,000,022 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Fidelity CorpRAS VPN Client.lnk = C:\Program Files\Cisco Systems\VPN client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\Connection Manager.lnk = C:\Program Files\BellSouth\Connection Manager\CManager.exe ()
O4 - Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.fac...fbootloader.cab (Reg Error: Value error.)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238545561109 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/09 12:19:54 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 22:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{6b31ffb0-8471-11d9-85a5-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{6b31ffb0-8471-11d9-85a5-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/11/10 21:36:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (63064005534547968)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/15 17:27:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner\Recent
[2010/06/15 16:26:03 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\My Documents\OTL.exe
[2010/06/15 15:11:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/15 11:01:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/15 11:01:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/15 09:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/15 09:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/06/13 21:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Redirect Removal Tool[1]
[2010/06/13 20:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
[2010/06/13 20:29:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/13 20:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/13 12:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/06/13 12:14:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\IObit
[2010/06/13 12:14:55 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/06/13 10:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Tific
[2010/06/05 14:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Facebook
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/15 17:41:01 | 000,000,022 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/06/15 17:35:12 | 008,912,896 | ---- | M] () -- C:\Documents and Settings\HP_Owner\NTUSER.DAT
[2010/06/15 16:26:20 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\My Documents\OTL.exe
[2010/06/15 16:00:32 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.lnk
[2010/06/15 15:54:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/15 15:52:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/15 15:52:17 | 402,182,144 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/15 15:51:02 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.ini
[2010/06/15 15:50:23 | 010,069,490 | -H-- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IconCache.db
[2010/06/15 15:16:11 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\housecall.guid.cache
[2010/06/15 11:54:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/15 11:02:01 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/13 12:24:25 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/06/13 12:15:30 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/06/13 09:57:21 | 000,000,731 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/13 09:57:21 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2010/06/13 09:57:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/12 20:43:42 | 000,007,162 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20100612_204324.reg
[2010/06/10 19:28:25 | 000,196,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/10 18:28:06 | 000,715,730 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\Cat.DB
[2010/06/09 21:14:39 | 000,507,858 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/09 21:14:39 | 000,445,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/09 21:14:39 | 000,072,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/07 20:00:11 | 000,000,746 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - HP_Owner.job
[2010/06/06 15:38:07 | 000,082,712 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\00401.tif
[2010/06/06 15:36:34 | 000,147,064 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\00813.tif
[2010/06/06 15:36:28 | 000,173,414 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\00812.tif
[2010/06/06 15:36:21 | 000,043,120 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\00811.tif
[2010/06/01 21:04:47 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\zombiewords.mic
[2010/06/01 20:47:39 | 000,007,390 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ZOMBIEwordsonly2.xml
[2010/06/01 20:46:14 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ZOMBIEwordsonly.doc
[2010/06/01 19:25:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/30 18:07:18 | 000,164,864 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\zombiegood.mic
[2010/05/30 18:03:30 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ZOMBIE SURVIVAL.doc
[2010/05/30 17:55:55 | 000,182,272 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\zombie.mic
[2010/05/30 17:36:12 | 000,015,526 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\zombie.jpg
[2010/05/30 17:34:24 | 000,017,138 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ZOMBIE SURVIVAL2.xml
[2010/05/25 20:15:14 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2010/05/23 15:24:21 | 000,001,724 | -H-- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Default.rdp
[2010/05/16 18:57:21 | 000,500,139 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\JASCOTTpen2.GIF
[2010/05/16 18:55:18 | 000,296,720 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\JASCOTTpen1.GIF
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/15 15:16:11 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\housecall.guid.cache
[2010/06/15 15:12:00 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.lnk
[2010/06/15 13:51:35 | 402,182,144 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/15 11:54:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/15 11:02:01 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/13 12:24:25 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/06/13 12:15:30 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/06/12 21:29:27 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
[2010/06/12 21:29:27 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/06/12 21:29:26 | 000,001,872 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
[2010/06/12 20:43:28 | 000,007,162 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20100612_204324.reg
[2010/06/06 15:38:05 | 000,082,712 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\00401.tif
[2010/06/06 15:36:33 | 000,147,064 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\00813.tif
[2010/06/06 15:36:27 | 000,173,414 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\00812.tif
[2010/06/06 15:36:21 | 000,043,120 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\00811.tif
[2010/06/01 20:49:06 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\zombiewords.mic
[2010/06/01 20:47:38 | 000,007,390 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ZOMBIEwordsonly2.xml
[2010/06/01 20:41:31 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ZOMBIEwordsonly.doc
[2010/05/30 18:04:31 | 000,164,864 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\zombiegood.mic
[2010/05/30 17:50:55 | 000,182,272 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\zombie.mic
[2010/05/30 17:36:02 | 000,015,526 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\zombie.jpg
[2010/05/30 17:34:24 | 000,017,138 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ZOMBIE SURVIVAL2.xml
[2010/05/30 17:02:56 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ZOMBIE SURVIVAL.doc
[2010/05/16 18:57:19 | 000,500,139 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\JASCOTTpen2.GIF
[2010/05/16 18:55:16 | 000,296,720 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\JASCOTTpen1.GIF
[2010/03/21 16:39:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/02/04 19:41:29 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/01/24 20:31:50 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2007/01/24 20:31:12 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/01/24 20:31:09 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/08/09 18:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 18:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/08/09 18:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/07/10 20:47:00 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2005/07/10 20:45:55 | 001,680,896 | ---- | C] () -- C:\WINDOWS\System32\LTCLR13n.dll
[2005/07/10 20:45:54 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2005/07/10 20:45:54 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2005/04/27 11:34:31 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\wh2robo.dll
[2005/03/30 22:58:19 | 000,002,150 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/02/28 00:00:39 | 000,007,996 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/02/26 20:14:31 | 000,007,115 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2005/02/26 20:13:57 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/12/09 12:17:29 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/12/09 12:17:29 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/12/09 12:17:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/12/09 12:17:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/12/09 12:17:29 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/12/09 12:17:28 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/12/09 12:09:41 | 000,190,524 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/12/09 12:09:41 | 000,103,579 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/10/22 17:35:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/21 22:21:50 | 000,014,529 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/21 22:21:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/21 21:55:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/21 21:00:46 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/10/21 20:17:08 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/21 20:17:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/21 20:15:49 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/21 19:55:39 | 000,000,903 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/21 19:36:39 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/09/14 02:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 06:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 06:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/11 02:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2010/06/13 12:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2008/10/18 17:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/01/23 16:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/18 19:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/08/10 20:46:58 | 000,000,786 | ---- | M] () -- C:\administrativeInfo.dbf
[2005/04/11 21:37:42 | 000,007,680 | ---- | M] () -- C:\albumImagesTable.cdx
[2005/04/11 21:37:42 | 000,000,424 | ---- | M] () -- C:\albumImagesTable.dbf
[2005/04/11 21:37:42 | 000,004,608 | ---- | M] () -- C:\albumTable.cdx
[2005/04/11 21:37:42 | 000,000,584 | ---- | M] () -- C:\albumTable.dbf
[2004/12/09 12:19:54 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/02/21 21:51:57 | 004,783,390 | ---- | M] () -- C:\BellSouthIW.re~
[2005/02/21 21:39:46 | 000,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2010/06/13 09:57:21 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2009/08/10 19:42:41 | 000,000,000 | ---- | M] () -- C:\CB_Server_Errors.txt
[2004/08/04 08:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2004/10/21 19:51:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/04/11 21:37:42 | 000,003,072 | ---- | M] () -- C:\EXIFTable.cdx
[2005/04/11 21:37:42 | 000,000,488 | ---- | M] () -- C:\EXIFTable.dbf
[2008/09/13 20:22:40 | 000,000,115 | ---- | M] () -- C:\FtpCmd.txt
[2010/06/15 15:52:17 | 402,182,144 | -HS- | M] () -- C:\hiberfil.sys
[2004/10/21 20:15:49 | 000,000,002 | -H-- | M] () -- C:\hpbi.log
[2009/03/08 10:56:39 | 000,525,372 | ---- | M] () -- C:\hpfr3840.log
[2005/04/11 21:37:42 | 000,009,216 | ---- | M] () -- C:\imageTable.cdx
[2005/04/11 21:37:42 | 000,000,936 | ---- | M] () -- C:\imageTable.dbf
[2005/04/11 21:37:42 | 000,000,512 | ---- | M] () -- C:\imageTable.fpt
[2004/10/21 19:51:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/04/11 21:37:42 | 000,006,144 | ---- | M] () -- C:\keywordImagesTable.cdx
[2005/04/11 21:37:42 | 000,000,360 | ---- | M] () -- C:\keywordImagesTable.dbf
[2005/04/11 21:37:42 | 000,004,608 | ---- | M] () -- C:\keywordTable.cdx
[2005/04/11 21:37:42 | 000,000,456 | ---- | M] () -- C:\keywordTable.dbf
[2009/08/10 19:42:47 | 000,000,378 | ---- | M] () -- C:\managedFolderTable.dbf
[2004/10/21 19:51:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/16 18:04:49 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/15 15:52:16 | 603,979,776 | -HS- | M] () -- C:\pagefile.sys
[2009/08/10 20:46:58 | 000,004,608 | ---- | M] () -- C:\pathnameTable.cdx
[2009/08/10 19:42:47 | 000,001,490 | ---- | M] () -- C:\pathnameTable.dbf
[2005/04/11 21:37:42 | 000,006,144 | ---- | M] () -- C:\ROFImagesTable.cdx
[2005/04/11 21:37:42 | 000,000,360 | ---- | M] () -- C:\ROFImagesTable.dbf
[2005/04/11 21:37:42 | 000,003,072 | ---- | M] () -- C:\ROFTable.cdx
[2005/04/11 21:37:42 | 000,000,392 | ---- | M] () -- C:\ROFTable.dbf
[2010/06/15 12:15:52 | 000,038,834 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_15.06.2010_12.15.13_log.txt
[2009/01/31 12:17:40 | 000,054,209 | ---- | M] () -- C:\vrq.log
[2008/08/09 14:36:49 | 000,000,146 | ---- | M] () -- C:\YServer.txt
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\*.dll /lockedfiles >
[2010/05/04 13:20:32 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/05/04 13:20:33 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/10/21 12:41:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/10/21 12:41:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/10/21 12:41:45 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/02/28 16:13:22 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/11/05 19:06:06 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
< End of report >

[SweetTech]

Hello,

Please don't worry about the extras.txt or the GMER log for now. Proceed with these instructions below. Make sure you include an update in your next post on how your computer is currently running.


OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox. Do not include the word "Code"
  
  

  :Services
  :OTL
  O3 - HKLM\..\Toolbar: (no name) - - Reg Error: Value error. File not found
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
  O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win...fbootloader.cab (Reg Error: Value error.)
  O33 - MountPoints2\{6b31ffb0-8471-11d9-85a5-806d6172696f}\Shell - "" = AutoRun
  O33 - MountPoints2\{6b31ffb0-8471-11d9-85a5-806d6172696f}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\D\Shell - "" = AutoRun
  O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
  [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  [1 C:\*.tmp files -> C:\*.tmp -> ]
  :Commands
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [start explorer]
  [Reboot]

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click .
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

• Open Malwarebytes' Anti-Malware
  
• Select the Update tab
  
• Click Check for Updates
  
• After the update have been completed, Select the Scanner tab.
  
• Select Perform quick scan, then click on Scan
  
• Leave the default options as it is and click on Start Scan
  
• When done, you will be prompted. Click OK, then click on Show Results
  
• Checked (ticked) all items and click on Remove Selected
  
• After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Make sure that the option "Remove found threats" is Unchecked
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin
  scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as
  ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan

• Please reopen on your desktop.
• Copy and Paste the following bolded text into the textbox.
  
  

  
  netsvcs
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /180
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
  

• Push
• A report will open. Copy and Paste that report in your next reply.

NEXT:


Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the OTL fix.
3. The log that was produced after running the MalwareBytes' Anti-Malware scan.
4. The log that was produced after running the ESET Online Virus Scanner.
5. The log that was produced after running the OTL scan.
6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Cheers,
SweetTech.

[MajorPelham]

1. SweetTech, I love the "CHEERS" at the end. Thanks for your help. You are so smart.

2. OTL Fix Log:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Starting removal of ActiveX control {32C3FEAE-0877-4767-8C20-62A5829A0945}
C:\WINDOWS\Downloaded Program Files\axfbootloader.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b31ffb0-8471-11d9-85a5-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b31ffb0-8471-11d9-85a5-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b31ffb0-8471-11d9-85a5-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b31ffb0-8471-11d9-85a5-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
C:\WINDOWS\LMI54.tmp\rescue.log deleted successfully.
C:\WINDOWS\LMI54.tmp folder deleted successfully.
C:\WINDOWS\LMI60.tmp\rescue.log deleted successfully.
C:\WINDOWS\LMI60.tmp folder deleted successfully.
C:\~QTWTMP.TMP\QTINSTAL.HLP deleted successfully.
C:\~QTWTMP.TMP folder deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Flash cache emptied: 442 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: HP_Owner
->Temp folder emptied: 76378 bytes
->Temporary Internet Files folder emptied: 6538852 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 73025 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9708577 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22864 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 49496426 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 770 bytes

Total Files Cleaned = 63.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: HP_Owner
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Owner

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06152010_182453

Files\Folders moved on Reboot...
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\L6I6RSCZ\getSegment[1].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\L6I6RSCZ\iframe[1].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\EVIELQFB\1036609180[1].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\EVIELQFB\geekstogo_com[1].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\EVIELQFB\like[1].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\EVIELQFB\Yahoo-Browser-Redirect-t279633[2].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\BDKESIG4\index.85cefd54f7917017df1c504b0218cb96[1].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\BDKESIG4\like[2].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\21KCFHHR\ads[1].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_2d4.dat moved successfully.

Registry entries deleted on Reboot...


3. MalwareBytes Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4201

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/15/2010 6:49:40 PM
mbam-log-2010-06-15 (18-49-40).txt

Scan type: Quick scan
Objects scanned: 140534
Time elapsed: 14 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



4. ESET is still running

5. Waiting on step 4 to finish

6. I have not chedked to see if it is still doing the same thing yet. I will when I get to this step

[SweetTech]

Okay.

[MajorPelham]

1. Comment only.

ESET sure runs slow!!!

[SweetTech]

How far along is the scan? How long have you been running it?

[MajorPelham]

The ESET Scan is 71% complete 1 hour and 15 minutes, no threats detected

[SweetTech]

Ahh.. Okay. It'll be done before you know it. I've had a user whose online scan took 24 hours for them to complete.

[MajorPelham]

I need to learn to be more patient. One of the "fast-food" generation. hahahaha!

Thanks again for your help.

[MajorPelham]

4. NO THREATS WERE FOUND RUNNING ESET, LOG WAS NOT PRODUCED.

STEP #5 IS running now.

[SweetTech]

Okay.

[MajorPelham]

STEP 5. OTL Log:

OTL logfile created on: 6/15/2010 8:32:27 PM - Run 3
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.00 Mb Total Physical Memory | 81.00 Mb Available Physical Memory | 21.00% Memory free
921.00 Mb Paging File | 462.00 Mb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.96 Gb Total Space | 113.72 Gb Free Space | 79.54% Space Free | Partition Type: NTFS
Drive D: | 6.07 Gb Total Space | 0.71 Gb Free Space | 11.72% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCOTTPC1
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)
PRC - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - c:\Program Files\Cisco Systems\VPN client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\BellSouth\Connection Manager\CManager.exe ()
PRC - C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
PRC - C:\Program Files\BroadJump\CorrectConnect Engine\CCD.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\HP_Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\IObit\IObit Security 360\is360mon.dll (IObit)
MOD - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll (Symantec Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (IS360service) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (CVPND) -- c:\Program Files\Cisco Systems\VPN client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)


========== Driver Services (SafeList) ==========

DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100604.004\IDSXpx86.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100522.001\BHDrvx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100615.005\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100615.005\NAVENG.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS (Symantec Corporation)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (fasttx2k) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (SISAGP) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/05/26 20:15:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/02/28 16:14:51 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/06/15 17:41:01 | 000,000,022 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Fidelity CorpRAS VPN Client.lnk = C:\Program Files\Cisco Systems\VPN client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\Connection Manager.lnk = C:\Program Files\BellSouth\Connection Manager\CManager.exe ()
O4 - Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238545561109 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/09 12:19:54 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 22:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{6b31ffb0-8471-11d9-85a5-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{6b31ffb0-8471-11d9-85a5-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/11/10 21:36:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (63064005534547968)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/15 18:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/15 18:24:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/15 17:27:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner\Recent
[2010/06/15 16:26:03 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2010/06/15 15:11:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/15 11:01:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/15 11:01:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/15 09:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/15 09:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/06/13 21:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Redirect Removal Tool[1]
[2010/06/13 20:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
[2010/06/13 20:29:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/13 20:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/13 12:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/06/13 12:14:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\IObit
[2010/06/13 12:14:55 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/06/13 10:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Tific
[2010/06/05 14:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Facebook

========== Files - Modified Within 30 Days ==========

[2010/06/15 19:25:34 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/15 18:29:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/15 18:27:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/15 18:27:20 | 402,182,144 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/15 18:26:32 | 008,912,896 | ---- | M] () -- C:\Documents and Settings\HP_Owner\NTUSER.DAT
[2010/06/15 18:26:09 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.ini
[2010/06/15 17:41:01 | 000,000,022 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/06/15 16:26:20 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2010/06/15 16:00:32 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.lnk
[2010/06/15 11:54:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/15 11:02:01 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/13 12:24:25 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/06/13 12:15:30 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/06/13 09:57:21 | 000,000,731 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/13 09:57:21 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2010/06/13 09:57:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/12 20:43:42 | 000,007,162 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20100612_204324.reg
[2010/06/10 19:28:25 | 000,196,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/10 18:28:06 | 000,715,730 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\Cat.DB
[2010/06/09 21:14:39 | 000,507,858 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/09 21:14:39 | 000,445,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/09 21:14:39 | 000,072,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/07 20:00:11 | 000,000,746 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - HP_Owner.job
[2010/06/06 15:38:07 | 000,082,712 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\00401.tif
[2010/06/06 15:36:34 | 000,147,064 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\00813.tif
[2010/06/06 15:36:28 | 000,173,414 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\00812.tif
[2010/06/06 15:36:21 | 000,043,120 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\00811.tif
[2010/06/01 21:04:47 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\zombiewords.mic
[2010/06/01 20:47:39 | 000,007,390 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ZOMBIEwordsonly2.xml
[2010/06/01 20:46:14 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ZOMBIEwordsonly.doc
[2010/05/30 18:07:18 | 000,164,864 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\zombiegood.mic
[2010/05/30 18:03:30 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ZOMBIE SURVIVAL.doc
[2010/05/30 17:55:55 | 000,182,272 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\zombie.mic
[2010/05/30 17:36:12 | 000,015,526 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\zombie.jpg
[2010/05/30 17:34:24 | 000,017,138 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ZOMBIE SURVIVAL2.xml
[2010/05/25 20:15:14 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2010/05/23 15:24:21 | 000,001,724 | -H-- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Default.rdp

========== Files Created - No Company Name ==========

[2010/06/15 15:12:00 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.lnk
[2010/06/15 13:51:35 | 402,182,144 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/15 11:54:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/15 11:02:01 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/13 12:24:25 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/06/13 12:15:30 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/06/12 21:29:27 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
[2010/06/12 21:29:27 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/06/12 21:29:26 | 000,001,872 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
[2010/06/12 20:43:28 | 000,007,162 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20100612_204324.reg
[2010/06/06 15:38:05 | 000,082,712 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\00401.tif
[2010/06/06 15:36:33 | 000,147,064 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\00813.tif
[2010/06/06 15:36:27 | 000,173,414 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\00812.tif
[2010/06/06 15:36:21 | 000,043,120 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\00811.tif
[2010/06/01 20:49:06 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\zombiewords.mic
[2010/06/01 20:47:38 | 000,007,390 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ZOMBIEwordsonly2.xml
[2010/06/01 20:41:31 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ZOMBIEwordsonly.doc
[2010/05/30 18:04:31 | 000,164,864 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\zombiegood.mic
[2010/05/30 17:50:55 | 000,182,272 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\zombie.mic
[2010/05/30 17:36:02 | 000,015,526 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\zombie.jpg
[2010/05/30 17:34:24 | 000,017,138 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ZOMBIE SURVIVAL2.xml
[2010/05/30 17:02:56 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ZOMBIE SURVIVAL.doc
[2010/03/21 16:39:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/02/04 19:41:29 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/01/24 20:31:50 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2007/01/24 20:31:12 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/01/24 20:31:09 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/08/09 18:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 18:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/08/09 18:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/07/10 20:47:00 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2005/07/10 20:45:55 | 001,680,896 | ---- | C] () -- C:\WINDOWS\System32\LTCLR13n.dll
[2005/07/10 20:45:54 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2005/07/10 20:45:54 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2005/04/27 11:34:31 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\wh2robo.dll
[2005/03/30 22:58:19 | 000,002,150 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/02/28 00:00:39 | 000,007,996 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/02/26 20:14:31 | 000,007,115 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2005/02/26 20:13:57 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/12/09 12:17:29 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/12/09 12:17:29 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/12/09 12:17:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/12/09 12:17:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/12/09 12:17:29 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/12/09 12:17:28 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/12/09 12:09:41 | 000,190,524 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/12/09 12:09:41 | 000,103,579 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/10/22 17:35:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/21 22:21:50 | 000,014,529 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/21 22:21:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/21 21:55:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/21 21:00:46 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/10/21 20:17:08 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/21 20:17:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/21 20:15:49 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/21 19:55:39 | 000,000,903 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/21 19:36:39 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/09/14 02:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 06:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 06:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/11 02:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/08/10 20:46:58 | 000,000,786 | ---- | M] () -- C:\administrativeInfo.dbf
[2005/04/11 21:37:42 | 000,007,680 | ---- | M] () -- C:\albumImagesTable.cdx
[2005/04/11 21:37:42 | 000,000,424 | ---- | M] () -- C:\albumImagesTable.dbf
[2005/04/11 21:37:42 | 000,004,608 | ---- | M] () -- C:\albumTable.cdx
[2005/04/11 21:37:42 | 000,000,584 | ---- | M] () -- C:\albumTable.dbf
[2004/12/09 12:19:54 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/02/21 21:51:57 | 004,783,390 | ---- | M] () -- C:\BellSouthIW.re~
[2005/02/21 21:39:46 | 000,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2010/06/13 09:57:21 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2009/08/10 19:42:41 | 000,000,000 | ---- | M] () -- C:\CB_Server_Errors.txt
[2004/08/04 08:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2004/10/21 19:51:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/04/11 21:37:42 | 000,003,072 | ---- | M] () -- C:\EXIFTable.cdx
[2005/04/11 21:37:42 | 000,000,488 | ---- | M] () -- C:\EXIFTable.dbf
[2008/09/13 20:22:40 | 000,000,115 | ---- | M] () -- C:\FtpCmd.txt
[2010/06/15 18:27:20 | 402,182,144 | -HS- | M] () -- C:\hiberfil.sys
[2004/10/21 20:15:49 | 000,000,002 | -H-- | M] () -- C:\hpbi.log
[2009/03/08 10:56:39 | 000,525,372 | ---- | M] () -- C:\hpfr3840.log
[2005/04/11 21:37:42 | 000,009,216 | ---- | M] () -- C:\imageTable.cdx
[2005/04/11 21:37:42 | 000,000,936 | ---- | M] () -- C:\imageTable.dbf
[2005/04/11 21:37:42 | 000,000,512 | ---- | M] () -- C:\imageTable.fpt
[2004/10/21 19:51:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/04/11 21:37:42 | 000,006,144 | ---- | M] () -- C:\keywordImagesTable.cdx
[2005/04/11 21:37:42 | 000,000,360 | ---- | M] () -- C:\keywordImagesTable.dbf
[2005/04/11 21:37:42 | 000,004,608 | ---- | M] () -- C:\keywordTable.cdx
[2005/04/11 21:37:42 | 000,000,456 | ---- | M] () -- C:\keywordTable.dbf
[2009/08/10 19:42:47 | 000,000,378 | ---- | M] () -- C:\managedFolderTable.dbf
[2004/10/21 19:51:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/16 18:04:49 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/15 18:27:18 | 603,979,776 | -HS- | M] () -- C:\pagefile.sys
[2009/08/10 20:46:58 | 000,004,608 | ---- | M] () -- C:\pathnameTable.cdx
[2009/08/10 19:42:47 | 000,001,490 | ---- | M] () -- C:\pathnameTable.dbf
[2005/04/11 21:37:42 | 000,006,144 | ---- | M] () -- C:\ROFImagesTable.cdx
[2005/04/11 21:37:42 | 000,000,360 | ---- | M] () -- C:\ROFImagesTable.dbf
[2005/04/11 21:37:42 | 000,003,072 | ---- | M] () -- C:\ROFTable.cdx
[2005/04/11 21:37:42 | 000,000,392 | ---- | M] () -- C:\ROFTable.dbf
[2010/06/15 12:15:52 | 000,038,834 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_15.06.2010_12.15.13_log.txt
[2009/01/31 12:17:40 | 000,054,209 | ---- | M] () -- C:\vrq.log
[2008/08/09 14:36:49 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/05/04 13:20:32 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/05/04 13:20:33 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/10/21 12:41:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/10/21 12:41:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/10/21 12:41:45 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/02/28 16:13:22 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/11/05 19:06:06 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
< End of report >


6. It appears to be working correctly!!!

Is there any cleanup left to do? If not, how do I close the post as resolved!

Thank you so much, SweetTech!!!

[SweetTech]

We still have some work to do.

Please do the following:

Security Check
Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.