Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer makes beeping noises


  • This topic is locked This topic is locked

#1
cory123

cory123

    Member

  • Member
  • PipPipPip
  • 128 posts
Recently my girlfriends laptop has went to [bleep]. When she starts up sometimes it just goes BEEP BEEP BEEP BEEP and you gotta restart it. Other timses it says it needs repaired, or asks what kind of OS we are using. I had to run a lot of stuff just to get IE to work again. Alt ctrl delete still dont work neither does firefox.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:22 PM, on 5/22/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\MicroSoft Windows Defender System (x86)\wMSCPower_Event_SrvcEng32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SWDM Viewer] "C:\PROGRA~1\COMMON~1\MicroSoft Windows Defender System (x86)\wMSCPower_Event_SrvcEng32.exe" -start
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra button: Lookup on CD - {CB9CDC2D-0AB4-4031-A1F7-E9B4070CE521} - c:\AHD4withThesaurus\ahd.htm (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: MSWinIsmSys - C:\Windows\system32\dMSC.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5919 bytes



Here is combofix from the yesterday.

ComboFix 11-05-21.03 - Ashley 05/22/2011 20:26:18.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1939 [GMT -7:00]
Running from: c:\users\Ashley\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SysWoW32
c:\programdata\SysWoW32\mu879441860v4.kwd
c:\programdata\SysWoW32\mu879441860v5
c:\programdata\SysWoW32\mu879441860v5.kwd
c:\programdata\SysWoW32\mu879441860v6
c:\programdata\SysWoW32\mu879441860v6.kwd
c:\programdata\SysWoW32\mu879441860v7
c:\programdata\SysWoW32\mu879441860v7.kwd
c:\programdata\SysWoW32\wu879441860v0
c:\programdata\SysWoW32\wu879441860v0.kwd
c:\programdata\SysWoW32\wu879441860v1.kwd
c:\programdata\SysWoW32\wu879441860v2.kwd
c:\programdata\SysWoW32\wu879441860v3.kwd
c:\programdata\unrar.exe
c:\restoration\Restoration.exe
c:\users\Ashley\AppData\Roaming\cacaoweb
c:\users\Ashley\AppData\Roaming\cacaoweb\adstorage.db
c:\users\Ashley\AppData\Roaming\cacaoweb\cacaoweb.exe
c:\users\Ashley\AppData\Roaming\cacaoweb\replicating67A4A3AB2DAE0E518BE00956A886F401.cacao
c:\users\Ashley\AppData\Roaming\cacaoweb\replicating6C5B01F65EEBCD706B51837983F13541.cacao
c:\users\Ashley\AppData\Roaming\cacaoweb\replicating99ED86E998A9C69176FA5FB5357ED048.cacao
c:\users\Ashley\AppData\Roaming\cacaoweb\storage.db
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\11478.exe
c:\windows\system32\1543703289
c:\windows\system32\15724.exe
c:\windows\system32\19169.exe
c:\windows\system32\26500.exe
c:\windows\system32\29358.exe
c:\windows\system32\Update.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-23 to 2011-05-23 )))))))))))))))))))))))))))))))
.
.
2011-05-23 03:39 . 2011-05-23 03:40 -------- d-----w- c:\users\Ashley\AppData\Local\temp
2011-05-23 03:39 . 2011-05-23 03:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-05-23 03:39 . 2011-05-23 03:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-23 03:39 . 2011-05-23 03:39 -------- d-----w- c:\users\Cory\AppData\Local\temp
2011-05-22 23:11 . 2011-05-22 23:11 -------- d-----r- c:\program files\Norton Support
2011-05-13 03:18 . 2011-05-13 03:18 -------- d-----w- c:\users\Ashley\AppData\Roaming\inkscape
2011-05-13 03:04 . 2011-05-13 03:14 -------- d-----w- c:\program files\Inkscape
2011-05-05 15:45 . 2011-05-05 15:59 -------- d-----w- c:\users\Ashley\AppData\Roaming\PhotoScape
2011-05-05 15:45 . 2011-05-05 15:45 -------- d-----w- c:\program files\PhotoScape
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 21:45 . 2011-04-14 21:45 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-10 01:33 . 2011-04-10 01:33 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-04-10 01:33 . 2011-04-10 12:41 217136 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symtdi.sys
2011-04-10 01:33 . 2011-04-10 12:41 89904 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symfw.sys
2011-04-10 01:33 . 2011-04-10 12:41 48688 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symndisv.sys
2011-04-10 01:33 . 2011-04-10 12:41 43696 ----a-w- c:\windows\system32\drivers\N360\0308000.029\srtspx.sys
2011-04-10 01:33 . 2011-04-10 12:41 36400 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symndis.sys
2011-04-10 01:33 . 2011-04-10 12:41 33072 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symids.sys
2011-04-10 01:33 . 2011-04-10 12:41 310320 ----a-w- c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys
2011-04-10 01:33 . 2011-04-10 12:41 308272 ----a-w- c:\windows\system32\drivers\N360\0308000.029\srtsp.sys
2011-04-10 01:33 . 2011-04-10 01:33 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2011-04-10 01:33 . 2011-04-10 12:41 482432 ----a-w- c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys
2011-04-10 01:33 . 2011-04-10 12:40 259632 ----a-w- c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys
2011-04-10 01:33 . 2011-04-10 01:33 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-10 01:33 . 2011-04-10 01:33 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-03-10 17:03 . 2011-04-15 18:58 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 18:58 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-15 18:58 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 13:25 . 2011-04-15 18:58 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-15 18:58 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 13:24 . 2011-04-15 18:58 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-22 13:24 . 2011-04-15 18:58 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-22 13:23 . 2011-04-15 18:58 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-22 13:23 . 2011-04-15 18:58 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-22 06:21 . 2011-04-15 18:59 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17 . 2011-04-15 18:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16 . 2011-04-15 18:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16 . 2011-04-15 18:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 06:16 . 2011-04-15 18:58 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 05:20 . 2011-04-15 18:58 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43 . 2011-04-15 18:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42 . 2011-04-15 18:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2010-11-26 22:13 454656 --sh--r- c:\windows\System32\dMSC.dll
2010-01-03 17:34 203776 --sh--w- c:\windows\System32\unrar.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SWDM Viewer"="c:\progra~1\COMMON~1\MicroSoft Windows Defender System (x86)\wMSCPower_Event_SrvcEng32.exe" [2011-03-19 713728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-10-26 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2010-08-20 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-08-20 00:39 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MSWinIsmSys]
2010-11-26 22:13 454656 --sh--r- c:\windows\System32\dMSC.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Ashley^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Ashley^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-05-09 19:49 716800 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 08:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2009-07-18 03:21 257440 ----a-w- c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 17:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2007-11-01 06:01 54608 ----a-w- c:\program files\Toshiba\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 22:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-12-21 01:08 443728 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RebateInformer]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-06 00:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-05-22 22:57 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-02-06 21:52 431456 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R0 oahol;oahol;c:\windows\System32\drivers\bydajny.sys [x]
R0 ppjuq;ppjuq;c:\windows\System32\drivers\wontpg.sys [x]
R0 xvukw;xvukw;c:\windows\System32\drivers\rdsrh.sys [x]
R3 bcm;Beceem Communications Inc. Tarang3;c:\windows\system32\DRIVERS\drxvi314.sys [2009-01-20 233472]
R3 bcmbusctr;Beceem Devices' Enumerator Driver;c:\windows\system32\DRIVERS\BcmBusCtr.sys [2009-01-20 54784]
R3 dump_wmimmc;dump_wmimmc;c:\ntreev usa\Pangya\GameGuard\dump_wmimmc.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-04-09 102448]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-15 3473644]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-08-20 12872]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R4 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]
R4 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
R4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-01 691696]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2011-04-10 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2011-04-10 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2011-04-10 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110425.001\IDSvix86.sys [2011-03-30 353912]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-08-20 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-08-20 67656]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2011-04-10 117640]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2011-04-10 48688]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SASDIFSV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 22:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyServer = http=;ftp=;https=;
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://flvtubesearch.co/?prt=02ff&clid=&subid=&Keywords=
FF - prefs.js: network.proxy.type - 0

FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - (no file)
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-cacaoweb - c:\users\Ashley\AppData\Roaming\cacaoweb\cacaoweb.exe
MSConfigStartUp-ClickPotatoLiteSA - c:\program files\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSA.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-PlayOn - c:\program files\MediaMall\PlayOn.exe
MSConfigStartUp-SynTPEnh - c:\program files\Synaptics\SynTP\SynTPEnh.exe
AddRemove-InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-22 20:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-05-22 20:56:55
ComboFix-quarantined-files.txt 2011-05-23 03:56
.
Pre-Run: 114,145,583,104 bytes free
Post-Run: 114,133,880,832 bytes free
.
- - End Of File - - E8A434DE5A33BCA2BE3AEB6E5534345D
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there sorry for the delay

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\System32\drivers\bydajny.sys
c:\windows\System32\drivers\wontpg.sys
c:\windows\System32\drivers\rdsrh.sys

Driver::
oahol
ppjuq
xvukw


3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt .

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
cory123

cory123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
OTL.Txt opened and is saved on my desktop, but Extras.txt didn't and is nowhere to be found


Here are my combofix and OTL logs


ComboFix 11-05-30.06 - Ashley 05/30/2011 14:59:39.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1868 [GMT -7:00]
Running from: c:\users\Ashley\Desktop\ComboFix.exe
Command switches used :: c:\users\Ashley\Documents\CFScript.txt
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\drivers\bydajny.sys"
"c:\windows\System32\drivers\rdsrh.sys"
"c:\windows\System32\drivers\wontpg.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_oahol
-------\Service_ppjuq
-------\Service_xvukw
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-30 )))))))))))))))))))))))))))))))
.
.
2011-05-30 22:11 . 2011-05-30 22:15 -------- d-----w- c:\users\Ashley\AppData\Local\temp
2011-05-30 22:11 . 2011-05-30 22:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-05-30 22:11 . 2011-05-30 22:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-30 22:11 . 2011-05-30 22:11 -------- d-----w- c:\users\Cory\AppData\Local\temp
2011-05-30 21:49 . 2011-05-30 21:49 -------- d-----w- c:\program files\KeyTweak
2011-05-29 00:33 . 2011-05-29 00:33 -------- d-----w- c:\program files\Veetle
2011-05-24 21:44 . 2011-05-24 21:44 -------- d-----w- C:\VundoFix Backups
2011-05-22 23:11 . 2011-05-22 23:11 -------- d-----r- c:\program files\Norton Support
2011-05-13 03:18 . 2011-05-13 03:18 -------- d-----w- c:\users\Ashley\AppData\Roaming\inkscape
2011-05-13 03:04 . 2011-05-13 03:14 -------- d-----w- c:\program files\Inkscape
2011-05-05 15:45 . 2011-05-05 15:59 -------- d-----w- c:\users\Ashley\AppData\Roaming\PhotoScape
2011-05-05 15:45 . 2011-05-05 15:45 -------- d-----w- c:\program files\PhotoScape
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 21:45 . 2011-04-14 21:45 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-10 01:33 . 2011-04-10 01:33 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-04-10 01:33 . 2011-04-10 12:41 217136 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symtdi.sys
2011-04-10 01:33 . 2011-04-10 12:41 89904 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symfw.sys
2011-04-10 01:33 . 2011-04-10 12:41 48688 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symndisv.sys
2011-04-10 01:33 . 2011-04-10 12:41 43696 ----a-w- c:\windows\system32\drivers\N360\0308000.029\srtspx.sys
2011-04-10 01:33 . 2011-04-10 12:41 36400 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symndis.sys
2011-04-10 01:33 . 2011-04-10 12:41 33072 ----a-w- c:\windows\system32\drivers\N360\0308000.029\symids.sys
2011-04-10 01:33 . 2011-04-10 12:41 310320 ----a-w- c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys
2011-04-10 01:33 . 2011-04-10 12:41 308272 ----a-w- c:\windows\system32\drivers\N360\0308000.029\srtsp.sys
2011-04-10 01:33 . 2011-04-10 01:33 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2011-04-10 01:33 . 2011-04-10 12:41 482432 ----a-w- c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys
2011-04-10 01:33 . 2011-04-10 12:40 259632 ----a-w- c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys
2011-04-10 01:33 . 2011-04-10 01:33 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-10 01:33 . 2011-04-10 01:33 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-03-10 17:03 . 2011-04-15 18:58 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 18:58 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-15 18:58 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 13:25 . 2011-04-15 18:58 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-15 18:58 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2010-11-26 22:13 454656 --sh--r- c:\windows\System32\dMSC.dll
2010-01-03 17:34 203776 --sh--w- c:\windows\System32\unrar.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SWDM Viewer"="c:\progra~1\COMMON~1\MicroSoft Windows Defender System (x86)\wMSCPower_Event_SrvcEng32.exe" [2011-03-19 713728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-10-26 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2010-08-20 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-08-20 00:39 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MSWinIsmSys]
2010-11-26 22:13 454656 --sh--r- c:\windows\System32\dMSC.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Ashley^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Ashley^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-05-09 19:49 716800 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 08:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2009-07-18 03:21 257440 ----a-w- c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 17:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2007-11-01 06:01 54608 ----a-w- c:\program files\Toshiba\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 22:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-12-21 01:08 443728 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RebateInformer]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-06 00:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-05-22 22:57 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-02-06 21:52 431456 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R3 bcm;Beceem Communications Inc. Tarang3;c:\windows\system32\DRIVERS\drxvi314.sys [2009-01-20 233472]
R3 bcmbusctr;Beceem Devices' Enumerator Driver;c:\windows\system32\DRIVERS\BcmBusCtr.sys [2009-01-20 54784]
R3 dump_wmimmc;dump_wmimmc;c:\ntreev usa\Pangya\GameGuard\dump_wmimmc.sys [x]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-15 3473644]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-08-20 12872]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R4 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]
R4 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
R4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-01 691696]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2011-04-10 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2011-04-10 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2011-04-10 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110425.001\IDSvix86.sys [2011-03-30 353912]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-08-20 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-08-20 67656]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2011-04-10 117640]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-22 105592]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2011-04-10 48688]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 22:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
TCP: DhcpNameServer = 192.168.1.1 184.16.33.54
FF - ProfilePath - c:\users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://flvtubesearch.co/?prt=02ff&clid=&subid=&Keywords=
FF - prefs.js: network.proxy.type - 0

FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3320)
c:\windows\System32\NLSData0009.dll
c:\windows\system32\pnidui.dll
c:\windows\system32\btncopy.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-05-30 15:29:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-30 22:29
ComboFix2.txt 2011-05-23 03:57
.
Pre-Run: 113,648,857,088 bytes free
Post-Run: 113,290,776,576 bytes free
.
- - End Of File - - 50FC88A08D26344FBA0EBD110B095425




OTL here

OTL logfile created on: 5/30/2011 3:31:51 PM - Run 4
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Ashley\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 59.46% Memory free
5.94 Gb Paging File | 5.01 Gb Available in Paging File | 84.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.17 Gb Total Space | 105.56 Gb Free Space | 47.09% Space Free | Partition Type: NTFS

Computer Name: ASHLEY-PC | User Name: Ashley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ashley\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Ashley\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (N360) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TMachInfo) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (SmartFaceVWatchSrv) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110530.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110530.002\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110425.001\IDSvix86.sys (Symantec Corporation)
DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (msvad_simple) -- C:\Windows\System32\drivers\povrtdev.sys (MediaMall Technologies, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (bcm) -- C:\Windows\System32\drivers\drxvi314.sys (Beceem communications pvt ltd.)
DRV - (bcmbusctr) -- C:\Windows\System32\drivers\BcmBusCtr.sys (Beceem communications pvt ltd.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (SVRPEDRV) -- C:\Windows\System32\sysprep\PEDRV.SYS (Inventec Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 26 D9 3C A0 37 04 4B BF D1 73 F6 8E AE 3A 02 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 26 D9 3C A0 37 04 4B BF D1 73 F6 8E AE 3A 02 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 26 D9 3C A0 37 04 4B BF D1 73 F6 8E AE 3A 02 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 24 26 D9 3C A0 37 04 4B BF D1 73 F6 8E AE 3A 02 [binary data]

IE - HKU\S-1-5-21-1190829786-1220779109-899251729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSHB&bmod=TSHB
IE - HKU\S-1-5-21-1190829786-1220779109-899251729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1190829786-1220779109-899251729-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Yahoo-FlvTube"
FF - prefs.js..browser.search.defaultenginename: "Yahoo-FlvTube"
FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Yahoo-FlvTube"
FF - prefs.js..browser.search.selectedEngine: "Yahoo-FlvTube"
FF - prefs.js..browser.search.selectedEngineURL: "http://flvtubesearch...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:4.0
FF - prefs.js..keyword.URL: "http://flvtubesearch...bid=&Keywords="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/06/07 10:47:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/05/20 10:08:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/10/26 01:06:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/20 10:08:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/20 10:08:34 | 000,000,000 | ---D | M]

[2009/12/19 21:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Extensions
[2009/12/19 21:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/05/12 19:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\extensions
[2011/01/18 16:08:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/18 17:48:18 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\extensions\{97f8066b-6214-4968-9d5e-b3a95031f5a7}
[2010/08/13 08:28:52 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\extensions\[email protected]
[2009/08/29 18:29:07 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\extensions\[email protected]
[2009/08/05 16:23:57 | 000,000,681 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\ask.xml
[2010/05/26 15:18:50 | 000,002,333 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\askcom.xml
[2010/08/04 19:26:51 | 000,001,819 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\bing-1.xml
[2010/06/12 19:25:41 | 000,002,267 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\bing-zugo.xml
[2010/04/25 19:36:48 | 000,001,832 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\bing.xml
[2010/06/08 11:29:02 | 000,000,919 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\conduit.xml
[2009/08/24 18:40:41 | 000,002,179 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\inbox-search.xml
[2010/07/12 22:43:15 | 000,010,059 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\mywebsearch.xml
[2011/05/30 15:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/22 12:21:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/26 10:57:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/18 14:29:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/20 10:08:34 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
[2011/05/30 15:14:04 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
[2009/11/19 14:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 14:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2009/10/01 21:56:57 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/10/15 09:46:41 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2011/05/12 19:52:37 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/30 15:14:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1190829786-1220779109-899251729-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1190829786-1220779109-899251729-1000..\Run: [SWDM Viewer] C:\Program Files\Common Files\MicroSoft Windows Defender System (x86)\wMSCPower_Event_SrvcEng32.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1190829786-1220779109-899251729-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1190829786-1220779109-899251729-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: netflix.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: netflix.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.33.54
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\MSWinIsmSys: DllName - C:\Windows\system32\dMSC.dll - C:\Windows\System32\dMSC.dll ()
O24 - Desktop WallPaper: C:\Users\Ashley\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ashley\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\F:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/05/30 15:29:53 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\temp
[2011/05/30 15:15:18 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/05/30 14:56:09 | 004,108,494 | R--- | C] (Swearware) -- C:\Users\Ashley\Desktop\ComboFix.exe
[2011/05/30 14:54:00 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2011/05/30 14:49:16 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KeyTweak
[2011/05/30 14:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyTweak
[2011/05/30 14:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\KeyTweak
[2011/05/28 17:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2011/05/24 14:45:05 | 000,000,000 | ---D | C] -- C:\Users\Ashley\Desktop\SmitfraudFix
[2011/05/24 14:44:30 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/05/22 20:22:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/22 20:22:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/22 20:22:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/22 16:11:19 | 000,000,000 | R--D | C] -- C:\Program Files\Norton Support
[2011/05/20 09:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/05/12 20:18:51 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\inkscape
[2011/05/12 20:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Inkscape
[2011/05/05 08:45:34 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\PhotoScape
[2011/05/05 08:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2009/05/03 09:33:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Ashley\AppData\Roaming\pcouffin.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/30 15:14:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/30 15:14:01 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/30 15:14:01 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/30 15:13:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/30 15:12:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/30 14:56:27 | 004,108,494 | R--- | M] (Swearware) -- C:\Users\Ashley\Desktop\ComboFix.exe
[2011/05/30 14:54:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2011/05/23 12:19:52 | 000,609,812 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/23 12:19:52 | 000,106,290 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/22 16:12:55 | 000,205,824 | ---- | M] () -- C:\Users\Ashley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/22 08:58:01 | 000,001,044 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\vso_ts_preview.xml
[2011/05/20 09:53:34 | 000,000,775 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/05/12 20:39:57 | 000,000,754 | ---- | M] () -- C:\Users\Ashley\.recently-used.xbel
[2011/05/05 09:23:56 | 000,006,648 | ---- | M] () -- C:\Users\Ashley\AppData\Local\d3d9caps.dat
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/22 20:22:42 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/22 20:22:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/22 20:22:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/22 20:22:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/22 20:22:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/20 09:53:34 | 000,000,775 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/05/12 20:39:57 | 000,000,754 | ---- | C] () -- C:\Users\Ashley\.recently-used.xbel
[2011/02/15 16:15:55 | 000,004,900 | ---- | C] () -- C:\ProgramData\hvcatrnw.tht
[2011/01/27 16:10:04 | 002,074,869 | ---- | C] () -- C:\Users\Ashley\AppData\Local\026.JPG
[2011/01/27 16:09:44 | 002,030,085 | ---- | C] () -- C:\Users\Ashley\AppData\Local\025.JPG
[2011/01/27 16:09:18 | 002,088,759 | ---- | C] () -- C:\Users\Ashley\AppData\Local\022.JPG
[2011/01/27 16:09:06 | 002,063,859 | ---- | C] () -- C:\Users\Ashley\AppData\Local\021.JPG
[2010/12/16 17:10:55 | 000,000,053 | ---- | C] () -- C:\Windows\tower.dat
[2010/11/20 15:06:44 | 000,454,656 | RHS- | C] () -- C:\Windows\System32\dMSC.dll
[2010/06/15 11:07:24 | 000,000,335 | -HS- | C] () -- C:\ProgramData\1046560206
[2010/06/15 11:07:22 | 000,000,817 | ---- | C] () -- C:\ProgramData\1848733086
[2010/05/19 20:04:32 | 000,002,048 | RHS- | C] () -- C:\Users\Ashley\AppData\Local\.mscommonsrdrv.dat
[2010/03/16 19:14:26 | 000,011,102 | -HS- | C] () -- C:\Users\Ashley\AppData\Local\JbFeVbi1v
[2010/03/16 19:14:26 | 000,011,102 | -HS- | C] () -- C:\ProgramData\JbFeVbi1v
[2010/01/03 10:34:33 | 000,203,776 | -HS- | C] () -- C:\Windows\System32\unrar.exe
[2009/11/25 22:37:28 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/11/16 09:56:25 | 000,327,168 | ---- | C] () -- C:\Windows\System32\cutil32.dll
[2009/10/20 08:01:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 08:01:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/05 10:47:03 | 000,194,256 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/15 15:38:51 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/07/06 09:01:41 | 001,739,180 | ---- | C] () -- C:\Windows\System32\drivers\macxvi200.bin
[2009/06/07 11:33:38 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/06/07 10:49:02 | 000,001,008 | ---- | C] () -- C:\Windows\hpomdl33.dat.temp
[2009/06/07 10:29:45 | 000,150,400 | ---- | C] () -- C:\Windows\hpoins33.dat
[2009/06/05 17:48:14 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2009/05/03 09:35:12 | 000,001,044 | ---- | C] () -- C:\Users\Ashley\AppData\Roaming\vso_ts_preview.xml
[2009/05/03 09:33:28 | 000,007,887 | ---- | C] () -- C:\Users\Ashley\AppData\Roaming\pcouffin.cat
[2009/05/03 09:33:28 | 000,001,144 | ---- | C] () -- C:\Users\Ashley\AppData\Roaming\pcouffin.inf
[2009/04/27 18:35:52 | 000,000,026 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/04/27 17:34:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/21 05:44:32 | 000,006,648 | ---- | C] () -- C:\Users\Ashley\AppData\Local\d3d9caps.dat
[2009/03/25 23:22:31 | 000,205,824 | ---- | C] () -- C:\Users\Ashley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/24 20:02:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/24 19:15:50 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/02/24 19:15:48 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/02/02 11:41:22 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/02/02 11:41:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/02/02 11:41:22 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/02/02 11:41:22 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/12/10 13:49:10 | 000,001,008 | ---- | C] () -- C:\Windows\hpomdl33.dat
[2008/08/18 11:36:20 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/18 11:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/18 11:07:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/18 11:07:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/18 11:07:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/18 11:07:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/18 11:07:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/06/12 19:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/12 19:41:20 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/06/12 19:41:18 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/06/12 19:41:18 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/04/24 19:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 19:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 19:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 19:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 19:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 19:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/04/24 18:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 001,751,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,609,812 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,106,290 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/08/04 19:22:49 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\.gaim
[2011/02/15 16:09:31 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\avidemux
[2011/05/20 09:53:44 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Azureus
[2011/05/20 09:53:44 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\BitTorrent
[2010/08/12 19:36:41 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\DAEMON Tools Lite
[2010/08/01 15:34:33 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\DMCache
[2010/04/26 10:03:32 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\EasyJob Resume Builder
[2010/06/15 20:20:47 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Facebook
[2011/03/10 06:23:21 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\FrostWire
[2011/03/31 21:26:00 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\GetRightToGo
[2011/05/12 20:18:53 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\inkscape
[2010/05/19 18:51:22 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\iolo
[2010/07/21 16:36:28 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\iWin
[2010/08/19 17:29:26 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\LimeWire
[2010/11/18 17:37:11 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\MMToolz
[2011/02/21 16:27:07 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\MotionDSP
[2011/02/15 16:16:07 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\MOVAVI
[2009/06/19 13:14:54 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\OLYMPUS
[2009/08/17 09:34:21 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Paltalk
[2010/09/26 18:25:57 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\PFStaticIP
[2011/05/05 08:59:31 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\PhotoScape
[2010/04/30 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\PlayFirst
[2009/02/25 23:15:55 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\SmartDraw
[2009/09/12 10:35:18 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\StreamTorrent
[2010/01/26 15:34:43 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\thecleaner
[2009/03/09 01:42:16 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\TOSHIBA
[2010/01/16 19:38:38 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\TuneUp Software
[2010/05/19 18:12:21 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\URSoft
[2011/05/20 09:53:44 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\uTorrent
[2011/05/22 08:58:01 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Vso
[2009/05/13 18:53:12 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\WeatherBug
[2009/03/09 09:04:17 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\WildTangent
[2009/04/15 01:31:58 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\WinBatch
[2011/05/30 15:12:33 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 20:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 19:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 19:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 19:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 19:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 19:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 19:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 19:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 19:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 19:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/27 08:27:15 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/27 08:27:15 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/27 08:27:15 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/27 08:27:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/27 08:27:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/27 08:27:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/02/21 21:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/02/21 21:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/02/21 21:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/02/21 23:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/02/21 23:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/08/06 02:43:06 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/08/06 02:43:06 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/08/06 02:43:06 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/27 08:27:15 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/27 08:27:15 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/27 08:27:15 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/27 08:27:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/27 08:27:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/27 08:27:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/02/21 21:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/02/21 21:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/02/21 21:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/02/21 23:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/02/21 23:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/08/06 02:43:06 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/08/06 02:43:06 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/08/06 02:43:06 | 002,388,264 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:80AB8E9A

< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That looks much better, just the waifs and strays to remove now... On completion of this can you let me know what problems remain

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2010/06/15 11:07:24 | 000,000,335 | -HS- | C] () -- C:\ProgramData\1046560206
    [2010/06/15 11:07:22 | 000,000,817 | ---- | C] () -- C:\ProgramData\1848733086
    [2010/05/19 20:04:32 | 000,002,048 | RHS- | C] () -- C:\Users\Ashley\AppData\Local\.mscommonsrdrv.dat
    [2010/03/16 19:14:26 | 000,011,102 | -HS- | C] () -- C:\Users\Ashley\AppData\Local\JbFeVbi1v
    [2010/03/16 19:14:26 | 000,011,102 | -HS- | C] () -- C:\ProgramData\JbFeVbi1v

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#5
cory123

cory123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
It still gives me the black screen saying windows failed to start and beeps. When it does start, firefox/alt ctrl delete etc still don't work. However, the speed seems fine and I don't get any annyoing pop ups or anything. Ive ran so much different scans and nothing finds anything. Heres my new logs.


All processes killed
========== OTL ==========
C:\ProgramData\1046560206 moved successfully.
C:\ProgramData\1848733086 moved successfully.
C:\Users\Ashley\AppData\Local\.mscommonsrdrv.dat moved successfully.
C:\Users\Ashley\AppData\Local\JbFeVbi1v moved successfully.
C:\ProgramData\JbFeVbi1v moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ashley\Desktop\cmd.bat deleted successfully.
C:\Users\Ashley\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Ashley
->Temp folder emptied: 688164 bytes
->Temporary Internet Files folder emptied: 9556048 bytes
->Java cache emptied: 9708 bytes
->FireFox cache emptied: 56265361 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 724 bytes

User: Cory
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 9351165 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1256 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 72.00 mb


[EMPTYFLASH]

User: All Users

User: Ashley
->Flash cache emptied: 0 bytes

User: Cory

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.23.0 log created on 06012011_172935

Files\Folders moved on Reboot...
File\Folder C:\Users\Ashley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RU67F41B\like[1].htm not found!
C:\Users\Ashley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F6V3Z30W\page__p__2018288__fromsearch__1[1].htm moved successfully.
C:\Users\Ashley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F6V3Z30W\xd_proxy[1].htm moved successfully.
C:\Users\Ashley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Windows\temp\JETB23E.tmp not found!

Registry entries deleted on Reboot...






Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6750

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

6/1/2011 5:43:48 PM
mbam-log-2011-06-01 (17-43-48).txt

Scan type: Quick scan
Objects scanned: 181335
Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets remove one more that I missed - and then verify the system files. On completion if Firefox still fails we may need to uninstall and then re-install, also let me know if the beep is still apparent

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKU\S-1-5-21-1190829786-1220779109-899251729-1000..\Run: [SWDM Viewer] C:\Program Files\Common Files\MicroSoft Windows Defender System (x86)\wMSCPower_Event_SrvcEng32.exe ()

    :Files
    ipconfig /flushdns /c
    C:\Program Files\Common Files\MicroSoft Windows Defender System (x86)

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Go to start > All Programs > Accessories
Right Click Command Prompt and select run as administrator
When the prompt opens type the following bolded text and press enter

sfc /scannow (Note: There is a space between sfc and /scannow)

On completion reboot
  • 0

#7
cory123

cory123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1190829786-1220779109-899251729-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SWDM Viewer deleted successfully.
C:\Program Files\Common Files\MicroSoft Windows Defender System (x86)\wMSCPower_Event_SrvcEng32.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ashley\Desktop\cmd.bat deleted successfully.
C:\Users\Ashley\Desktop\cmd.txt deleted successfully.
C:\Program Files\Common Files\MicroSoft Windows Defender System (x86)\Email_Attachmet_Directory folder moved successfully.
C:\Program Files\Common Files\MicroSoft Windows Defender System (x86) folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Ashley
->Temp folder emptied: 1185974 bytes
->Temporary Internet Files folder emptied: 33388813 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3478 bytes

User: Cory
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9175 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3543791 bytes

Total Files Cleaned = 36.00 mb


[EMPTYFLASH]

User: All Users

User: Ashley
->Flash cache emptied: 0 bytes

User: Cory

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.23.0 log created on 06022011_151205

Files\Folders moved on Reboot...
C:\Users\Ashley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V8Z56NKD\page__p__2019292__fromsearch__1[1].htm moved successfully.
C:\Users\Ashley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V8Z56NKD\xd_proxy[1].htm moved successfully.
C:\Users\Ashley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DGKUSP0H\like[2].htm moved successfully.
C:\Users\Ashley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Windows\temp\JETE5DB.tmp not found!

Registry entries deleted on Reboot...



OTL logfile created on: 6/2/2011 3:39:48 PM - Run 6
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Ashley\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 58.24% Memory free
5.94 Gb Paging File | 4.72 Gb Available in Paging File | 79.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.17 Gb Total Space | 117.45 Gb Free Space | 52.39% Space Free | Partition Type: NTFS

Computer Name: ASHLEY-PC | User Name: Ashley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Users\Ashley\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Microsoft\wMSC.exe ()
PRC - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Ashley\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Windows Installable Resource Access Services) -- C:\Program Files\Common Files\Microsoft\wMSC.exe ()
SRV - (N360) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (TMachInfo) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (SmartFaceVWatchSrv) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110602.001\navex15.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110602.001\naveng.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110531.001\IDSvix86.sys (Symantec Corporation)
DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (msvad_simple) -- C:\Windows\System32\drivers\povrtdev.sys (MediaMall Technologies, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (ElRawDisk) -- C:\Windows\System32\drivers\rsdrv.sys (EldoS Corporation)
DRV - (bcm) -- C:\Windows\System32\drivers\drxvi314.sys (Beceem communications pvt ltd.)
DRV - (bcmbusctr) -- C:\Windows\System32\drivers\BcmBusCtr.sys (Beceem communications pvt ltd.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (SVRPEDRV) -- C:\Windows\System32\sysprep\PEDRV.SYS (Inventec Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Yahoo-FlvTube"
FF - prefs.js..browser.search.defaultenginename: "Yahoo-FlvTube"
FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Yahoo-FlvTube"
FF - prefs.js..browser.search.selectedEngine: "Yahoo-FlvTube"
FF - prefs.js..browser.search.selectedEngineURL: "http://flvtubesearch...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:4.0
FF - prefs.js..keyword.URL: "http://flvtubesearch...bid=&Keywords="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/06/07 10:47:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/05/20 10:08:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/10/26 01:06:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/20 10:08:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/20 10:08:34 | 000,000,000 | ---D | M]

[2009/12/19 21:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Extensions
[2009/12/19 21:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/06/01 18:19:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\extensions
[2011/01/18 16:08:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/01 18:19:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/18 17:48:18 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\extensions\{97f8066b-6214-4968-9d5e-b3a95031f5a7}
[2010/08/13 08:28:52 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\extensions\[email protected]
[2009/08/29 18:29:07 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\extensions\[email protected]
[2009/08/05 16:23:57 | 000,000,681 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\ask.xml
[2010/05/26 15:18:50 | 000,002,333 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\askcom.xml
[2010/08/04 19:26:51 | 000,001,819 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\bing-1.xml
[2010/06/12 19:25:41 | 000,002,267 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\bing-zugo.xml
[2010/04/25 19:36:48 | 000,001,832 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\bing.xml
[2010/06/08 11:29:02 | 000,000,919 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\conduit.xml
[2009/08/24 18:40:41 | 000,002,179 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\inbox-search.xml
[2010/07/12 22:43:15 | 000,010,059 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\mywebsearch.xml
[2011/06/02 15:22:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/22 12:21:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/26 10:57:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/18 14:29:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/20 10:08:34 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
[2011/06/02 15:22:30 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
[2009/11/19 14:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 14:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2009/10/01 21:56:57 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/10/15 09:46:41 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2011/05/12 19:52:37 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/02 15:12:09 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.33.54
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\MSWinIsmSys: DllName - C:\Windows\system32\dMSC.dll - C:\Windows\System32\dMSC.dll ()
O24 - Desktop WallPaper: C:\Users\Ashley\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ashley\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\F:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/01 18:20:04 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\IconChanger
[2011/06/01 18:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/06/01 18:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IconChanger
[2011/06/01 18:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\IconChanger
[2011/06/01 18:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/05/30 16:45:05 | 000,022,312 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\drivers\rsdrv.sys
[2011/05/30 15:29:53 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\temp
[2011/05/30 15:15:18 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/05/30 14:56:09 | 004,108,494 | R--- | C] (Swearware) -- C:\Users\Ashley\Desktop\ComboFix.exe
[2011/05/30 14:54:00 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2011/05/28 17:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2011/05/24 14:45:05 | 000,000,000 | ---D | C] -- C:\Users\Ashley\Desktop\SmitfraudFix
[2011/05/24 14:44:30 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/05/22 20:22:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/22 20:22:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/22 20:22:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/22 16:11:19 | 000,000,000 | R--D | C] -- C:\Program Files\Norton Support
[2011/05/20 09:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/05/12 20:18:51 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\inkscape
[2011/05/12 20:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Inkscape
[2011/05/05 08:45:34 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\PhotoScape
[2011/05/05 08:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2009/05/03 09:33:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Ashley\AppData\Roaming\pcouffin.sys
[1 C:\Users\Ashley\AppData\Local\*.tmp files -> C:\Users\Ashley\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/02 15:22:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/02 15:22:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/02 15:22:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/02 15:13:45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/02 15:12:09 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/06/01 19:01:29 | 000,006,648 | ---- | M] () -- C:\Users\Ashley\AppData\Local\d3d9caps.dat
[2011/06/01 18:18:59 | 000,000,937 | ---- | M] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/06/01 18:18:59 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/06/01 17:41:00 | 000,002,048 | RHS- | M] () -- C:\Users\Ashley\AppData\Local\.mscommonsrdrv.dat
[2011/06/01 13:46:45 | 000,001,635 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/01 13:43:31 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/06/01 13:43:31 | 000,001,854 | ---- | M] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/05/30 20:16:19 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/05/30 14:56:27 | 004,108,494 | R--- | M] (Swearware) -- C:\Users\Ashley\Desktop\ComboFix.exe
[2011/05/30 14:54:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/26 19:09:32 | 000,454,656 | RHS- | M] () -- C:\Windows\System32\dMSC.dll
[2011/05/23 12:19:52 | 000,609,812 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/23 12:19:52 | 000,106,290 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/22 16:12:55 | 000,205,824 | ---- | M] () -- C:\Users\Ashley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/22 08:58:01 | 000,001,044 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\vso_ts_preview.xml
[2011/05/20 09:53:34 | 000,000,775 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/05/12 20:39:57 | 000,000,754 | ---- | M] () -- C:\Users\Ashley\.recently-used.xbel
[1 C:\Users\Ashley\AppData\Local\*.tmp files -> C:\Users\Ashley\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/01 18:18:59 | 000,000,937 | ---- | C] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/06/01 18:18:59 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/06/01 17:41:00 | 000,002,048 | RHS- | C] () -- C:\Users\Ashley\AppData\Local\.mscommonsrdrv.dat
[2011/06/01 13:43:31 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/05/22 20:22:42 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/22 20:22:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/22 20:22:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/22 20:22:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/22 20:22:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/20 09:53:34 | 000,000,775 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/05/12 20:39:57 | 000,000,754 | ---- | C] () -- C:\Users\Ashley\.recently-used.xbel
[2011/02/15 16:15:55 | 000,004,900 | ---- | C] () -- C:\ProgramData\hvcatrnw.tht
[2011/01/27 16:10:04 | 002,074,869 | ---- | C] () -- C:\Users\Ashley\AppData\Local\026.JPG
[2011/01/27 16:09:44 | 002,030,085 | ---- | C] () -- C:\Users\Ashley\AppData\Local\025.JPG
[2011/01/27 16:09:18 | 002,088,759 | ---- | C] () -- C:\Users\Ashley\AppData\Local\022.JPG
[2011/01/27 16:09:06 | 002,063,859 | ---- | C] () -- C:\Users\Ashley\AppData\Local\021.JPG
[2010/12/16 17:10:55 | 000,000,053 | ---- | C] () -- C:\Windows\tower.dat
[2010/11/20 15:06:44 | 000,454,656 | RHS- | C] () -- C:\Windows\System32\dMSC.dll
[2010/01/03 10:34:33 | 000,203,776 | -HS- | C] () -- C:\Windows\System32\unrar.exe
[2009/11/25 22:37:28 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/11/16 09:56:25 | 000,327,168 | ---- | C] () -- C:\Windows\System32\cutil32.dll
[2009/10/20 08:01:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 08:01:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/05 10:47:03 | 000,194,256 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/15 15:38:51 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/07/06 09:01:41 | 001,739,180 | ---- | C] () -- C:\Windows\System32\drivers\macxvi200.bin
[2009/06/07 11:33:38 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/06/07 10:49:02 | 000,001,008 | ---- | C] () -- C:\Windows\hpomdl33.dat.temp
[2009/06/07 10:29:45 | 000,150,400 | ---- | C] () -- C:\Windows\hpoins33.dat
[2009/06/05 17:48:14 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2009/05/03 09:35:12 | 000,001,044 | ---- | C] () -- C:\Users\Ashley\AppData\Roaming\vso_ts_preview.xml
[2009/05/03 09:33:28 | 000,007,887 | ---- | C] () -- C:\Users\Ashley\AppData\Roaming\pcouffin.cat
[2009/05/03 09:33:28 | 000,001,144 | ---- | C] () -- C:\Users\Ashley\AppData\Roaming\pcouffin.inf
[2009/04/27 18:35:52 | 000,000,026 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/04/27 17:34:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/21 05:44:32 | 000,006,648 | ---- | C] () -- C:\Users\Ashley\AppData\Local\d3d9caps.dat
[2009/03/25 23:22:31 | 000,205,824 | ---- | C] () -- C:\Users\Ashley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/24 20:02:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/24 19:15:50 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/02/24 19:15:48 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/02/02 11:41:22 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/02/02 11:41:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/02/02 11:41:22 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/02/02 11:41:22 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/12/10 13:49:10 | 000,001,008 | ---- | C] () -- C:\Windows\hpomdl33.dat
[2008/08/18 11:36:20 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/18 11:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/18 11:07:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/18 11:07:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/18 11:07:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/18 11:07:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/18 11:07:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/06/12 19:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/12 19:41:20 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/06/12 19:41:18 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/06/12 19:41:18 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/04/24 19:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 19:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 19:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 19:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 19:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 19:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/04/24 18:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 001,751,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,609,812 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,106,290 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/08/04 19:22:49 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\.gaim
[2011/02/15 16:09:31 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\avidemux
[2011/05/20 09:53:44 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Azureus
[2011/05/20 09:53:44 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\BitTorrent
[2010/08/12 19:36:41 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\DAEMON Tools Lite
[2010/08/01 15:34:33 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\DMCache
[2010/04/26 10:03:32 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\EasyJob Resume Builder
[2010/06/15 20:20:47 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Facebook
[2011/03/10 06:23:21 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\FrostWire
[2011/03/31 21:26:00 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\GetRightToGo
[2011/06/02 10:44:42 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\IconChanger
[2011/05/12 20:18:53 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\inkscape
[2010/05/19 18:51:22 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\iolo
[2010/07/21 16:36:28 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\iWin
[2010/08/19 17:29:26 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\LimeWire
[2010/11/18 17:37:11 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\MMToolz
[2011/02/21 16:27:07 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\MotionDSP
[2011/02/15 16:16:07 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\MOVAVI
[2009/06/19 13:14:54 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\OLYMPUS
[2009/08/17 09:34:21 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Paltalk
[2010/09/26 18:25:57 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\PFStaticIP
[2011/05/05 08:59:31 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\PhotoScape
[2010/04/30 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\PlayFirst
[2009/02/25 23:15:55 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\SmartDraw
[2009/09/12 10:35:18 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\StreamTorrent
[2010/01/26 15:34:43 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\thecleaner
[2009/03/09 01:42:16 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\TOSHIBA
[2010/01/16 19:38:38 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\TuneUp Software
[2010/05/19 18:12:21 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\URSoft
[2011/05/20 09:53:44 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\uTorrent
[2011/05/22 08:58:01 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Vso
[2009/05/13 18:53:12 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\WeatherBug
[2009/03/09 09:04:17 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\WildTangent
[2009/04/15 01:31:58 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\WinBatch
[2011/06/02 15:13:46 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:80AB8E9A

< End of report >
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
By the way it does not want to go makes me think it is time for the big hammer

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O20 - Winlogon\Notify\MSWinIsmSys: DllName - C:\Windows\system32\dMSC.dll - C:\Windows\System32\dMSC.dll ()
    [2011/05/26 19:09:32 | 000,454,656 | RHS- | M] () -- C:\Windows\System32\dMSC.dll

  • Then click the Run Fix button at the top

As soon as OTL has finished removing this element we will go straight to the next stage, with no reboot in between

1. Please download The Avenger2 by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:

Drivers to delete:
Windows Installable Resource Access Services

Files to delete:
C:\Program Files\Common Files\Microsoft\wMSC.exe


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh OTL log .
  • 0

#9
cory123

cory123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
I think we are chasing something that is flagged as a virus because of what it does/how it acts, but is safe. We put this on our computers a few years ago to monitor our daughters computer after she ended up getting stalked by a guy she thought was someone else online to make sure we are more aware of what is going on to keep her safe. I went ahead with it anyways, and I also did a manually uninstall of it for now so we can move past this part and hopefully find out what the real issue is.



Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "Windows Installable Resource Access Services" deleted successfully.
File "C:\Program Files\Common Files\Microsoft\wMSC.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.




OTL logfile created on: 6/3/2011 8:56:16 AM - Run 7
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Ashley\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 56.92% Memory free
5.94 Gb Paging File | 4.84 Gb Available in Paging File | 81.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.17 Gb Total Space | 117.04 Gb Free Space | 52.21% Space Free | Partition Type: NTFS

Computer Name: ASHLEY-PC | User Name: Ashley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Users\Ashley\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Ashley\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (TMachInfo) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (SmartFaceVWatchSrv) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110602.019\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110602.019\NAVENG.SYS (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110602.001\IDSvix86.sys (Symantec Corporation)
DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (msvad_simple) -- C:\Windows\System32\drivers\povrtdev.sys (MediaMall Technologies, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (ElRawDisk) -- C:\Windows\System32\drivers\rsdrv.sys (EldoS Corporation)
DRV - (bcm) -- C:\Windows\System32\drivers\drxvi314.sys (Beceem communications pvt ltd.)
DRV - (bcmbusctr) -- C:\Windows\System32\drivers\BcmBusCtr.sys (Beceem communications pvt ltd.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (SVRPEDRV) -- C:\Windows\System32\sysprep\PEDRV.SYS (Inventec Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Yahoo-FlvTube"
FF - prefs.js..browser.search.defaultenginename: "Yahoo-FlvTube"
FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Yahoo-FlvTube"
FF - prefs.js..browser.search.selectedEngine: "Yahoo-FlvTube"
FF - prefs.js..browser.search.selectedEngineURL: "http://flvtubesearch...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:4.0
FF - prefs.js..keyword.URL: "http://flvtubesearch...bid=&Keywords="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/06/07 10:47:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/05/20 10:08:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/10/26 01:06:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/20 10:08:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/20 10:08:34 | 000,000,000 | ---D | M]

[2009/12/19 21:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Extensions
[2009/12/19 21:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/06/01 18:19:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\extensions
[2011/01/18 16:08:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/01 18:19:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/18 17:48:18 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\extensions\{97f8066b-6214-4968-9d5e-b3a95031f5a7}
[2010/08/13 08:28:52 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\extensions\[email protected]
[2009/08/29 18:29:07 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\extensions\[email protected]
[2009/08/05 16:23:57 | 000,000,681 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\ask.xml
[2010/05/26 15:18:50 | 000,002,333 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\askcom.xml
[2010/08/04 19:26:51 | 000,001,819 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\bing-1.xml
[2010/06/12 19:25:41 | 000,002,267 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\bing-zugo.xml
[2010/04/25 19:36:48 | 000,001,832 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\bing.xml
[2010/06/08 11:29:02 | 000,000,919 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\conduit.xml
[2009/08/24 18:40:41 | 000,002,179 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\inbox-search.xml
[2010/07/12 22:43:15 | 000,010,059 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\sehnh99p.default\searchplugins\mywebsearch.xml
[2011/06/03 08:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/22 12:21:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/26 10:57:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/18 14:29:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/20 10:08:34 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
[2011/06/03 08:53:46 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
[2009/11/19 14:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 14:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2009/10/01 21:56:57 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/10/15 09:46:41 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2011/05/12 19:52:37 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/02 15:12:09 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.33.54
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Ashley\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ashley\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\F:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/03 08:52:29 | 000,000,000 | ---D | C] -- C:\Avenger
[2011/06/03 08:49:03 | 000,000,000 | ---D | C] -- C:\Users\Ashley\Desktop\avenger
[2011/06/01 18:20:04 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\IconChanger
[2011/06/01 18:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/06/01 18:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IconChanger
[2011/06/01 18:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\IconChanger
[2011/06/01 18:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/05/30 16:45:05 | 000,022,312 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\drivers\rsdrv.sys
[2011/05/30 15:29:53 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\temp
[2011/05/30 15:15:18 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/05/30 14:56:09 | 004,108,494 | R--- | C] (Swearware) -- C:\Users\Ashley\Desktop\ComboFix.exe
[2011/05/30 14:54:00 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2011/05/28 17:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2011/05/24 14:44:30 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/05/22 20:22:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/22 20:22:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/22 20:22:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/22 16:11:19 | 000,000,000 | R--D | C] -- C:\Program Files\Norton Support
[2011/05/20 09:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/05/12 20:18:51 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\inkscape
[2011/05/12 20:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Inkscape
[2011/05/05 08:45:34 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\PhotoScape
[2011/05/05 08:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2009/05/03 09:33:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Ashley\AppData\Roaming\pcouffin.sys
[1 C:\Users\Ashley\AppData\Local\*.tmp files -> C:\Users\Ashley\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/03 08:53:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 08:53:49 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 08:53:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/03 08:52:52 | 273,597,018 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/03 08:50:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/02 15:12:09 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/06/01 19:01:29 | 000,006,648 | ---- | M] () -- C:\Users\Ashley\AppData\Local\d3d9caps.dat
[2011/06/01 18:18:59 | 000,000,937 | ---- | M] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/06/01 18:18:59 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/06/01 17:41:00 | 000,002,048 | RHS- | M] () -- C:\Users\Ashley\AppData\Local\.mscommonsrdrv.dat
[2011/06/01 13:46:45 | 000,001,635 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/01 13:43:31 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/06/01 13:43:31 | 000,001,854 | ---- | M] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/05/30 20:16:19 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/05/30 14:56:27 | 004,108,494 | R--- | M] (Swearware) -- C:\Users\Ashley\Desktop\ComboFix.exe
[2011/05/30 14:54:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/23 12:19:52 | 000,609,812 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/23 12:19:52 | 000,106,290 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/22 16:12:55 | 000,205,824 | ---- | M] () -- C:\Users\Ashley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/22 08:58:01 | 000,001,044 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\vso_ts_preview.xml
[2011/05/20 09:53:34 | 000,000,775 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/05/12 20:39:57 | 000,000,754 | ---- | M] () -- C:\Users\Ashley\.recently-used.xbel
[1 C:\Users\Ashley\AppData\Local\*.tmp files -> C:\Users\Ashley\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/03 08:52:52 | 273,597,018 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/01 18:18:59 | 000,000,937 | ---- | C] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/06/01 18:18:59 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/06/01 17:41:00 | 000,002,048 | RHS- | C] () -- C:\Users\Ashley\AppData\Local\.mscommonsrdrv.dat
[2011/06/01 13:43:31 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/05/22 20:22:42 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/22 20:22:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/22 20:22:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/22 20:22:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/22 20:22:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/20 09:53:34 | 000,000,775 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/05/12 20:39:57 | 000,000,754 | ---- | C] () -- C:\Users\Ashley\.recently-used.xbel
[2011/02/15 16:15:55 | 000,004,900 | ---- | C] () -- C:\ProgramData\hvcatrnw.tht
[2011/01/27 16:10:04 | 002,074,869 | ---- | C] () -- C:\Users\Ashley\AppData\Local\026.JPG
[2011/01/27 16:09:44 | 002,030,085 | ---- | C] () -- C:\Users\Ashley\AppData\Local\025.JPG
[2011/01/27 16:09:18 | 002,088,759 | ---- | C] () -- C:\Users\Ashley\AppData\Local\022.JPG
[2011/01/27 16:09:06 | 002,063,859 | ---- | C] () -- C:\Users\Ashley\AppData\Local\021.JPG
[2010/12/16 17:10:55 | 000,000,053 | ---- | C] () -- C:\Windows\tower.dat
[2010/01/03 10:34:33 | 000,203,776 | -HS- | C] () -- C:\Windows\System32\unrar.exe
[2009/11/25 22:37:28 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/11/16 09:56:25 | 000,327,168 | ---- | C] () -- C:\Windows\System32\cutil32.dll
[2009/10/20 08:01:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 08:01:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/05 10:47:03 | 000,194,256 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/15 15:38:51 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/07/06 09:01:41 | 001,739,180 | ---- | C] () -- C:\Windows\System32\drivers\macxvi200.bin
[2009/06/07 11:33:38 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/06/07 10:49:02 | 000,001,008 | ---- | C] () -- C:\Windows\hpomdl33.dat.temp
[2009/06/07 10:29:45 | 000,150,400 | ---- | C] () -- C:\Windows\hpoins33.dat
[2009/06/05 17:48:14 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2009/05/03 09:35:12 | 000,001,044 | ---- | C] () -- C:\Users\Ashley\AppData\Roaming\vso_ts_preview.xml
[2009/05/03 09:33:28 | 000,007,887 | ---- | C] () -- C:\Users\Ashley\AppData\Roaming\pcouffin.cat
[2009/05/03 09:33:28 | 000,001,144 | ---- | C] () -- C:\Users\Ashley\AppData\Roaming\pcouffin.inf
[2009/04/27 18:35:52 | 000,000,026 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/04/27 17:34:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/21 05:44:32 | 000,006,648 | ---- | C] () -- C:\Users\Ashley\AppData\Local\d3d9caps.dat
[2009/03/25 23:22:31 | 000,205,824 | ---- | C] () -- C:\Users\Ashley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/24 20:02:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/24 19:15:50 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/02/24 19:15:48 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/02/02 11:41:22 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/02/02 11:41:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/02/02 11:41:22 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/02/02 11:41:22 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/12/10 13:49:10 | 000,001,008 | ---- | C] () -- C:\Windows\hpomdl33.dat
[2008/08/18 11:36:20 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/18 11:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/18 11:07:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/18 11:07:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/18 11:07:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/18 11:07:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/18 11:07:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/06/12 19:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/12 19:41:20 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/06/12 19:41:18 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/06/12 19:41:18 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/04/24 19:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 19:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 19:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 19:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 19:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 19:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/04/24 18:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 001,751,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,609,812 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,106,290 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/08/04 19:22:49 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\.gaim
[2011/02/15 16:09:31 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\avidemux
[2011/05/20 09:53:44 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Azureus
[2011/05/20 09:53:44 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\BitTorrent
[2010/08/12 19:36:41 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\DAEMON Tools Lite
[2010/08/01 15:34:33 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\DMCache
[2010/04/26 10:03:32 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\EasyJob Resume Builder
[2010/06/15 20:20:47 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Facebook
[2011/03/10 06:23:21 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\FrostWire
[2011/03/31 21:26:00 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\GetRightToGo
[2011/06/02 10:44:42 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\IconChanger
[2011/05/12 20:18:53 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\inkscape
[2010/05/19 18:51:22 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\iolo
[2010/07/21 16:36:28 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\iWin
[2010/08/19 17:29:26 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\LimeWire
[2010/11/18 17:37:11 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\MMToolz
[2011/02/21 16:27:07 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\MotionDSP
[2011/02/15 16:16:07 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\MOVAVI
[2009/06/19 13:14:54 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\OLYMPUS
[2009/08/17 09:34:21 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Paltalk
[2010/09/26 18:25:57 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\PFStaticIP
[2011/05/05 08:59:31 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\PhotoScape
[2010/04/30 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\PlayFirst
[2009/02/25 23:15:55 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\SmartDraw
[2009/09/12 10:35:18 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\StreamTorrent
[2010/01/26 15:34:43 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\thecleaner
[2009/03/09 01:42:16 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\TOSHIBA
[2010/01/16 19:38:38 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\TuneUp Software
[2010/05/19 18:12:21 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\URSoft
[2011/05/20 09:53:44 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\uTorrent
[2011/05/22 08:58:01 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Vso
[2009/05/13 18:53:12 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\WeatherBug
[2009/03/09 09:04:17 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\WildTangent
[2009/04/15 01:31:58 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\WinBatch
[2011/06/03 08:50:18 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:80AB8E9A

< End of report >
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok that would the files behaviour, I can now see no further malware so we need to start looking at the system

Go to start > All Programs > Accessories
Right Click Command Prompt and select run as administrator
When the prompt opens type the following bolded text and press enter

sfc /scannow (Note: There is a space between sfc and /scannow)

On completion reboot


Then let me know the current situation
  • 0

Advertisements


#11
cory123

cory123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
Ok I'm doing that scan again, but just a random thought real quick. When the computer went crazy a few weeks ago, I did my own scans and such. I removed a bit of malware myself, and it probably isn't showing up because its removed, but it still did damage? Here are some old logs that will show what it was.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6644

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19048

5/22/2011 4:02:02 PM
mbam-log-2011-05-22 (16-02-02).txt

Scan type: Quick scan
Objects scanned: 177557
Time elapsed: 3 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{851552F5-B878-4B03-904F-2AD6A4CC8994} (PUP.Zwangi) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{851552F5-B878-4B03-904F-2AD6A4CC8994} (PUP.Zwangi) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Ashley\AppData\Roaming\02000000ac25f737954c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Ashley\AppData\Roaming\02000000ac25f737954o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Ashley\AppData\Roaming\02000000ac25f737954p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Ashley\AppData\Roaming\02000000ac25f737954s.manifest (Malware.Trace) -> Quarantined and deleted successfully.




That was when the computer started acting up and caused whatever damage done and my firefox etc stopped working. Maybe I should try to do a system restore back like 3 weeks ago if all else fails?
  • 0

#12
cory123

cory123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
Scan says it found some corrupt files and was unable to fix some of them
  • 0

#13
cory123

cory123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
Norton detects these as bad on my computer

Combined Community Codec Pack folder
SafariIco.exe
HPZinw12.dll

and
BTNCopy.dll as suspicious. Leave em alone or fix?
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
HPZinw12.dll is a legitimate file for HP printers
BTNCopy.dll is a Bluetooth file
SafariIco.exe is for the Safari browser
Combined Community Codec Pack folder could be legitimate but it has been known to house malware


You could try a restore to that time - once you have done that then run a fresh OTL log so that I can ensure that nothing was carried back
  • 0

#15
cory123

cory123

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
I'll go ahead and remove that folder and reboot and see what happens, if stuff still isn't working and getting the windows failed to start I'll try a restore
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP