Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

i think i have win32 or some other exe virus

Started by mclovin1 , Nov 16 2010 03:47 AM

  • Please log in to reply

#1
mclovin1
Posted 16 November 2010 - 03:47 AM

mclovin1

    Member

  • Member
  • PipPip
  • 11 posts
hello, im having trouble with my machine. It shuts down automatically and sometimes the task manager and command prompt are disabled. i get those faulty error messages so i figure its one of those process viruses or worm that changes hot keys. Anyways i was wondering if you could take a look at my otl logs and tell me what you think!!

Attached Files

  • Attached File  OTL.Txt   136.1KB   93 downloads

  • 0

Advertisements

#2
mclovin1
Posted 16 November 2010 - 03:59 AM

mclovin1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
in case the attactment didnt open i have a paste copy of my logs:

OTL logfile created on: 11/16/2010 3:20:27 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Connie_2\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 143.00 Mb Available Physical Memory | 28.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 4.88 Gb Free Space | 6.54% Space Free | Partition Type: NTFS
Drive D: | 68.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MICHAEL1 | User Name: Connie_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Connie_2\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\iolo\System Mechanic\SystemGuardAlerter.exe (iolo technologies, LLC)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Browser Mouse\mouse32a.exe ()
PRC - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs Inc.)
PRC - C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe (ScanSoft, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
PRC - C:\WINDOWS\system32\brss01a.exe (brother Industries Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Connie_2\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\iolo\Common\Lib\HookDLL32.dll (iolo technologies, LLC)
MOD - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Browser Mouse\mouDL32A.dll ()
MOD - C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll (ScanSoft, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SymWSC) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs Inc.)
SRV - (KodakCCS) -- C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)
SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)


========== Driver Services (SafeList) ==========

DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS File not found
DRV - (PalmUSBD) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys File not found
DRV - (DMSKSSRh) -- C:\DOCUME~1\connie\LOCALS~1\Temp\DMSKSSRh.sys File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola)
DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (motport) -- C:\WINDOWS\system32\drivers\motport.sys (Motorola)
DRV - (MCSTRM) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (IrBus) -- C:\WINDOWS\system32\drivers\irbus.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs Inc.)
DRV - (DCFS2K) -- C:\WINDOWS\system32\drivers\DCFS2k.sys (Eastman Kodak Company)
DRV - (Exportit) -- C:\WINDOWS\system32\drivers\ExportIt.sys (Eastman Kodak Company)
DRV - (DcPTP) -- C:\WINDOWS\system32\drivers\DcPtp.sys (Eastman Kodak Company)
DRV - (DcFpoint) -- C:\WINDOWS\system32\drivers\DcFpoint.sys (Eastman Kodak Company)
DRV - (DcLps) -- C:\WINDOWS\system32\drivers\DcLps.sys (Eastman Kodak Company)
DRV - (DCCAM) -- C:\WINDOWS\system32\drivers\DcCam.sys (Eastman Kodak Company)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ATITUNEP) -- C:\WINDOWS\system32\drivers\atineuxx.sys (ATI Technologies Inc.)
DRV - (ATIXSAudio) -- C:\WINDOWS\system32\drivers\atinesxx.sys (ATI Technologies Inc.)
DRV - (atinevxx) -- C:\WINDOWS\system32\drivers\atinevxx.sys (ATI Technologies Inc.)
DRV - (PCDCODEC) -- C:\WINDOWS\system32\drivers\atinpdxx.sys (ATI Technologies Inc.)
DRV - (MVDCODEC) -- C:\WINDOWS\system32\drivers\atinmdxx.sys (ATI Technologies Inc.)
DRV - (ativraxx) -- C:\WINDOWS\system32\drivers\atinraxx.sys (ATI Technologies Inc.)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearsh...src=ssb&sysid=2
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..keyword.URL: "http://search.bearsh...&systemid=2&q="


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/29 19:52:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/02 12:14:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/12 14:11:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/02 12:05:12 | 000,000,000 | ---D | M]

[2010/11/02 11:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Connie_2\Application Data\Mozilla\Extensions
[2009/05/28 16:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Connie_2\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/29 19:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Connie_2\Application Data\Mozilla\Extensions\[email protected]
[2010/11/11 12:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Connie_2\Application Data\Mozilla\Firefox\Profiles\u0hhzu11.default\extensions
[2007/12/24 18:11:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Connie_2\Application Data\Mozilla\Firefox\Profiles\u0hhzu11.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/01/02 14:59:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Connie_2\Application Data\Mozilla\Firefox\Profiles\u0hhzu11.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/11/07 11:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Connie_2\Application Data\Mozilla\Firefox\Profiles\u0hhzu11.default\extensions\DefaultManager@Microsoft
[2010/09/14 06:41:12 | 000,002,506 | ---- | M] () -- C:\Documents and Settings\Connie_2\Application Data\Mozilla\Firefox\Profiles\u0hhzu11.default\searchplugins\BearShareWebSearch.xml
[2010/11/02 12:05:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/01/21 01:21:24 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/10/29 21:18:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/29 19:53:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2010/01/02 14:47:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/11/02 12:05:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/10/29 21:17:51 | 000,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/29 21:17:51 | 000,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/10/29 21:17:53 | 000,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2008/02/02 10:27:39 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2008/02/02 10:27:39 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2008/02/02 10:27:39 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2008/02/02 10:27:39 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2008/02/02 10:27:40 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/02/02 10:27:40 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2008/02/02 10:27:40 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/04/23 18:39:08 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/04/23 18:39:08 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/09/14 06:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml
[2009/04/23 18:39:08 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/04/23 18:39:08 | 000,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/04/23 18:39:08 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/04/23 18:39:08 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/04/23 18:39:08 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2004/01/21 20:09:41 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {3C5F395A-72C2-4232-8F25-A4FA11755B6F} - Reg Error: Value error. File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - No CLSID value found.
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe (Symantec Corporation)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\eHome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe (PureEdge Solutions Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {00000163-9980-0010-8000-00AA00389B71} http://download.micr...4B9/wma9dmo.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://software-dl.r...ip/RdxIE601.cab (RdxIE Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: NDWCab http://www.neededware.com/ndw4.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Value error. File not found
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\WINDOWS\Nail.exe) - C:\WINDOWS\Nail.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\iifeeEVl: DllName - iifeeEVl.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Connie_2\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Connie_2\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\tuvSjKAQ) - File not found
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/15 09:48:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/22 18:50:54 | 000,000,042 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746478449557504)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/16 03:01:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/11/16 02:42:28 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Connie_2\Desktop\OTL.exe
[2010/11/15 21:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Connie_2\Application Data\Malwarebytes
[2010/11/15 21:17:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/15 21:17:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/15 21:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/15 21:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/15 18:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/11/15 17:31:25 | 000,000,000 | ---D | C] -- C:\51f43288353c78c26e12
[2010/11/15 17:02:27 | 000,000,000 | ---D | C] -- C:\041a6724863a3c2bcb416ce826
[2010/11/15 13:56:47 | 000,000,000 | ---D | C] -- C:\c1db76724088d4249b9b
[2010/11/15 02:19:46 | 000,000,000 | ---D | C] -- C:\0009af286a68dd81b4
[2010/11/14 15:05:58 | 000,000,000 | ---D | C] -- C:\c688bcabdfa6e5f980d8d35c460966
[2010/11/12 10:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Connie_2\Desktop\tater salad
[2010/11/12 10:17:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\47D5D869FE574F2FA35883CFAA7B4968.TMP
[2010/11/12 03:00:57 | 000,000,738 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/11/12 00:40:16 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\Connie_2\ntuser.pol
[2010/11/11 21:25:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Connie_2\Local Settings\Application Data\Help
[2010/11/11 21:25:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Connie_2\Application Data\Help
[2010/11/10 20:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2010/11/10 20:26:01 | 000,087,688 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll
[2010/11/10 20:26:00 | 002,233,016 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\Incinerator.dll
[2010/11/10 20:25:42 | 000,029,696 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\iolobtdfg.exe
[2010/11/10 20:25:42 | 000,011,776 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\smrgdf.exe
[2010/11/10 20:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2010/11/10 20:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Connie_2\Application Data\iolo
[2010/11/10 19:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/11/10 16:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Ares
[2010/11/10 16:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Connie_2\My Documents\backup files
[2010/11/10 15:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/10 15:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\CleanMyPC
[2010/11/09 10:21:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Connie_2\My Documents\New Folder
[2010/11/07 11:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Connie_2\Local Settings\Application Data\Ares
[2010/11/02 14:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/11/02 14:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Connie_2\Application Data\IObit
[2010/11/02 12:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/11/02 12:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/02 12:05:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/02 12:05:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/02 12:05:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/02 12:05:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/02 11:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Connie_2\My Documents\My Received Files
[2010/11/02 11:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Connie_2\Local Settings\Application Data\BearShare
[2010/11/02 11:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2010/11/02 11:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Connie_2\Local Settings\Application Data\PackageAware
[2007/10/25 07:44:38 | 000,003,110 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/09/19 18:19:09 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Connie_2\Local Settings\Application Data\fusioncache.dat
[2007/04/24 08:13:18 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Connie_2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/03 10:59:22 | 006,956,866 | -H-- | C] () -- C:\Documents and Settings\Connie_2\Local Settings\Application Data\IconCache.db
[2007/02/04 21:25:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Connie_2\Application Data\wklnhst.dat
[2007/02/04 21:23:36 | 000,170,600 | ---- | C] () -- C:\Documents and Settings\Connie_2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/02/04 21:23:05 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Connie_2\Application Data\desktop.ini
[2005/02/15 03:39:00 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/16 02:42:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Connie_2\Desktop\OTL.exe
[2010/11/16 02:35:54 | 000,000,890 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/11/16 02:34:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/15 21:17:25 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/15 16:56:55 | 004,495,360 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/11/15 16:56:55 | 003,611,648 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/11/14 15:25:51 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2010/11/14 13:18:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/12 03:02:23 | 000,000,738 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/11/12 00:53:57 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\Connie_2\ntuser.pol
[2010/11/11 14:47:10 | 000,394,618 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/11 14:47:10 | 000,057,976 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/11 14:02:12 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/10 20:32:19 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\Connie_2\Desktop\System Mechanic.lnk
[2010/11/10 20:27:57 | 000,000,406 | ---- | M] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2010/11/10 19:20:07 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2010/11/10 16:56:41 | 000,001,789 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/11/10 16:38:18 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\Connie_2\Desktop\Ares.lnk
[2010/11/09 21:01:31 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/08 14:37:16 | 003,703,485 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\bob marley - is this love.mp3
[2010/11/08 14:36:06 | 004,118,569 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\bob marly - bob marley - buffalo soldier.mp3
[2010/11/08 14:35:50 | 002,688,859 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\bob marley - greatest hits - one love.mp3
[2010/11/08 14:25:20 | 007,087,798 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\road to zion.mp3
[2010/11/08 14:18:43 | 006,215,680 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\18 nas feat quan - just a moment.mp3
[2010/11/08 13:42:21 | 010,038,089 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\03 red magic feat the game.mp3
[2010/11/08 13:39:22 | 005,384,192 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\nas - stillmatic (promo) - one mic(2).mp3
[2010/11/08 13:36:18 | 005,986,363 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\21 street life.mp3
[2010/11/08 13:24:39 | 007,935,932 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\06 pimp mode featuring bun b.mp3
[2010/11/07 15:58:17 | 006,982,800 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\jbar feat soulja boy - daze - hnhh(2)50.mp3
[2010/11/07 15:57:06 | 005,892,096 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\ludacris - the red light district - blueberry yum yum (feat sleepy brown).mp3
[2010/11/07 15:55:44 | 005,717,685 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\usher - omg (prod by will i am) ( 2o1o) [ www mzhiphop com ](2).mp3
[2010/11/07 15:52:00 | 008,683,056 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\usher ft will i am - omg im1.mp3
[2010/11/07 15:50:38 | 007,497,855 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\lil wayne ft gucci mane- we be steady mobbin www hiphopearly com.mp3
[2010/11/07 15:48:00 | 004,187,026 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\trey songz - i invented sex remix ft keri hilson & usher.mp3
[2010/11/07 15:47:11 | 009,525,473 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\gucci mane ft usher - spotlight - buckmarleyxxx com.mp3
[2010/11/07 15:44:17 | 006,153,698 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\gucci_mane_ft_plies-wasted.mp3
[2010/11/07 15:38:51 | 006,409,489 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\mariah carey ft gucci mane - obsessed _remix_.mp3
[2010/11/07 15:37:42 | 005,380,221 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\usher ft pitbull - dj got us falling in love again im1.mp3
[2010/11/07 15:19:24 | 005,802,332 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\timbaland_-_say_something_(feat _drake)_(full_version)_-_hotnewhiphop com(3).mp3
[2010/11/07 13:49:19 | 005,655,990 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\drake - over (3).mp3
[2010/11/07 13:06:54 | 004,520,960 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\20 dick pleaser(2).mp3
[2010/11/07 12:56:42 | 010,761,513 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\wiz khalifa - kush & orange juice - mezmorized.mp3
[2010/11/07 12:55:31 | 011,884,116 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\kid cudi - pursuit of happiness (feat mgmt & ratatat) - hnhh.mp3
[2010/11/07 12:49:34 | 013,327,932 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\02_lil_wayne_-_im_single_(dirty)-djleak.mp3
[2010/11/07 12:13:18 | 005,531,198 | ---- | M] () -- C:\Documents and Settings\Connie_2\My Documents\01 - a little more country than that(1).mp3
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/15 21:17:25 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/12 11:09:37 | 000,286,720 | ---- | C] () -- C:\WINDOWS\systb.dll
[2010/11/10 20:27:57 | 000,000,406 | ---- | C] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2010/11/10 20:26:06 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\Connie_2\Desktop\System Mechanic.lnk
[2010/11/10 19:20:07 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/11/10 16:38:18 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\Connie_2\Desktop\Ares.lnk
[2010/11/08 16:05:41 | 008,683,056 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\usher ft will i am - omg im1.mp3
[2010/11/08 16:05:37 | 005,380,221 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\usher ft pitbull - dj got us falling in love again im1.mp3
[2010/11/08 16:05:30 | 005,717,685 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\usher - omg (prod by will i am) ( 2o1o) [ www mzhiphop com ](2).mp3
[2010/11/08 16:05:25 | 004,187,026 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\trey songz - i invented sex remix ft keri hilson & usher.mp3
[2010/11/08 16:05:24 | 005,802,332 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\timbaland_-_say_something_(feat _drake)_(full_version)_-_hotnewhiphop com(3).mp3
[2010/11/08 16:05:21 | 007,087,798 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\road to zion.mp3
[2010/11/08 16:05:21 | 005,384,192 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\nas - stillmatic (promo) - one mic(2).mp3
[2010/11/08 16:05:14 | 006,409,489 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\mariah carey ft gucci mane - obsessed _remix_.mp3
[2010/11/08 16:05:12 | 005,892,096 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\ludacris - the red light district - blueberry yum yum (feat sleepy brown).mp3
[2010/11/08 16:05:05 | 007,497,855 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\lil wayne ft gucci mane- we be steady mobbin www hiphopearly com.mp3
[2010/11/08 16:04:56 | 011,884,116 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\kid cudi - pursuit of happiness (feat mgmt & ratatat) - hnhh.mp3
[2010/11/08 16:04:54 | 006,982,800 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\jbar feat soulja boy - daze - hnhh(2)50.mp3
[2010/11/08 16:04:51 | 006,153,698 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\gucci_mane_ft_plies-wasted.mp3
[2010/11/08 16:04:37 | 009,525,473 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\gucci mane ft usher - spotlight - buckmarleyxxx com.mp3
[2010/11/08 16:04:36 | 005,655,990 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\drake - over (3).mp3
[2010/11/08 16:04:35 | 004,118,569 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\bob marly - bob marley - buffalo soldier.mp3
[2010/11/08 16:04:32 | 003,703,485 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\bob marley - is this love.mp3
[2010/11/08 16:04:29 | 002,688,859 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\bob marley - greatest hits - one love.mp3
[2010/11/08 16:04:24 | 005,986,363 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\21 street life.mp3
[2010/11/08 16:04:23 | 004,520,960 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\20 dick pleaser(2).mp3
[2010/11/08 16:04:21 | 006,215,680 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\18 nas feat quan - just a moment.mp3
[2010/11/08 16:04:18 | 007,935,932 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\06 pimp mode featuring bun b.mp3
[2010/11/08 16:04:12 | 010,038,089 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\03 red magic feat the game.mp3
[2010/11/08 16:04:02 | 013,327,932 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\02_lil_wayne_-_im_single_(dirty)-djleak.mp3
[2010/11/08 16:04:02 | 005,531,198 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\01 - a little more country than that(1).mp3
[2010/11/08 16:03:58 | 010,761,513 | ---- | C] () -- C:\Documents and Settings\Connie_2\My Documents\wiz khalifa - kush & orange juice - mezmorized.mp3
[2009/02/01 16:55:56 | 000,000,170 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/07/18 10:59:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/05/14 21:49:56 | 000,258,370 | -HS- | C] () -- C:\WINDOWS\System32\sfoegpml.ini
[2008/05/13 17:34:39 | 002,247,779 | -HS- | C] () -- C:\WINDOWS\System32\sokumnua.ini
[2008/05/12 14:20:30 | 000,779,780 | -HS- | C] () -- C:\WINDOWS\System32\rchdymom.ini
[2008/05/11 11:17:22 | 000,787,156 | -HS- | C] () -- C:\WINDOWS\System32\rqwdtket.ini
[2008/05/08 17:10:56 | 000,783,480 | -HS- | C] () -- C:\WINDOWS\System32\djsglpgk.ini
[2008/05/06 19:42:45 | 000,910,876 | -HS- | C] () -- C:\WINDOWS\System32\brijxetl.ini
[2008/05/05 19:02:23 | 000,952,309 | -HS- | C] () -- C:\WINDOWS\System32\sqntarov.ini
[2008/05/04 17:17:51 | 000,927,914 | -HS- | C] () -- C:\WINDOWS\System32\nnqyweyt.ini
[2008/05/04 12:40:55 | 000,919,140 | -HS- | C] () -- C:\WINDOWS\System32\qbvctwsm.ini
[2008/05/03 08:55:59 | 000,919,020 | -HS- | C] () -- C:\WINDOWS\System32\nemcuxue.ini
[2008/05/01 16:23:19 | 000,918,144 | -HS- | C] () -- C:\WINDOWS\System32\yxseteis.ini
[2008/04/24 18:38:45 | 000,912,168 | -HS- | C] () -- C:\WINDOWS\System32\shfteuwn.ini
[2008/04/23 14:00:17 | 000,935,385 | -HS- | C] () -- C:\WINDOWS\System32\hvynjaxn.ini
[2008/04/23 13:57:01 | 000,883,987 | -HS- | C] () -- C:\WINDOWS\System32\hbdlydil.ini
[2008/04/21 19:39:31 | 000,884,699 | -HS- | C] () -- C:\WINDOWS\System32\ibqldxmy.ini
[2008/04/20 17:58:42 | 000,884,459 | -HS- | C] () -- C:\WINDOWS\System32\dgspfhtc.ini
[2008/04/20 16:56:46 | 000,910,076 | -HS- | C] () -- C:\WINDOWS\System32\lckwbnwg.ini
[2008/04/15 13:54:11 | 000,779,670 | -HS- | C] () -- C:\WINDOWS\System32\xfkrxaec.ini
[2008/04/13 23:06:45 | 000,779,318 | -HS- | C] () -- C:\WINDOWS\System32\bufgvuie.ini
[2008/04/13 23:06:34 | 000,003,648 | ---- | C] () -- C:\WINDOWS\System32\kgfeasas.dll
[2008/04/13 23:02:21 | 000,181,515 | -HS- | C] () -- C:\WINDOWS\System32\IPsrCcdd.ini2
[2008/04/13 23:02:20 | 000,182,012 | -HS- | C] () -- C:\WINDOWS\System32\IPsrCcdd.ini
[2008/04/12 19:58:25 | 000,709,411 | -HS- | C] () -- C:\WINDOWS\System32\ewnvwdgf.ini
[2008/04/11 16:44:14 | 000,708,619 | -HS- | C] () -- C:\WINDOWS\System32\wvctxpdr.ini
[2008/04/11 16:41:00 | 001,107,346 | -HS- | C] () -- C:\WINDOWS\System32\QAKjSvut.ini
[2008/04/11 16:41:00 | 001,107,190 | -HS- | C] () -- C:\WINDOWS\System32\QAKjSvut.ini2
[2007/06/13 23:06:03 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/02/05 18:45:23 | 000,031,744 | -H-- | C] () -- C:\WINDOWS\System32\tdcpuabaeg05.dll
[2006/09/04 15:41:31 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/07/12 09:59:33 | 000,000,462 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/07/12 09:59:33 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006/07/12 09:59:33 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/05/20 22:33:10 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/05/06 10:57:52 | 000,000,045 | ---- | C] () -- C:\WINDOWS\GDLJNKLL.ini
[2005/12/29 20:02:41 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/12/29 20:01:17 | 000,000,097 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2005/09/15 21:21:00 | 000,031,744 | -H-- | C] () -- C:\WINDOWS\System32\akjfbvaeg05.dll
[2005/09/15 20:12:42 | 000,031,744 | -H-- | C] () -- C:\WINDOWS\System32\lihfdaeg05.dll
[2005/09/15 20:07:46 | 000,031,744 | -H-- | C] () -- C:\WINDOWS\System32\ulmjaeg05.dll
[2005/09/15 20:03:14 | 000,031,744 | -H-- | C] () -- C:\WINDOWS\System32\qgtncaeg05.dll
[2005/09/15 20:01:37 | 000,031,744 | -H-- | C] () -- C:\WINDOWS\System32\tgceuouaeg05.dll
[2005/09/14 20:18:09 | 000,031,744 | -H-- | C] () -- C:\WINDOWS\System32\mdufksaeg05.dll
[2005/07/26 18:40:41 | 000,036,352 | -H-- | C] () -- C:\WINDOWS\System32\czjaeg06.dll
[2005/07/19 19:20:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2005/07/13 11:48:35 | 000,286,720 | ---- | C] () -- C:\WINDOWS\systb.dll_tobedeleted
[2005/07/11 14:15:38 | 000,000,030 | ---- | C] () -- C:\WINDOWS\morphexe.INI
[2005/07/06 12:47:33 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2005/06/16 06:52:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/06/09 14:55:02 | 000,031,744 | -H-- | C] () -- C:\WINDOWS\System32\iecklcaeg05.dll
[2005/06/05 13:01:44 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2005/06/04 14:58:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/06/04 14:18:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2005/06/01 14:07:38 | 000,000,045 | ---- | C] () -- C:\WINDOWS\GDLJNKL.ini
[2005/05/31 13:36:43 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\gbbkqendw30104lib.dll
[2005/05/29 13:53:23 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Administrator.ini
[2005/05/22 19:53:33 | 000,000,071 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2005/05/21 08:41:49 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\vrmbnnndw30103lib.dll
[2005/05/19 20:33:01 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\uxdfndw30102lib.dll
[2005/05/17 07:10:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/05/17 07:10:04 | 000,213,504 | ---- | C] () -- C:\WINDOWS\System32\NMOCOD.DLL
[2005/05/17 07:04:35 | 000,000,058 | ---- | C] () -- C:\WINDOWS\cozweb.ini
[2005/05/17 06:45:04 | 000,000,009 | ---- | C] () -- C:\WINDOWS\HOL.INI
[2005/05/17 06:33:36 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll
[2005/04/30 21:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/04/22 07:17:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\PureEdgeAPI.ini
[2005/04/22 07:17:25 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\MSQOLE.DLL
[2005/03/29 18:44:55 | 000,004,677 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/02/18 11:31:50 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVSyf.DLL
[2005/02/16 11:49:52 | 000,000,453 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/15 10:35:49 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2005/02/15 10:33:02 | 000,000,599 | ---- | C] () -- C:\WINDOWS\System32\CNCMP51.INI
[2005/02/15 10:09:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2005/02/15 09:58:37 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/02/15 09:57:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/02/15 03:39:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/09/17 09:12:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
[2003/07/24 09:05:04 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\NS_ProWrite_RTF.dll
[2002/09/17 15:46:30 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1997/08/28 09:53:10 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\mapirtf.dll

========== LOP Check ==========

[2005/05/22 17:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2005/06/30 16:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2005/06/04 14:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2010/11/16 00:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/05/16 10:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lsdcrive
[2005/10/10 14:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2005/04/22 07:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2005/04/01 12:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2005/02/15 10:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2005/05/10 14:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2010/11/11 01:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/11/26 10:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/09/13 08:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2007/10/07 15:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Connie_2\Application Data\acccore
[2007/10/25 10:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Connie_2\Application Data\Image Zone Express
[2010/11/02 14:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Connie_2\Application Data\IObit
[2010/11/12 10:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Connie_2\Application Data\iolo
[2010/11/02 12:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Connie_2\Application Data\LimeWire
[2007/04/10 08:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Connie_2\Application Data\Morpheus
[2007/10/25 10:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Connie_2\Application Data\Printer Info Cache
[2007/02/04 21:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Connie_2\Application Data\PureEdge
[2010/01/03 10:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Connie_2\Application Data\TmpRecentIcons
[2007/10/07 15:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Connie_2\Application Data\Viewpoint

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2005/06/01 12:21:10 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2005/06/01 12:21:10 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2004/08/04 00:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 00:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
[2001/08/17 13:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/01/21 20:18:46 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2005/06/01 12:21:10 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2005/06/01 12:21:10 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/01/21 20:07:40 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/03 23:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 23:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/04 01:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 01:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2004/01/21 20:09:04 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2004/01/21 20:14:16 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 12:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 12:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 01:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 01:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 01:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2004/01/21 20:17:16 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/12/21 23:42:44 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/12/21 23:42:45 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2008/04/13 23:06:34 | 000,003,648 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kgfeasas.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\svchost.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\svchost.exe:DocumentSummaryInformation
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E

< End of report >
  • 0

#3
SweetTech
Posted 16 November 2010 - 10:34 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :D
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message to me on here. ;)
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________

Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#4
mclovin1
Posted 16 November 2010 - 04:08 PM

mclovin1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
here are my combofix logs:



ComboFix 10-11-15.06 - Connie_2 11/16/2010 14:58:37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.258 [GMT -6:00]
Running from: c:\documents and settings\Connie_2\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
ADS - svchost.exe: deleted 176 bytes in 3 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Connie_2\Recent\f1040ez.pdf
c:\program files\AWS\WEATHE~1\MINIBU~1.DLL
c:\program files\TBONAS
c:\program files\TBONAS\bestoffers_icon_01.ico
c:\program files\TBONAS\center_wnd.htm
c:\program files\TBONAS\comp.htm
c:\program files\TBONAS\grb12.rtk
c:\program files\TBONAS\TBONcomp.dll
c:\program files\TBONAS\Thumbs.db
C:\Thumbs.db
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\NDNuninstall6_90.exe
c:\windows\system32\brijxetl.ini
c:\windows\system32\bufgvuie.ini
c:\windows\system32\dgspfhtc.ini
c:\windows\system32\djsglpgk.ini
c:\windows\system32\DrPMon.dll
c:\windows\system32\ewnvwdgf.ini
c:\windows\system32\hbdlydil.ini
c:\windows\system32\hvynjaxn.ini
c:\windows\system32\ibqldxmy.ini
c:\windows\system32\IPsrCcdd.ini
c:\windows\system32\IPsrCcdd.ini2
c:\windows\system32\lckwbnwg.ini
c:\windows\system32\nemcuxue.ini
c:\windows\system32\nnqyweyt.ini
c:\windows\system32\QAKjSvut.ini
c:\windows\system32\QAKjSvut.ini2
c:\windows\system32\qbvctwsm.ini
c:\windows\system32\rchdymom.ini
c:\windows\system32\rqwdtket.ini
c:\windows\system32\sfoegpml.ini
c:\windows\system32\shfteuwn.ini
c:\windows\system32\sokumnua.ini
c:\windows\system32\spool\prtprocs\w32x86\CNMPDyf.DLL
c:\windows\system32\spool\prtprocs\w32x86\CNMPPyf.DLL
c:\windows\system32\sqntarov.ini
c:\windows\system32\Thumbs.db
c:\windows\system32\twain.dll
c:\windows\system32\wvctxpdr.ini
c:\windows\system32\xfkrxaec.ini
c:\windows\system32\yxseteis.ini

.
((((((((((((((((((((((((( Files Created from 2010-10-16 to 2010-11-16 )))))))))))))))))))))))))))))))
.

2010-11-16 03:18 . 2010-11-16 03:18 -------- d-----w- c:\documents and settings\Connie_2\Application Data\Malwarebytes
2010-11-16 03:17 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-16 03:17 . 2010-11-16 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-16 03:17 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-16 03:17 . 2010-11-16 03:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-16 00:24 . 2010-11-16 00:24 -------- d-----w- c:\windows\system32\MpEngineStore
2010-11-15 23:31 . 2010-11-15 23:31 -------- d-----w- C:\51f43288353c78c26e12
2010-11-15 23:02 . 2010-11-15 23:02 -------- d-----w- C:\041a6724863a3c2bcb416ce826
2010-11-15 19:56 . 2010-11-15 19:56 -------- d-----w- C:\c1db76724088d4249b9b
2010-11-15 08:19 . 2010-11-15 13:15 -------- d-----w- C:\0009af286a68dd81b4
2010-11-14 21:05 . 2010-11-14 21:06 -------- d-----w- C:\c688bcabdfa6e5f980d8d35c460966
2010-11-12 17:09 . 2004-10-14 03:06 286720 ----a-w- c:\windows\systb.dll
2010-11-12 16:17 . 2010-11-12 16:17 -------- d-----w- c:\windows\47D5D869FE574F2FA35883CFAA7B4968.TMP
2010-11-12 03:25 . 2010-11-12 03:25 -------- d-----w- c:\documents and settings\Connie_2\Local Settings\Application Data\Help
2010-11-11 02:32 . 2010-09-23 19:29 511328 ----a-w- c:\program files\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2010-11-11 02:26 . 2010-11-11 02:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
2010-11-11 02:26 . 2010-10-12 18:55 87688 ----a-w- c:\windows\system32\IncContxMenu.dll
2010-11-11 02:26 . 2010-10-12 17:08 2233016 ----a-w- c:\windows\system32\Incinerator.dll
2010-11-11 02:25 . 2010-10-12 18:55 11776 ----a-w- c:\windows\system32\smrgdf.exe
2010-11-11 02:25 . 2010-10-12 18:55 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2010-11-11 02:25 . 2010-11-11 02:25 -------- d-----w- c:\program files\iolo
2010-11-11 02:04 . 2010-11-12 16:17 -------- d-----w- c:\documents and settings\Connie_2\Application Data\iolo
2010-11-11 01:20 . 2010-11-11 01:20 74703 ----a-w- c:\windows\system32\mfc45.dll
2010-11-11 01:19 . 2010-11-16 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2010-11-10 22:38 . 2010-11-10 22:38 -------- d-----w- c:\program files\Ares
2010-11-10 21:58 . 2010-11-11 07:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-11-10 21:57 . 2010-11-10 21:57 -------- d-----w- c:\program files\CleanMyPC
2010-11-07 17:53 . 2010-11-07 18:38 -------- d-----w- c:\documents and settings\Connie_2\Local Settings\Application Data\Ares
2010-11-02 20:14 . 2010-11-02 20:14 -------- d-----w- c:\program files\IObit
2010-11-02 20:14 . 2010-11-02 20:14 -------- d-----w- c:\documents and settings\Connie_2\Application Data\IObit
2010-11-02 18:14 . 2010-11-02 18:14 -------- d-----w- c:\program files\Microsoft
2010-11-02 18:05 . 2010-09-15 09:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-02 18:05 . 2010-09-15 09:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-02 17:46 . 2010-11-02 18:30 -------- d-----w- c:\documents and settings\Connie_2\Local Settings\Application Data\BearShare
2010-11-02 17:40 . 2010-11-02 18:36 -------- d-----w- c:\program files\BearShare Applications
2010-11-02 17:35 . 2010-11-02 17:35 -------- d-----w- c:\documents and settings\Connie_2\Local Settings\Application Data\PackageAware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 07:29 . 2010-01-02 20:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.0\masqform.exe" [2003-12-03 1052672]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-06-01 100056]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-04 50176]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-07 335872]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2003-12-02 54296]
"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2003-12-02 58392]
"FLMOFFICE4DMOUSE"="c:\program files\Browser Mouse\mouse32a.exe" [2005-07-26 360448]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-15 180269]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Morpheus Ultra.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Morpheus Ultra.lnk
backup=c:\windows\pss\Morpheus Ultra.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Morpheus.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Morpheus.lnk
backup=c:\windows\pss\Morpheus.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
"ATIModeChange"=Ati2mdxx.exe
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe"
"ehTray"=c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Motorola\\iDEN Update\\ISL.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\iolo\\System Mechanic\\SysMech.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [11/10/2010 8:25 PM 724152]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [11/10/2010 8:25 PM 724152]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\connie\LOCALS~1\Temp\DMSKSSRh.sys --> c:\docume~1\connie\LOCALS~1\Temp\DMSKSSRh.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]

--- Other Services/Drivers In Memory ---

*Deregistered* - ioloSGuardDriver
.
Contents of the 'Scheduled Tasks' folder

2010-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.neededware.com/ad3.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb&sysid=2
uSearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
Trusted Zone: turbotax.com
TCP: {619776B3-9930-4E80-924F-5765B9A9BDEF} = 66.90.130.101,66.90.130.10
DPF: NDWCab - hxxp://www.neededware.com/ndw4.cab
FF - ProfilePath - c:\documents and settings\Connie_2\Application Data\Mozilla\Firefox\Profiles\u0hhzu11.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

BHO-{3C5F395A-72C2-4232-8F25-A4FA11755B6F} - (no file)
BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - (no file)
Notify-iifeeEVl - iifeeEVl.dll
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-Stunt Track Driver - c:\program files\Stunt Track Driver\Stunt Track Driver.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-16 15:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{564572D7-BA6B-A81E-17332C14105A24EF}\{35AC4256-1B84-66D8-7C4583AC3B4AA35B}\{791C0703-8CF5-813B-67470F66B09458B3}*]
"63AUOURV1X6YIYB2ELIFO4LTRC1"=hex:01,00,01,00,00,00,00,00,87,da,ad,38,2b,26,f8,
c3,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
@DACL=(02 0000)
@=""
"waol.exe"=dword:00000001
"cs.exe"=dword:00000001
"wm.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTECT_DECOMPRESSION_FILTER_FROM_ABORT_KB942367]
@DACL=(02 0000)
@=""
"*"=dword:00000001
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1288)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(3828)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\program files\Browser Mouse\MOUDL32A.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\netdde.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\locator.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\iolo\System Mechanic\SystemGuardAlerter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Completion time: 2010-11-16 15:25:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-16 21:25

Pre-Run: 7,155,322,880 bytes free
Post-Run: 7,804,301,312 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - DDC8D5B07985133E635722604D4A87C1
  • 0

#5
SweetTech
Posted 16 November 2010 - 04:23 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

How are things running?

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
DirLook::
C:\51f43288353c78c26e12
C:\041a6724863a3c2bcb416ce826
C:\c1db76724088d4249b9b
C:\0009af286a68dd81b4
C:\c688bcabdfa6e5f980d8d35c460966
c:\windows\47D5D869FE574F2FA35883CFAA7B4968.TMP
c:\documents and settings\Connie_2\Local Settings\Application Data\Help

Driver::
DMSKSSRh

File::
c:\docume~1\connie\LOCALS~1\Temp\DMSKSSRh.sys

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Add/Remove Programs
I would also like to see a list of installed programs, so please do this:
Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

A text file should open. Post the contents of that file in your next reply.




NEXT:




Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#6
mclovin1
Posted 16 November 2010 - 06:11 PM

mclovin1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
here is the new combofix log you requested:





ComboFix 10-11-16.02 - Connie_2 11/16/2010 17:46:39.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.245 [GMT -6:00]
Running from: c:\documents and settings\Connie_2\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Connie_2\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\docume~1\connie\LOCALS~1\Temp\DMSKSSRh.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DMSKSSRH
-------\Service_DMSKSSRh


((((((((((((((((((((((((( Files Created from 2010-10-16 to 2010-11-16 )))))))))))))))))))))))))))))))
.

2010-11-16 03:18 . 2010-11-16 03:18 -------- d-----w- c:\documents and settings\Connie_2\Application Data\Malwarebytes
2010-11-16 03:17 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-16 03:17 . 2010-11-16 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-16 03:17 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-16 03:17 . 2010-11-16 03:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-16 00:24 . 2010-11-16 00:24 -------- d-----w- c:\windows\system32\MpEngineStore
2010-11-15 23:31 . 2010-11-15 23:31 -------- d-----w- C:\51f43288353c78c26e12
2010-11-15 23:02 . 2010-11-15 23:02 -------- d-----w- C:\041a6724863a3c2bcb416ce826
2010-11-15 19:56 . 2010-11-15 19:56 -------- d-----w- C:\c1db76724088d4249b9b
2010-11-15 08:19 . 2010-11-15 13:15 -------- d-----w- C:\0009af286a68dd81b4
2010-11-14 21:05 . 2010-11-14 21:06 -------- d-----w- C:\c688bcabdfa6e5f980d8d35c460966
2010-11-12 17:09 . 2004-10-14 03:06 286720 ----a-w- c:\windows\systb.dll
2010-11-12 16:17 . 2010-11-12 16:17 -------- d-----w- c:\windows\47D5D869FE574F2FA35883CFAA7B4968.TMP
2010-11-12 03:25 . 2010-11-12 03:25 -------- d-----w- c:\documents and settings\Connie_2\Local Settings\Application Data\Help
2010-11-11 02:32 . 2010-09-23 19:29 511328 ----a-w- c:\program files\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2010-11-11 02:26 . 2010-11-11 02:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
2010-11-11 02:26 . 2010-10-12 18:55 87688 ----a-w- c:\windows\system32\IncContxMenu.dll
2010-11-11 02:26 . 2010-10-12 17:08 2233016 ----a-w- c:\windows\system32\Incinerator.dll
2010-11-11 02:25 . 2010-10-12 18:55 11776 ----a-w- c:\windows\system32\smrgdf.exe
2010-11-11 02:25 . 2010-10-12 18:55 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2010-11-11 02:25 . 2010-11-11 02:25 -------- d-----w- c:\program files\iolo
2010-11-11 02:04 . 2010-11-12 16:17 -------- d-----w- c:\documents and settings\Connie_2\Application Data\iolo
2010-11-11 01:20 . 2010-11-11 01:20 74703 ----a-w- c:\windows\system32\mfc45.dll
2010-11-11 01:19 . 2010-11-16 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2010-11-10 22:38 . 2010-11-10 22:38 -------- d-----w- c:\program files\Ares
2010-11-10 21:58 . 2010-11-11 07:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-11-10 21:57 . 2010-11-10 21:57 -------- d-----w- c:\program files\CleanMyPC
2010-11-07 17:53 . 2010-11-07 18:38 -------- d-----w- c:\documents and settings\Connie_2\Local Settings\Application Data\Ares
2010-11-02 20:14 . 2010-11-02 20:14 -------- d-----w- c:\program files\IObit
2010-11-02 20:14 . 2010-11-02 20:14 -------- d-----w- c:\documents and settings\Connie_2\Application Data\IObit
2010-11-02 18:14 . 2010-11-02 18:14 -------- d-----w- c:\program files\Microsoft
2010-11-02 18:05 . 2010-09-15 09:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-02 18:05 . 2010-09-15 09:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-02 17:46 . 2010-11-02 18:30 -------- d-----w- c:\documents and settings\Connie_2\Local Settings\Application Data\BearShare
2010-11-02 17:40 . 2010-11-02 18:36 -------- d-----w- c:\program files\BearShare Applications
2010-11-02 17:35 . 2010-11-02 17:35 -------- d-----w- c:\documents and settings\Connie_2\Local Settings\Application Data\PackageAware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 07:29 . 2010-01-02 20:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\0009af286a68dd81b4 ----

2010-11-02 22:47 . 2010-11-02 22:47 35758536 ----a-w- c:\0009af286a68dd81b4\mrt.exe
2010-11-02 22:47 . 2010-11-02 22:47 82376 ----a-w- c:\0009af286a68dd81b4\mrtstub.exe

---- Directory of C:\041a6724863a3c2bcb416ce826 ----

2010-11-15 23:02 . 2010-11-15 23:02 788 ---ha-w- c:\041a6724863a3c2bcb416ce826\$shtdwn$.req
2010-11-02 22:47 . 2010-11-02 22:47 35758536 ----a-w- c:\041a6724863a3c2bcb416ce826\mrt.exe
2010-11-02 22:47 . 2010-11-02 22:47 82376 ----a-w- c:\041a6724863a3c2bcb416ce826\mrtstub.exe

---- Directory of C:\51f43288353c78c26e12 ----

2010-11-15 23:31 . 2010-11-15 23:31 788 ---ha-w- c:\51f43288353c78c26e12\$shtdwn$.req
2010-11-02 22:47 . 2010-11-02 22:47 35758536 ----a-w- c:\51f43288353c78c26e12\mrt.exe
2010-11-02 22:47 . 2010-11-02 22:47 82376 ----a-w- c:\51f43288353c78c26e12\mrtstub.exe

---- Directory of C:\c1db76724088d4249b9b ----

2010-11-15 19:56 . 2010-11-15 19:56 788 ---ha-w- c:\c1db76724088d4249b9b\$shtdwn$.req
2010-11-02 22:47 . 2010-11-02 22:47 35758536 ----a-w- c:\c1db76724088d4249b9b\mrt.exe
2010-11-02 22:47 . 2010-11-02 22:47 82376 ----a-w- c:\c1db76724088d4249b9b\mrtstub.exe

---- Directory of C:\c688bcabdfa6e5f980d8d35c460966 ----

2010-11-14 21:06 . 2010-11-14 21:06 788 ---ha-w- c:\c688bcabdfa6e5f980d8d35c460966\$shtdwn$.req
2010-11-02 22:47 . 2010-11-02 22:47 35758536 ----a-w- c:\c688bcabdfa6e5f980d8d35c460966\mrt.exe
2010-11-02 22:47 . 2010-11-02 22:47 82376 ----a-w- c:\c688bcabdfa6e5f980d8d35c460966\mrtstub.exe

---- Directory of c:\documents and settings\Connie_2\Local Settings\Application Data\Help ----


---- Directory of c:\windows\47D5D869FE574F2FA35883CFAA7B4968.TMP ----

2010-11-12 16:17 . 2010-11-14 20:45 20439 ----a-w- c:\windows\47D5D869FE574F2FA35883CFAA7B4968.TMP\WiseData.ini
2010-11-12 16:17 . 2010-11-14 20:44 176128 ----a-w- c:\windows\47D5D869FE574F2FA35883CFAA7B4968.TMP\WiseCustomCalla.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.0\masqform.exe" [2003-12-03 1052672]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-06-01 100056]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-04 50176]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-07 335872]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2003-12-02 54296]
"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2003-12-02 58392]
"FLMOFFICE4DMOUSE"="c:\program files\Browser Mouse\mouse32a.exe" [2005-07-26 360448]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-15 180269]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Morpheus Ultra.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Morpheus Ultra.lnk
backup=c:\windows\pss\Morpheus Ultra.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Morpheus.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Morpheus.lnk
backup=c:\windows\pss\Morpheus.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
"ATIModeChange"=Ati2mdxx.exe
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe"
"ehTray"=c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Motorola\\iDEN Update\\ISL.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\iolo\\System Mechanic\\SysMech.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [11/10/2010 8:25 PM 724152]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [11/10/2010 8:25 PM 724152]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]
.
Contents of the 'Scheduled Tasks' folder

2010-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.neededware.com/ad3.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb&sysid=2
uSearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
Trusted Zone: turbotax.com
TCP: {619776B3-9930-4E80-924F-5765B9A9BDEF} = 66.90.130.101,66.90.130.10
DPF: NDWCab - hxxp://www.neededware.com/ndw4.cab
FF - ProfilePath - c:\documents and settings\Connie_2\Application Data\Mozilla\Firefox\Profiles\u0hhzu11.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-16 17:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{564572D7-BA6B-A81E-17332C14105A24EF}\{35AC4256-1B84-66D8-7C4583AC3B4AA35B}\{791C0703-8CF5-813B-67470F66B09458B3}*]
"63AUOURV1X6YIYB2ELIFO4LTRC1"=hex:01,00,01,00,00,00,00,00,87,da,ad,38,2b,26,f8,
c3,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
@DACL=(02 0000)
@=""
"waol.exe"=dword:00000001
"cs.exe"=dword:00000001
"wm.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTECT_DECOMPRESSION_FILTER_FROM_ABORT_KB942367]
@DACL=(02 0000)
@=""
"*"=dword:00000001
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1284)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(2368)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\program files\Browser Mouse\MOUDL32A.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\netdde.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\System32\dllhost.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\locator.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-11-16 18:03:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-17 00:03
ComboFix2.txt 2010-11-16 21:25

Pre-Run: 7,798,226,944 bytes free
Post-Run: 7,786,565,632 bytes free

- - End Of File - - 0CE03B7EFA5804F4A22493D761B4A2AD
  • 0

#7
mclovin1
Posted 16 November 2010 - 06:13 PM

mclovin1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
here are the programs insalled:



Ad-Aware SE Personal
Addit
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AnswerWorks 4.0 Runtime - English
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
Ares 2.1.7
ATI Control Panel
ATI Display Driver
ATIMCEE
Auction Client
Bonjour
Browser Mouse
BufferChm
Canon MP Drivers
Canon MP Toolbox 4.1.1.0.mp10
Canon Utilities Easy-PhotoPrint Plus
CCHelp
CCScore
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CR2
Dell ResourceCD
DesignPro 5.0 Media Edition
DeviceManagementQFolder
Documents To Go
Easy-WebPrint
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSvpaht
ESSvpot
eSupportQFolder
EZpad 3.0
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Handmark Solitaire for Palm OS
HLPIndex
HLPRFO
Hot Wheels® Stunt Track Driver 2 - GET'N DIRTY™
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Photosmart Essential
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
ICS Viewer 6.0
Intel® PRO Network Connections Drivers
InterActual Player
iolo technologies' System Mechanic
iTunes
J2SE Runtime Environment 5.0 Update 4
Java Auto Updater
Java™ 6 Update 22
Kodak EasyShare software
KSU
LiveReg (Symantec Corporation)
Malwarebytes' Anti-Malware
Managed DirectX (0901)
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft Data Access Components KB870669
Microsoft Default Manager
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Picture It! 99
Microsoft Search Enhancement Pack
Microsoft UI Engine
Microsoft Works 2004 Setup Launcher
Mozilla Firefox (3.0.15)
MSN Toolbar Platform
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Muiltmedia keyboard utility 1.1
Norton AntiVirus 2003
Norton WMI Update
Notifier
OmniPage SE 2.0
OTtBP
OTtBPSDK
PCDADDIN
PCDHELP
PCDLNCH
Phone Link Updater
Photo Editor Plus
Photosmart 140,240,7200,7600,7700,7900 Series
PowerDVD
Print Perfect DVD
ProWrite 2003
QuickTime
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 Series (KB969878)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SFR
SFR2
Shockwave
SolutionCenter
SoundMAX
SUPERAntiSpyware
Symantec Network Drivers Update
The Best Offers
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VPRINTOL
Web Page Creator
WebFldrs XP
WebReg
Windows Installer 3.1 (KB893803)
Windows Live ID Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885626
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! extras
Yahoo! Toolbar
ZoneAlarm Pro
  • 0

#8
SweetTech
Posted 16 November 2010 - 06:34 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Please post the MBAM log when it finishes running.
  • 0

#9
mclovin1
Posted 16 November 2010 - 06:59 PM

mclovin1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
here is the malware bytes log:



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5129

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

11/16/2010 6:52:45 PM
mbam-log-2010-11-16 (18-52-45).txt

Scan type: Quick scan
Objects scanned: 211069
Time elapsed: 43 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\Application Data\Microsoft\AddIns\ProWriteAddIn.dll (Trojan.Agent) -> Quarantined and deleted successfully.
  • 0

#10
SweetTech
Posted 17 November 2010 - 02:14 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

If you don't use the following programs I suggest you uninstall them.

Remove Program
We need to remove a program. To do this please do the following:
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):
  • Ad-Aware SE Personal
  • Ares 2.1.7
  • Google Toolbar for Firefox
  • Google Toolbar for Internet Explorer
  • J2SE Runtime Environment 5.0 Update 4 <--- Ensure that this gets removed. It's outdated.
  • MSN Toolbar Platform
  • Viewpoint Manager (Remove Only)
  • Viewpoint Media Player
  • Yahoo! Toolbar



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

Advertisements

#11
mclovin1
Posted 17 November 2010 - 07:17 PM

mclovin1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
hey, i wasnt able to install eset, it prompted me to download the active x control then left me with an empty window?!? but i did the security check. ill post my logs but before that, i was wondering if you knew how i could remove "the best offers" from my computer and if you knew from my logs whats stoping me from opening norton? everytime i try to run norton anti virus it doesnt do anything and its turned off and i cant access it! also i tried to update to service pack 3 and it got 3/4 of the way through then said it couldnt be installed! same with ie 8. anyways here is my security check log:


Results of screen317's Security Check version 0.99.6
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Norton AntiVirus 2003
ZoneAlarm Pro
iolo technologies' System Mechanic
Antivirus out of date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 22
Adobe Flash Player 10.0.22.87
````````````````````````````````
Process Check:
objlist.exe by Laurent
iolo Common Lib ioloServiceManager.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Edited by mclovin1, 17 November 2010 - 07:20 PM.

  • 0

#12
SweetTech
Posted 17 November 2010 - 07:27 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

hey, i wasnt able to install eset, it prompted me to download the active x control then left me with an empty window?!? but i did the security check. ill post my logs but before that, i was wondering if you knew how i could remove "the best offers" from my computer and if you knew from my logs whats stoping me from opening norton? everytime i try to run norton anti virus it doesnt do anything and its turned off and i cant access it! also i tried to update to service pack 3 and it got 3/4 of the way through then said it couldnt be installed! same with ie 8. anyways here is my security check log:


We can try to use a different tool then.


AVP Tool by Kaspersky

IMPORTANT: Save these instructions so you can have access to them while in Safe Mode.

Download the AVP Tool by Kaspersky from Here & save it to your desktop. Be aware that this is a large file.... approximately 60mb.
  • Reboot your computer into Safe Mode

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears
    Use your up arrow key to highlight Safe Mode then press Enter

  • Double click the setup file to run it
  • Click Next to continue
  • Accept the License agreement then click Next
  • It will by default install to your desktop folder. Click Next
  • Once installed it will open a box. Click the Automatic scan tab
  • Under Automatic scan make sure the following are checked:

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors
  • My Computer
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear

  • Click on Scan at the top right hand corner
  • It will automatically neutralize any objects found
  • If some objects are left un-neutralized, click on Neutralize all
  • If you receive a message that an item cannot be neutralized then choose the Delete option when prompted
  • Once finished click the Reports button at the bottom
  • Name the file Kas & save it somewhere convenient like your desktop
  • Copy/paste only the detected Virus\malware from the report. It will be at the very top under Detected & post those results in your next reply

    Note: This program will self uninstall when you close it so save the log before closing it



NEXT:



If your not able to remove The Best Offers from your computer then we can try to use a tool below:

RevoUninstaller
Download and install Revo Uninstaller
  • Double click the Revo Uninstaller icon on your desktop to start the program
  • Scroll through the listed programs and Right Click on the program you wish to uninstall
  • From the pop out menu choose Uninstall
  • Click Yes to the confirmation dialogue
  • In the next window select the Advanced mode
  • Click Next to start uninstalling the program
  • Answer Yes to confirm the uninstall
  • When the program has completed the four steps, click Next to allow the program to search for leftovers
  • Once complete, click Next, then Finish
  • Repeat the above steps for any other programs you wish to remove.


NEXT:



You may need to reinstall Norton, as it's possible it has become corrupt.
  • 0

#13
SweetTech
Posted 20 November 2010 - 07:41 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#14
SweetTech
Posted 07 December 2010 - 11:28 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Topic re-opened per request.
  • 0

#15
mclovin1
Posted 07 December 2010 - 06:49 PM

mclovin1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OS info: Microsoft Windows XP
Media Center Ed
Version 2002
Service pack 1

I have lots of little problems that "i assume" are because of incorrect registry keys! One of my most anoying problems is my program settings and display settings reset on startup?!? also, alot of windows updates wont install including service packs, security updates, and ie 8. Security Center is also disabled and every time i try to start it an error pops up: (error 1083: the executable program that this service is configured to run in does not implement the service). Earlier this week i noticed the settings resetting problem and windows media having to be setup everytime i reboot so i ran the "microsoft malacious software removal tool" and that found some infected files(around 50 or 60)that it deleted. I then installed my system mechanic antivirus and it found alot of infected files as well. Most of these files were Win/32 downloader files. There might be more still on the computer. The reseting problem has seem to have gone away but my computer is significantly slower than when we deleted those files using combofix! Is there anything we can do to fix this? pleasssse help!!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP