Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware, Trojan Vundo and unwanted modification security center [Solve


  • This topic is locked This topic is locked

#1
bluesub90

bluesub90

    Member

  • Member
  • PipPip
  • 21 posts
Hello!

Seeking some expertise and help with removal of malware and an unwanted modification issue. It's interfering with the Windows Update, it won't allow me to download the proper updates for the OS.

The two instances appear via the Malwarebytes full scan:
-Trojan. Vundo
-PUM.Disabled.SecurityCenter

I have seen other ones pop up as well, but then after Malwarebytes removes it, it disappears. I have a feeling if I were to scan again, they would appear.


I'm working off of XP. Would appreciate any help on this issue!! THANKS!



__________________________________________________________________________________
Here is the OTL report:


OTL logfile created on: 6/20/2012 2:08:06 PM - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\Janet\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 807.09 Mb Available Physical Memory | 79.67% Memory free
2.39 Gb Paging File | 2.32 Gb Available in Paging File | 97.10% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 84.76 Gb Free Space | 36.41% Space Free | Partition Type: NTFS

Computer Name: NEW | User Name: Janet | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/20 14:05:57 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Janet\Desktop\OTL.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2099/01/01 12:00:00 | 000,065,627 | -HS- | M] () -- C:\WINDOWS\system32\nodedeje.dll
MOD - [2009/01/20 16:49:30 | 000,133,428 | -HS- | M] () -- C:\WINDOWS\system32\wlziju.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2007/07/23 09:23:46 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/07/23 09:23:46 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/07/23 09:23:44 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/06/13 22:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/08/18 15:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 15:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 15:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 15:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 15:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 15:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 15:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 15:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 12:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080121
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080121

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080121
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://maps.google.com/"
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.0.104
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/20 10:52:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/11/20 13:53:52 | 000,000,000 | ---D | M]

[2008/08/29 15:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Extensions
[2012/06/19 21:13:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions
[2008/09/13 20:08:37 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2008/10/07 20:32:04 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/06/11 07:52:33 | 000,000,000 | ---D | M] (United States English Dictionary) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions\[email protected]
[2008/10/20 20:44:41 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions\[email protected]
[2008/05/29 19:41:21 | 000,001,162 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\dictionarycom.xml
[2008/04/03 21:04:49 | 000,001,899 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\flickr-tags.xml
[2008/06/20 18:51:28 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\imdb.xml
[2008/06/20 18:51:28 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\wikipedia-en.xml
[2008/08/23 08:56:21 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\wikipedia-eng.xml
[2009/07/17 22:32:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2008/06/30 22:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {6fb2b4ed-7bd4-468a-b9a5-dd6d12918c85} - C:\WINDOWS\system32\jazijase.dll (SoftComplete Development)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Reg Error: Value error.) - {8c221bef-5175-4ab9-9211-f5917159c06e} - C:\WINDOWS\system32\wlziju.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [muhenatete] Rundll32.exe "C:\WINDOWS\system32\holuyibi.dll",s File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe ()
F3 - HKCU WinNT: Load - (C:\WINDOWS\system32\Janet.vbs) - C:\WINDOWS\system32\Janet.vbs ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 129
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1340201093734 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED2C2B8D-6687-4FFB-8877-534F4B8873B7}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (wlziju.dll) - C:\WINDOWS\System32\wlziju.dll ()
O20 - AppInit_DLLs: (C:\WINDOWS\system32\nodedeje.dll) - C:\WINDOWS\system32\nodedeje.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Janet\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Janet\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/14 14:59:26 | 000,000,221 | -HS- | M] () - C:\AutoRun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/01/04 08:22:58 | 000,002,772 | ---- | M] () - C:\AutoRun.PNF -- [ NTFS ]
O33 - MountPoints2\{b2a25580-9213-11dd-a3eb-001d09803468}\Shell - "" = AutoRun
O33 - MountPoints2\{b2a25580-9213-11dd-a3eb-001d09803468}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b2a25580-9213-11dd-a3eb-001d09803468}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O33 - MountPoints2\{d909e25a-760e-11dd-a3b3-001d09803468}\Shell - "" = AutoRun
O33 - MountPoints2\{d909e25a-760e-11dd-a3b3-001d09803468}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d909e25a-760e-11dd-a3b3-001d09803468}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
O33 - MountPoints2\{ed85576a-b914-11dd-a441-001d09803468}\Shell - "" = AutoRun
O33 - MountPoints2\{eef35e68-202a-11dd-a2f3-001d09803468}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2099/01/01 12:00:00 | 000,133,428 | -HS- | C] (SoftComplete Development) -- C:\WINDOWS\System32\zanaruma.dll
[2099/01/01 12:00:00 | 000,097,584 | -HS- | C] (ESET) -- C:\WINDOWS\System32\mijunope.dll
[2099/01/01 12:00:00 | 000,084,649 | -HS- | C] (ESET) -- C:\WINDOWS\System32\danipowu.dll
[2099/01/01 12:00:00 | 000,065,627 | -HS- | C] (SoftComplete Development) -- C:\WINDOWS\System32\lobuzosi.dll
[2099/01/01 12:00:00 | 000,065,627 | -HS- | C] (SoftComplete Development) -- C:\WINDOWS\System32\jazijase.dll
[2099/01/01 12:00:00 | 000,061,083 | -HS- | C] (ESET) -- C:\WINDOWS\System32\gesudofi.dll
[2012/06/20 14:05:57 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Janet\Desktop\OTL.exe
[2012/06/20 12:46:46 | 000,173,456 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Janet\Desktop\FixVundo.exe
[2012/06/20 11:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Application Data\Malwarebytes
[2012/06/20 11:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/20 11:11:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/20 11:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/20 11:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/06/20 11:10:58 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Janet\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/20 10:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Application Data\ElevatedDiagnostics
[2012/06/20 10:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/06/20 10:36:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Janet\Desktop\*.tmp files -> C:\Documents and Settings\Janet\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,065,627 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\jazijase.dll
[2099/01/01 12:00:00 | 000,065,627 | -HS- | M] () -- C:\WINDOWS\System32\nodedeje.dll
[2012/06/20 14:07:36 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\keyozodu
[2012/06/20 14:07:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/20 14:05:57 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Janet\Desktop\OTL.exe
[2012/06/20 12:46:47 | 000,173,456 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Janet\Desktop\FixVundo.exe
[2012/06/20 11:11:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/20 11:11:04 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Janet\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/20 11:03:55 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2012/06/20 11:02:58 | 000,000,186 | ---- | M] () -- C:\Documents and Settings\Janet\Desktop\repair.bat
[2012/06/20 11:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2012/06/20 10:34:57 | 000,405,640 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/20 10:34:57 | 000,064,064 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/20 10:27:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/20 10:03:54 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2012/06/20 10:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2012/06/20 09:57:58 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/20 09:55:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/20 09:48:32 | 000,000,039 | -HS- | M] () -- C:\WINDOWS\System32\Janet.ini
[2012/06/19 21:03:54 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2012/06/19 21:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Janet\Desktop\*.tmp files -> C:\Documents and Settings\Janet\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,065,627 | -HS- | C] () -- C:\WINDOWS\System32\nodedeje.dll
[2012/06/20 11:11:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/20 11:02:58 | 000,000,186 | ---- | C] () -- C:\Documents and Settings\Janet\Desktop\repair.bat

========== LOP Check ==========

[2008/01/21 14:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/10/14 13:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2012/06/20 10:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\ElevatedDiagnostics
[2008/11/25 18:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\gtk-2.0
[2008/01/27 18:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\Launchy
[2008/04/19 23:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\Snapfish
[2008/08/09 18:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\Template
[2009/05/17 00:40:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/01/04 10:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2012/06/20 10:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2012/06/20 11:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2009/09/07 12:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/12/16 14:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/12/16 15:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/01/05 16:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/12/23 17:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/12/23 18:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/12/23 19:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2009/05/17 01:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/01/05 20:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/01/05 21:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2012/06/19 21:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/01/04 23:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/01/10 00:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2009/05/17 00:35:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2009/05/17 01:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2008/12/27 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2008/12/27 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2008/11/28 05:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2008/12/27 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2008/11/27 06:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2009/06/30 06:03:33 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2008/11/27 08:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2011/01/04 09:03:38 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2011/01/04 10:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2012/06/20 10:03:54 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2012/06/20 11:03:55 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010/01/05 15:50:34 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010/12/16 14:03:35 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010/12/16 15:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2008/12/27 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/01/05 16:03:33 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/12/23 17:03:35 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/12/23 18:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/12/23 19:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/01/05 20:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2010/01/05 21:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2012/06/19 21:03:54 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2011/01/04 23:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010/01/10 00:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2008/11/28 05:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2008/11/27 06:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2009/06/30 06:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2008/11/27 08:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/01/04 09:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========



< End of report >




_________________________________________________________________________

the "extras" file:


OTL Extras logfile created on: 6/20/2012 2:08:06 PM - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\Janet\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 807.09 Mb Available Physical Memory | 79.67% Memory free
2.39 Gb Paging File | 2.32 Gb Available in Paging File | 97.10% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 84.76 Gb Free Space | 36.41% Space Free | Partition Type: NTFS

Computer Name: NEW | User Name: Janet | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client -- (Veoh Networks)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\userinit.exe" = C:\WINDOWS\system32\userinit.exe:*:Enabled:userinit -- (Microsoft Corporation)
"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" = C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe:*:Enabled:jusched -- (Sun Microsystems, Inc.)
"C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" = C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe:*:Enabled:DrgToDsc -- (Roxio)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\dwwin.exe" = C:\WINDOWS\system32\dwwin.exe:*:Enabled:dwwin -- (Microsoft Corporation)
"C:\Program Files\Launchy\Launchy.exe" = C:\Program Files\Launchy\Launchy.exe:*:Enabled:Launchy -- ()
"C:\WINDOWS\system32\AhqNnbvR.exe" = C:\WINDOWS\system32\AhqNnbvR.exe:*:Enabled:AhqNnbvR
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe" = C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe:*:Enabled:CPSHelpRunner -- (Sonic Solutions)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.8.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"hp deskjet 840c series" = hp deskjet 840c series (Remove only)
"hp deskjet 840c series_Driver" = hp deskjet 840c series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"Launchy_21344213_is1" = Launchy 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.4)" = Mozilla Firefox (3.0.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa2" = Picasa 2
"ULTIMATER" = Microsoft Office Ultimate 2007
"Verizon High Speed Internet_is1" = Verizon High Speed Internet
"VobSub" = VobSub v2.23 (Remove Only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/7/2008 10:48:50 PM | Computer Name = NEW | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20080.62306, faulting
module firefox.exe, version 1.8.20080.62306, fault address 0x0018f15e.

Error - 7/14/2008 5:19:09 PM | Computer Name = NEW | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20080.62306, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 7/14/2008 5:19:46 PM | Computer Name = NEW | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20080.62306, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 8/7/2008 1:16:43 PM | Computer Name = NEW | Source = Application Error | ID = 1000
Description = Faulting application softwareupdate.exe, version 2.0.2.92, faulting
module scriptingobjectmodel.dll, version 2.1.1.116, fault address 0x00005476.

Error - 8/7/2008 1:16:48 PM | Computer Name = NEW | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 8/16/2008 9:52:05 AM | Computer Name = NEW | Source = Microsoft Works 8 | ID = 1000
Description =

Error - 8/16/2008 9:56:36 AM | Computer Name = NEW | Source = Application Hang | ID = 1002
Description = Hanging application soffice.bin, version 2.3.9307.500, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 10/30/2008 1:10:48 PM | Computer Name = NEW | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/3/2008 11:49:37 PM | Computer Name = NEW | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/20/2012 1:12:45 PM | Computer Name = NEW | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 6/20/2012 1:12:48 PM | Computer Name = NEW | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iaStor

Error - 6/20/2012 1:13:01 PM | Computer Name = NEW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 6/20/2012 1:13:03 PM | Computer Name = NEW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 6/20/2012 1:14:59 PM | Computer Name = NEW | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/20/2012 1:16:21 PM | Computer Name = NEW | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm

Error - 6/20/2012 2:06:40 PM | Computer Name = NEW | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/20/2012 2:07:41 PM | Computer Name = NEW | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 6/20/2012 2:07:47 PM | Computer Name = NEW | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/20/2012 2:09:09 PM | Computer Name = NEW | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips iaStor intelppm


< End of report >


_________________________________________________________________________________________
  • 0

Advertisements


#2
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,176 posts
Hi

Welcome to Geekstogo. I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you

»Step 1«
  • Please download GrabSample.exe
  • Start Notepad and copy and paste this into Notepad


    g2g:2:JanetVBS
    C:\WINDOWS\system32\Janet.vbs
    
  • Save it as getfiles.txt
  • Drag and drop getfiles.txt to GrabSample.exe
  • Wait until program finishes and press OK button at the end

»Step 2«
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    MOD - [2099/01/01 12:00:00 | 000,065,627 | -HS- | M] () -- C:\WINDOWS\system32\nodedeje.dll
    MOD - [2009/01/20 16:49:30 | 000,133,428 | -HS- | M] () -- C:\WINDOWS\system32\wlziju.dll
    O2 - BHO: (Reg Error: Value error.) - {6fb2b4ed-7bd4-468a-b9a5-dd6d12918c85} - C:\WINDOWS\system32\jazijase.dll (SoftComplete Development)
    O2 - BHO: (Reg Error: Value error.) - {8c221bef-5175-4ab9-9211-f5917159c06e} - C:\WINDOWS\system32\wlziju.dll ()
    O4 - HKLM..\Run: [muhenatete] Rundll32.exe "C:\WINDOWS\system32\holuyibi.dll",s File not found
    O20 - AppInit_DLLs: (wlziju.dll) - C:\WINDOWS\System32\wlziju.dll ()
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\nodedeje.dll) - C:\WINDOWS\system32\nodedeje.dll ()
    O33 - MountPoints2\{b2a25580-9213-11dd-a3eb-001d09803468}\Shell - "" = AutoRun
    O33 - MountPoints2\{b2a25580-9213-11dd-a3eb-001d09803468}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{b2a25580-9213-11dd-a3eb-001d09803468}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
    O33 - MountPoints2\{d909e25a-760e-11dd-a3b3-001d09803468}\Shell - "" = AutoRun
    O33 - MountPoints2\{d909e25a-760e-11dd-a3b3-001d09803468}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{d909e25a-760e-11dd-a3b3-001d09803468}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
    O33 - MountPoints2\{ed85576a-b914-11dd-a441-001d09803468}\Shell - "" = AutoRun
    O33 - MountPoints2\{eef35e68-202a-11dd-a2f3-001d09803468}\Shell - "" = AutoRun
    [2099/01/01 12:00:00 | 000,133,428 | -HS- | C] (SoftComplete Development) -- C:\WINDOWS\System32\zanaruma.dll
    [2099/01/01 12:00:00 | 000,097,584 | -HS- | C] (ESET) -- C:\WINDOWS\System32\mijunope.dll
    [2099/01/01 12:00:00 | 000,084,649 | -HS- | C] (ESET) -- C:\WINDOWS\System32\danipowu.dll
    [2099/01/01 12:00:00 | 000,065,627 | -HS- | C] (SoftComplete Development) -- C:\WINDOWS\System32\lobuzosi.dll
    [2099/01/01 12:00:00 | 000,065,627 | -HS- | C] (SoftComplete Development) -- C:\WINDOWS\System32\jazijase.dll
    [2099/01/01 12:00:00 | 000,061,083 | -HS- | C] (ESET) -- C:\WINDOWS\System32\gesudofi.dll
    [2009/05/17 00:40:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
    [2011/01/04 10:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
    [2012/06/20 10:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
    [2012/06/20 11:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
    [2009/09/07 12:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
    [2010/12/16 14:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
    [2010/12/16 15:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
    [2010/01/05 16:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
    [2010/12/23 17:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
    [2010/12/23 18:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
    [2010/12/23 19:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
    [2009/05/17 01:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
    [2010/01/05 20:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
    [2010/01/05 21:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
    [2012/06/19 21:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
    [2011/01/04 23:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
    [2010/01/10 00:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
    [2009/05/17 00:35:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
    [2009/05/17 01:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
    [2008/12/27 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
    [2008/12/27 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
    [2008/11/28 05:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
    [2008/12/27 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
    [2008/11/27 06:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
    [2009/06/30 06:03:33 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
    [2008/11/27 08:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
    [2011/01/04 09:03:38 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
    [2011/01/04 10:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
    [2012/06/20 10:03:54 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
    [2012/06/20 11:03:55 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
    [2010/01/05 15:50:34 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
    [2010/12/16 14:03:35 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
    [2010/12/16 15:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
    [2008/12/27 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
    [2010/01/05 16:03:33 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
    [2010/12/23 17:03:35 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
    [2010/12/23 18:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
    [2010/12/23 19:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
    [2010/01/05 20:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
    [2010/01/05 21:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
    [2012/06/19 21:03:54 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
    [2011/01/04 23:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
    [2010/01/10 00:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
    [2008/11/28 05:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
    [2008/11/27 06:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
    [2009/06/30 06:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
    [2008/11/27 08:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
    [2011/01/04 09:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
    
    :Commands
    [purity]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
bluesub90

bluesub90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi Azarl!

There is also an "activeX" warning pop up that appears after I reboot/restart the system. Does that have anything to do w/ whatever was disrupting my system? Or possibly that IE was corrupted? I attempted to remove (via the control panel; add/remove programs) IE a few days ago so that I can start anew w/ IE8 but I don't think I was successful at it. Thoughts? Let me know if you need the precise wording of the pop up message. It was something along the lines of, the page has activeX content, would you like to continue, "yes" or "no"?
___________________________________________________________________________
OTL report:

OTL logfile created on: 6/21/2012 9:58:48 AM - Run 2
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\Janet\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 612.66 Mb Available Physical Memory | 60.47% Memory free
2.38 Gb Paging File | 2.11 Gb Available in Paging File | 88.38% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 85.35 Gb Free Space | 36.67% Space Free | Partition Type: NTFS

Computer Name: NEW | User Name: Janet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/20 14:05:57 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Janet\Desktop\OTL.exe
PRC - [2008/08/13 18:32:46 | 001,017,648 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2008/08/13 18:32:40 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/06/10 04:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/18 14:43:34 | 000,274,432 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
PRC - [2006/11/05 13:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 12:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/10/20 19:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/08/17 11:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2001/11/15 13:00:42 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/20 10:34:38 | 005,640,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d701bfe5ae0e914d96ffa0571393729c\System.Xml.ni.dll
MOD - [2012/06/20 10:34:19 | 008,093,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9f5e6049b44be54ca9f9df8cf3e1a41f\System.ni.dll
MOD - [2012/06/20 10:34:07 | 011,411,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\667e93856b3f734591b7e2158be2d4b6\mscorlib.ni.dll
MOD - [2007/12/18 14:43:34 | 000,274,432 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
MOD - [2007/12/18 14:43:12 | 000,090,112 | ---- | M] () -- C:\Program Files\Launchy\plugins\weby.dll
MOD - [2007/12/18 14:43:12 | 000,057,344 | ---- | M] () -- C:\Program Files\Launchy\plugins\calcy.dll
MOD - [2007/12/18 14:43:04 | 000,069,632 | ---- | M] () -- C:\Program Files\Launchy\plugins\runner.dll
MOD - [2007/12/14 14:23:36 | 000,348,160 | ---- | M] () -- C:\Program Files\Launchy\QtNetwork4.dll
MOD - [2007/12/14 14:23:04 | 006,270,976 | ---- | M] () -- C:\Program Files\Launchy\QtGui4.dll
MOD - [2007/12/14 14:13:56 | 001,523,712 | ---- | M] () -- C:\Program Files\Launchy\QtCore4.dll
MOD - [2006/11/05 12:58:44 | 000,516,096 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/11/05 12:28:18 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/08/18 15:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2007/07/23 09:23:46 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/07/23 09:23:46 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/07/23 09:23:44 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/06/13 22:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/08/18 15:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 15:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 15:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 15:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 15:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 15:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 15:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 15:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 12:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080121
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080121

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080121
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://maps.google.com/"
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.0.104
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/20 10:52:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/11/20 13:53:52 | 000,000,000 | ---D | M]

[2008/08/29 15:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Extensions
[2012/06/19 21:13:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions
[2008/09/13 20:08:37 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2008/10/07 20:32:04 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/06/11 07:52:33 | 000,000,000 | ---D | M] (United States English Dictionary) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions\[email protected]
[2008/10/20 20:44:41 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions\[email protected]
[2008/05/29 19:41:21 | 000,001,162 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\dictionarycom.xml
[2008/04/03 21:04:49 | 000,001,899 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\flickr-tags.xml
[2008/06/20 18:51:28 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\imdb.xml
[2008/06/20 18:51:28 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\wikipedia-en.xml
[2008/08/23 08:56:21 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\wikipedia-eng.xml
[2009/07/17 22:32:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2008/06/30 22:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {6fb2b4ed-7bd4-468a-b9a5-dd6d12918c85} - C:\WINDOWS\system32\jazijase.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [muhenatete] Rundll32.exe "C:\WINDOWS\system32\holuyibi.dll",s File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe ()
F3 - HKCU WinNT: Load - (C:\WINDOWS\system32\Janet.vbs) - C:\WINDOWS\system32\Janet.vbs ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 129
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1340201093734 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED2C2B8D-6687-4FFB-8877-534F4B8873B7}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - AppInit_DLLs: (c:\progra~1\google\google~4\goec62~1.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\nodedeje.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Janet\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Janet\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/14 14:59:26 | 000,000,221 | -HS- | M] () - C:\AutoRun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/01/04 08:22:58 | 000,002,772 | ---- | M] () - C:\AutoRun.PNF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/21 09:54:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/21 09:52:15 | 000,649,489 | ---- | C] (maliprog @ Geekstogo) -- C:\Documents and Settings\Janet\Desktop\GrabSample.exe
[2012/06/20 14:05:57 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Janet\Desktop\OTL.exe
[2012/06/20 12:46:46 | 000,173,456 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Janet\Desktop\FixVundo.exe
[2012/06/20 11:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Application Data\Malwarebytes
[2012/06/20 11:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/20 11:11:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/20 11:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/20 11:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/06/20 11:10:58 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Janet\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/20 10:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Application Data\ElevatedDiagnostics
[2012/06/20 10:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/06/20 10:36:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[1 C:\Documents and Settings\Janet\Desktop\*.tmp files -> C:\Documents and Settings\Janet\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/21 09:57:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/21 09:57:35 | 1062,387,712 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/21 09:57:02 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\keyozodu
[2012/06/21 09:54:57 | 000,000,105 | -HS- | M] () -- C:\WINDOWS\System32\Janet.ini
[2012/06/21 09:52:16 | 000,649,489 | ---- | M] (maliprog @ Geekstogo) -- C:\Documents and Settings\Janet\Desktop\GrabSample.exe
[2012/06/20 14:05:57 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Janet\Desktop\OTL.exe
[2012/06/20 11:11:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/20 11:11:04 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Janet\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/20 10:34:57 | 000,405,640 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/20 10:34:57 | 000,064,064 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/20 10:27:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/20 09:57:58 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/20 09:55:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\Documents and Settings\Janet\Desktop\*.tmp files -> C:\Documents and Settings\Janet\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/21 09:50:17 | 1062,387,712 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/20 11:11:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/20 11:02:58 | 000,000,186 | ---- | C] () -- C:\Documents and Settings\Janet\Desktop\repair.bat

========== LOP Check ==========

[2008/01/21 14:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/10/14 13:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2012/06/20 10:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\ElevatedDiagnostics
[2008/11/25 18:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\gtk-2.0
[2008/01/27 18:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\Launchy
[2008/04/19 23:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\Snapfish
[2008/08/09 18:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\Template

========== Purity Check ==========



< End of report >
  • 0

#4
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,176 posts

There is also an "activeX" warning pop up that appears after I reboot/restart the system. Does that have anything to do w/ whatever was disrupting my system? Or possibly that IE was corrupted? I attempted to remove (via the control panel; add/remove programs) IE a few days ago so that I can start anew w/ IE8 but I don't think I was successful at it. Thoughts? Let me know if you need the precise wording of the pop up message. It was something along the lines of, the page has activeX content, would you like to continue, "yes" or "no"?

I think that's browser security settings, we'll look at that when you're clean

You've got a worm on your system, it has a lot of different names but is sometimes referred to as HeadTail. It spreads via removable drives and infects .html, .htm, .asp, .hta, .vbs files

Firstly...
We'll clean any infected dives you have. Any USB stick or drive that's been plugged in should be cleaned using this method.

Flash Drive Disinfector
Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Next...
Save the attached file to you PC and unzip it. Double-click on bluesub90.exe. When it finishes running, a window will open, please copy the contents in your reply. If the window doesn't open, the report bluesub 90 will be on your desktop
  • 0

#5
bluesub90

bluesub90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Flash drive disninfector...done!

I've run the executable file (bluesub90.exe) but nothing appears on the text file...? Am I missing something?
  • 0

#6
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,176 posts
Is there a txt file on the desktop?

ComboFix

Notes:
  • If you have a previous version of Combofix.exe, delete it and download a fresh copy.
  • It must be saved to your desktop, do not run it
  • Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop
http://download.blee...Bs/ComboFix.exe
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
Posted Image
Posted Image

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
  • 0

#7
bluesub90

bluesub90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Yes. A text file was created, but there is nothing in it...




Here is the combofix report:

ComboFix 12-06-21.03 - Janet 06/22/2012 12:50:54.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.517 [GMT -4:00]
Running from: c:\documents and settings\Janet\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\Documents
C:\mimic.log
c:\windows\system32\afogopey.ini
c:\windows\system32\agozedow.ini
c:\windows\system32\ajugefuv.ini
c:\windows\system32\arafukok.ini
c:\windows\system32\arozolap.ini
c:\windows\system32\dijuboru.dll
c:\windows\system32\edajafis.ini
c:\windows\system32\efuritor.ini
c:\windows\system32\emamigas.ini
c:\windows\system32\erirejos.ini
c:\windows\system32\etofahen.ini
c:\windows\system32\ewagurom.ini
c:\windows\system32\eyosihon.ini
c:\windows\system32\ifihiyin.ini
c:\windows\system32\ipafowuf.ini
c:\windows\system32\irawuwus.ini
c:\windows\system32\kubidima.dll
c:\windows\system32\obalukoz.ini
c:\windows\system32\ojeninal.ini
c:\windows\system32\okehoyez.ini
c:\windows\system32\oruvadaw.ini
c:\windows\system32\ovuvugod.ini
c:\windows\system32\puwohuwu.dll
c:\windows\system32\ujebojog.ini
c:\windows\system32\ukegojef.ini
c:\windows\system32\ukubonin.ini
c:\windows\system32\ulapumez.ini
c:\windows\system32\upayusok.ini
c:\windows\system32\urijetik.ini
c:\windows\system32\urobujid.ini
c:\windows\system32\usinakod.ini
c:\windows\system32\uwilipej.ini
c:\windows\system32\uwopinad.ini
c:\windows\system32\uzafuyat.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-21 13:54 . 2012-06-21 13:54 -------- d-----w- C:\_OTL
2012-06-20 15:11 . 2012-06-20 15:11 -------- d-----w- c:\documents and settings\Janet\Application Data\Malwarebytes
2012-06-20 15:11 . 2012-06-20 15:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-20 15:11 . 2012-06-20 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-20 15:11 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 14:51 . 2012-06-20 14:51 -------- d-----w- c:\documents and settings\Administrator
2012-06-20 14:36 . 2012-06-20 14:36 -------- d-----w- c:\documents and settings\Janet\Application Data\ElevatedDiagnostics
2012-06-20 14:10 . 2009-08-06 23:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 23:57 . 2008-09-28 23:57 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-11-10 01:56 92212 --sha-w- c:\windows\system32\fareruta.dll
2008-11-17 22:29 90164 --sha-w- c:\windows\system32\fifugiku.dll
2008-11-20 14:25 90164 --sha-w- c:\windows\system32\fulivapo.dll
2008-11-28 07:15 93748 --sha-w- c:\windows\system32\gilavofi.dll
2008-11-25 15:08 93236 --sha-w- c:\windows\system32\jepewosi.dll
2008-11-27 05:34 93748 --sha-w- c:\windows\system32\jonotama.dll
2008-11-15 01:28 92724 --sha-w- c:\windows\system32\jowudosu.dll
2008-11-19 21:02 90164 --sha-w- c:\windows\system32\jusivefa.dll
2008-11-10 17:29 92212 --sha-w- c:\windows\system32\kedawubo.dll
2008-11-26 16:26 93748 --sha-w- c:\windows\system32\kitehevu.dll
2008-11-21 19:34 90164 --sha-w- c:\windows\system32\kojofaba.dll
2008-11-15 02:06 92724 --sha-w- c:\windows\system32\lasofesu.dll
2008-11-12 19:04 92212 --sha-w- c:\windows\system32\loyuwisa.dll
2008-08-14 06:23 46080 --sha-w- c:\windows\system32\lumuheze.dll
2008-11-12 04:32 92212 --sha-w- c:\windows\system32\lutalafo.dll
2008-11-15 02:06 85044 --sha-w- c:\windows\system32\nehafote.dll
2008-11-18 13:46 90164 --sha-w- c:\windows\system32\noyilole.dll
2008-11-13 14:04 92724 --sha-w- c:\windows\system32\peluloge.dll
2008-11-24 22:34 93236 --sha-w- c:\windows\system32\popefuha.dll
2008-12-27 02:29 98011 --sha-w- c:\windows\system32\rakedega.dll
2008-11-08 15:26 92212 --sha-w- c:\windows\system32\silohuru.dll
2008-11-15 01:05 92724 --sha-w- c:\windows\system32\tagafoha.dll
2008-11-16 16:12 92724 --sha-w- c:\windows\system32\tehunevo.dll
2008-11-23 04:10 90164 --sha-w- c:\windows\system32\wahotake.dll
2008-11-07 21:15 92212 --sha-w- c:\windows\system32\wawavara.dll
2008-11-15 00:42 92724 --sha-w- c:\windows\system32\wukaripa.dll
2008-11-09 11:46 92212 --sha-w- c:\windows\system32\yemopego.dll
2008-11-11 14:00 92212 --sha-w- c:\windows\system32\yivozizi.dll
2008-12-27 01:29 97844 --sha-w- c:\windows\system32\zewobihu.dll
2008-11-15 03:53 92724 --sha-w- c:\windows\system32\zotovebu.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 196608]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-28 30192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 190696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2008-1-27 274432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"=
"c:\\Program Files\\Roxio\\Drag-to-Disc\\DrgToDsc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=
"c:\\Program Files\\Launchy\\Launchy.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\CPSHelpRunner.exe"=
"c:\\WINDOWS\\system32\\wscript.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Documents and Settings\\Janet\\Desktop\\GrabSample.exe"=
"c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe"=
.
S3 GoogleDesktopManager-090808-172447;Google Desktop Manager 5.8.809.8522;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/28/2008 7:57 PM 30192]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\
FF - prefs.js: browser.startup.homepage - hxxp://maps.google.com/
FF - Ext: United States English Dictionary: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Move Media Player: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
.
.
------- File Associations -------
.
txtfile=%SystemRoot%\System32\WScript.exe "c:\windows\Janet.vbs" %1 %*
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{6fb2b4ed-7bd4-468a-b9a5-dd6d12918c85} - c:\windows\system32\jazijase.dll
HKLM-Run-muhenatete - c:\windows\system32\holuyibi.dll
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-22 12:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1676)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-06-22 12:58:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-22 16:58
.
Pre-Run: 91,478,138,880 bytes free
Post-Run: 91,278,659,584 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - AD2129818FBF2112B9ACC97E6037FA83
  • 0

#8
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,176 posts
ComboFix Script
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

File::
2008-11-10 01:56 92212 --sha-w- c:\windows\system32\fareruta.dll
2008-11-17 22:29 90164 --sha-w- c:\windows\system32\fifugiku.dll
2008-11-20 14:25 90164 --sha-w- c:\windows\system32\fulivapo.dll
2008-11-28 07:15 93748 --sha-w- c:\windows\system32\gilavofi.dll
2008-11-25 15:08 93236 --sha-w- c:\windows\system32\jepewosi.dll
2008-11-27 05:34 93748 --sha-w- c:\windows\system32\jonotama.dll
2008-11-15 01:28 92724 --sha-w- c:\windows\system32\jowudosu.dll
2008-11-19 21:02 90164 --sha-w- c:\windows\system32\jusivefa.dll
2008-11-10 17:29 92212 --sha-w- c:\windows\system32\kedawubo.dll
2008-11-26 16:26 93748 --sha-w- c:\windows\system32\kitehevu.dll
2008-11-21 19:34 90164 --sha-w- c:\windows\system32\kojofaba.dll
2008-11-15 02:06 92724 --sha-w- c:\windows\system32\lasofesu.dll
2008-11-12 19:04 92212 --sha-w- c:\windows\system32\loyuwisa.dll
2008-08-14 06:23 46080 --sha-w- c:\windows\system32\lumuheze.dll
2008-11-12 04:32 92212 --sha-w- c:\windows\system32\lutalafo.dll
2008-11-15 02:06 85044 --sha-w- c:\windows\system32\nehafote.dll
2008-11-18 13:46 90164 --sha-w- c:\windows\system32\noyilole.dll
2008-11-13 14:04 92724 --sha-w- c:\windows\system32\peluloge.dll
2008-11-24 22:34 93236 --sha-w- c:\windows\system32\popefuha.dll
2008-12-27 02:29 98011 --sha-w- c:\windows\system32\rakedega.dll
2008-11-08 15:26 92212 --sha-w- c:\windows\system32\silohuru.dll
2008-11-15 01:05 92724 --sha-w- c:\windows\system32\tagafoha.dll
2008-11-16 16:12 92724 --sha-w- c:\windows\system32\tehunevo.dll
2008-11-23 04:10 90164 --sha-w- c:\windows\system32\wahotake.dll
2008-11-07 21:15 92212 --sha-w- c:\windows\system32\wawavara.dll
2008-11-15 00:42 92724 --sha-w- c:\windows\system32\wukaripa.dll
2008-11-09 11:46 92212 --sha-w- c:\windows\system32\yemopego.dll
2008-11-11 14:00 92212 --sha-w- c:\windows\system32\yivozizi.dll
2008-12-27 01:29 97844 --sha-w- c:\windows\system32\zewobihu.dll
2008-11-15 03:53 92724 --sha-w- c:\windows\system32\zotovebu.dll


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I need you to include in your next reply.

Then...
Run OTL again, click 'Quick Scan' and post the log here please
  • 0

#9
bluesub90

bluesub90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
_________________________________________________________________________________________
combofix report:

ComboFix 12-06-21.03 - Janet 06/22/2012 15:08:39.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.496 [GMT -4:00]
Running from: c:\documents and settings\Janet\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Janet\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-21 13:54 . 2012-06-21 13:54 -------- d-----w- C:\_OTL
2012-06-20 15:11 . 2012-06-20 15:11 -------- d-----w- c:\documents and settings\Janet\Application Data\Malwarebytes
2012-06-20 15:11 . 2012-06-20 15:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-20 15:11 . 2012-06-20 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-20 15:11 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 14:51 . 2012-06-20 14:51 -------- d-----w- c:\documents and settings\Administrator
2012-06-20 14:36 . 2012-06-20 14:36 -------- d-----w- c:\documents and settings\Janet\Application Data\ElevatedDiagnostics
2012-06-20 14:10 . 2012-06-02 19:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 19:19 . 2007-07-31 00:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-07-31 00:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2004-08-10 19:02 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2004-08-10 19:02 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2004-08-10 19:02 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2007-07-31 00:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2004-08-10 19:02 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2004-08-10 19:02 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2004-08-10 18:50 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2007-07-31 00:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2004-08-10 19:02 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2004-08-10 19:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2008-09-11 00:44 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2008-09-11 00:44 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2008-09-11 00:44 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2008-09-28 23:57 . 2008-09-28 23:57 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-11-10 01:56 92212 --sha-w- c:\windows\system32\fareruta.dll
2008-11-17 22:29 90164 --sha-w- c:\windows\system32\fifugiku.dll
2008-11-20 14:25 90164 --sha-w- c:\windows\system32\fulivapo.dll
2008-11-28 07:15 93748 --sha-w- c:\windows\system32\gilavofi.dll
2008-11-25 15:08 93236 --sha-w- c:\windows\system32\jepewosi.dll
2008-11-27 05:34 93748 --sha-w- c:\windows\system32\jonotama.dll
2008-11-15 01:28 92724 --sha-w- c:\windows\system32\jowudosu.dll
2008-11-19 21:02 90164 --sha-w- c:\windows\system32\jusivefa.dll
2008-11-10 17:29 92212 --sha-w- c:\windows\system32\kedawubo.dll
2008-11-26 16:26 93748 --sha-w- c:\windows\system32\kitehevu.dll
2008-11-21 19:34 90164 --sha-w- c:\windows\system32\kojofaba.dll
2008-11-15 02:06 92724 --sha-w- c:\windows\system32\lasofesu.dll
2008-11-12 19:04 92212 --sha-w- c:\windows\system32\loyuwisa.dll
2008-08-14 06:23 46080 --sha-w- c:\windows\system32\lumuheze.dll
2008-11-12 04:32 92212 --sha-w- c:\windows\system32\lutalafo.dll
2008-11-15 02:06 85044 --sha-w- c:\windows\system32\nehafote.dll
2008-11-18 13:46 90164 --sha-w- c:\windows\system32\noyilole.dll
2008-11-13 14:04 92724 --sha-w- c:\windows\system32\peluloge.dll
2008-11-24 22:34 93236 --sha-w- c:\windows\system32\popefuha.dll
2008-12-27 02:29 98011 --sha-w- c:\windows\system32\rakedega.dll
2008-11-08 15:26 92212 --sha-w- c:\windows\system32\silohuru.dll
2008-11-15 01:05 92724 --sha-w- c:\windows\system32\tagafoha.dll
2008-11-16 16:12 92724 --sha-w- c:\windows\system32\tehunevo.dll
2008-11-23 04:10 90164 --sha-w- c:\windows\system32\wahotake.dll
2008-11-07 21:15 92212 --sha-w- c:\windows\system32\wawavara.dll
2008-11-15 00:42 92724 --sha-w- c:\windows\system32\wukaripa.dll
2008-11-09 11:46 92212 --sha-w- c:\windows\system32\yemopego.dll
2008-11-11 14:00 92212 --sha-w- c:\windows\system32\yivozizi.dll
2008-12-27 01:29 97844 --sha-w- c:\windows\system32\zewobihu.dll
2008-11-15 03:53 92724 --sha-w- c:\windows\system32\zotovebu.dll
.
.
((((((((((((((((((((((((((((( [email protected]_16.55.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-22 17:02 . 2012-06-02 19:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll
+ 2012-06-22 17:02 . 2012-06-02 19:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll
+ 2004-08-10 19:02 . 2012-06-02 19:19 35864 c:\windows\system32\dllcache\wups.dll
+ 2004-08-10 19:02 . 2012-06-02 19:19 53784 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-10 18:50 . 2012-06-02 19:19 97304 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-10 19:02 . 2012-06-02 19:19 577048 c:\windows\system32\dllcache\wuapi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 196608]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-28 30192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 190696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2008-1-27 274432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"=
"c:\\Program Files\\Roxio\\Drag-to-Disc\\DrgToDsc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=
"c:\\Program Files\\Launchy\\Launchy.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\CPSHelpRunner.exe"=
"c:\\WINDOWS\\system32\\wscript.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Documents and Settings\\Janet\\Desktop\\GrabSample.exe"=
"c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe"=
.
S3 GoogleDesktopManager-090808-172447;Google Desktop Manager 5.8.809.8522;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/28/2008 7:57 PM 30192]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\
FF - prefs.js: browser.startup.homepage - hxxp://maps.google.com/
FF - Ext: United States English Dictionary: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Move Media Player: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-22 15:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2904)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-06-22 15:14:20
ComboFix-quarantined-files.txt 2012-06-22 19:14
ComboFix2.txt 2012-06-22 16:58
.
Pre-Run: 91,159,986,176 bytes free
Post-Run: 91,139,710,976 bytes free
.
- - End Of File - - 6F109FCEC096483330EA9D7C91CCB7E0





_________________________________________________________________________________________

OTL report:

OTL logfile created on: 6/22/2012 3:15:52 PM - Run 3
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\Janet\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 535.57 Mb Available Physical Memory | 52.86% Memory free
2.38 Gb Paging File | 2.06 Gb Available in Paging File | 86.63% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 84.92 Gb Free Space | 36.48% Space Free | Partition Type: NTFS

Computer Name: NEW | User Name: Janet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/20 14:05:57 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Janet\Desktop\OTL.exe
PRC - [2008/11/20 13:53:47 | 000,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/08/13 18:32:40 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/06/10 04:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/05 13:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 12:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/10/20 19:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/08/17 11:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2001/11/15 13:00:42 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/20 10:34:38 | 005,640,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d701bfe5ae0e914d96ffa0571393729c\System.Xml.ni.dll
MOD - [2012/06/20 10:34:19 | 008,093,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9f5e6049b44be54ca9f9df8cf3e1a41f\System.ni.dll
MOD - [2012/06/20 10:34:07 | 011,411,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\667e93856b3f734591b7e2158be2d4b6\mscorlib.ni.dll
MOD - [2006/11/05 12:58:44 | 000,516,096 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/11/05 12:28:18 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/08/18 15:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Janet\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2007/07/23 09:23:46 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/07/23 09:23:46 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/07/23 09:23:44 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/06/13 22:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/08/18 15:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 15:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 15:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 15:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 15:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 15:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 15:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 15:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 12:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080121
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080121

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://maps.google.com/"
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.0.104
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/20 10:52:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/11/20 13:53:52 | 000,000,000 | ---D | M]

[2008/08/29 15:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Extensions
[2012/06/22 10:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions
[2008/09/13 20:08:37 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2008/10/07 20:32:04 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/06/11 07:52:33 | 000,000,000 | ---D | M] (United States English Dictionary) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions\[email protected]
[2008/10/20 20:44:41 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions\[email protected]
[2008/05/29 19:41:21 | 000,001,162 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\dictionarycom.xml
[2008/04/03 21:04:49 | 000,001,899 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\flickr-tags.xml
[2008/06/20 18:51:28 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\imdb.xml
[2008/06/20 18:51:28 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\wikipedia-en.xml
[2008/08/23 08:56:21 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\wikipedia-eng.xml
[2009/07/17 22:32:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2008/06/30 22:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2012/06/22 12:55:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1340201093734 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED2C2B8D-6687-4FFB-8877-534F4B8873B7}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Janet\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Janet\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/01/04 08:22:58 | 000,002,772 | ---- | M] () - C:\AutoRun.PNF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/22 15:14:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/06/22 12:49:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/06/22 12:48:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/22 12:48:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/22 12:48:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/22 12:48:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/22 12:48:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/22 12:47:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/06/22 12:47:22 | 004,565,264 | R--- | C] (Swearware) -- C:\Documents and Settings\Janet\Desktop\ComboFix.exe
[2012/06/22 10:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Desktop\bluesub90
[2012/06/21 09:54:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/21 09:52:15 | 000,649,489 | ---- | C] (maliprog @ Geekstogo) -- C:\Documents and Settings\Janet\Desktop\GrabSample.exe
[2012/06/20 14:05:57 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Janet\Desktop\OTL.exe
[2012/06/20 11:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Application Data\Malwarebytes
[2012/06/20 11:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/20 11:11:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/20 11:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/20 11:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/06/20 11:10:58 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Janet\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/20 10:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Application Data\ElevatedDiagnostics
[2012/06/20 10:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/06/20 10:36:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[1 C:\Documents and Settings\Janet\Desktop\*.tmp files -> C:\Documents and Settings\Janet\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/22 15:02:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/22 15:02:04 | 1062,387,712 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/22 12:55:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/22 12:49:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/06/22 12:47:24 | 004,565,264 | R--- | M] (Swearware) -- C:\Documents and Settings\Janet\Desktop\ComboFix.exe
[2012/06/22 10:40:38 | 000,029,292 | ---- | M] () -- C:\Documents and Settings\Janet\Desktop\bluesub90.zip
[2012/06/22 10:21:00 | 000,112,128 | ---- | M] () -- C:\Documents and Settings\Janet\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/22 10:21:00 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/06/22 10:20:06 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Janet\Desktop\Flash_Disinfector.exe
[2012/06/22 10:18:50 | 000,000,024 | -HS- | M] () -- C:\WINDOWS\System32\Janet.ini
[2012/06/22 10:17:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/21 09:57:02 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\keyozodu
[2012/06/21 09:52:16 | 000,649,489 | ---- | M] (maliprog @ Geekstogo) -- C:\Documents and Settings\Janet\Desktop\GrabSample.exe
[2012/06/20 14:05:57 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Janet\Desktop\OTL.exe
[2012/06/20 11:11:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/20 11:11:04 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Janet\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/20 10:34:57 | 000,405,640 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/20 10:34:57 | 000,064,064 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/20 09:57:58 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/20 09:55:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\Documents and Settings\Janet\Desktop\*.tmp files -> C:\Documents and Settings\Janet\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/22 12:49:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/06/22 12:49:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/06/22 12:48:13 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/22 12:48:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/22 12:48:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/22 12:48:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/22 12:48:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/22 10:40:38 | 000,029,292 | ---- | C] () -- C:\Documents and Settings\Janet\Desktop\bluesub90.zip
[2012/06/22 10:20:03 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Janet\Desktop\Flash_Disinfector.exe
[2012/06/21 09:50:17 | 1062,387,712 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/20 11:11:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

========== LOP Check ==========

[2008/01/21 14:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/10/14 13:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2012/06/20 10:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\ElevatedDiagnostics
[2008/11/25 18:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\gtk-2.0
[2008/01/27 18:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\Launchy
[2008/04/19 23:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\Snapfish
[2008/08/09 18:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\Template

========== Purity Check ==========



< End of report >
  • 0

#10
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,176 posts
We're looking much better :thumbsup:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2012/06/21 09:57:02 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\keyozodu
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
    
    :Files
    C:\WINDOWS\system32\Janet.vbs ()
    2008-11-10 01:56 92212 --sha-w- c:\windows\system32\fareruta.dll
    2008-11-17 22:29 90164 --sha-w- c:\windows\system32\fifugiku.dll
    2008-11-20 14:25 90164 --sha-w- c:\windows\system32\fulivapo.dll
    2008-11-28 07:15 93748 --sha-w- c:\windows\system32\gilavofi.dll
    2008-11-25 15:08 93236 --sha-w- c:\windows\system32\jepewosi.dll
    2008-11-27 05:34 93748 --sha-w- c:\windows\system32\jonotama.dll
    2008-11-15 01:28 92724 --sha-w- c:\windows\system32\jowudosu.dll
    2008-11-19 21:02 90164 --sha-w- c:\windows\system32\jusivefa.dll
    2008-11-10 17:29 92212 --sha-w- c:\windows\system32\kedawubo.dll
    2008-11-26 16:26 93748 --sha-w- c:\windows\system32\kitehevu.dll
    2008-11-21 19:34 90164 --sha-w- c:\windows\system32\kojofaba.dll
    2008-11-15 02:06 92724 --sha-w- c:\windows\system32\lasofesu.dll
    2008-11-12 19:04 92212 --sha-w- c:\windows\system32\loyuwisa.dll
    2008-08-14 06:23 46080 --sha-w- c:\windows\system32\lumuheze.dll
    2008-11-12 04:32 92212 --sha-w- c:\windows\system32\lutalafo.dll
    2008-11-15 02:06 85044 --sha-w- c:\windows\system32\nehafote.dll
    2008-11-18 13:46 90164 --sha-w- c:\windows\system32\noyilole.dll
    2008-11-13 14:04 92724 --sha-w- c:\windows\system32\peluloge.dll
    2008-11-24 22:34 93236 --sha-w- c:\windows\system32\popefuha.dll
    2008-12-27 02:29 98011 --sha-w- c:\windows\system32\rakedega.dll
    2008-11-08 15:26 92212 --sha-w- c:\windows\system32\silohuru.dll
    2008-11-15 01:05 92724 --sha-w- c:\windows\system32\tagafoha.dll
    2008-11-16 16:12 92724 --sha-w- c:\windows\system32\tehunevo.dll
    2008-11-23 04:10 90164 --sha-w- c:\windows\system32\wahotake.dll
    2008-11-07 21:15 92212 --sha-w- c:\windows\system32\wawavara.dll
    2008-11-15 00:42 92724 --sha-w- c:\windows\system32\wukaripa.dll
    2008-11-09 11:46 92212 --sha-w- c:\windows\system32\yemopego.dll
    2008-11-11 14:00 92212 --sha-w- c:\windows\system32\yivozizi.dll
    2008-12-27 01:29 97844 --sha-w- c:\windows\system32\zewobihu.dll
    2008-11-15 03:53 92724 --sha-w- c:\windows\system32\zotovebu.dll
    
    :Commands
    [purity]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements


#11
bluesub90

bluesub90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
:happy: hooray!!!! :D

btw the 'internet explorer' pop up that appears when windows starts says:
"
An activex control on this page might be unsafe with other parts of the page. do you want to allow this interaction?

"


OTL report:

All processes killed
========== OTL ==========
C:\WINDOWS\system32\keyozodu moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\system32\Janet.vbs () not found.
File\Folder 2008-11-10 01:56 92212 --sha-w- c:\windows\system32\fareruta.dll not found.
File\Folder 2008-11-17 22:29 90164 --sha-w- c:\windows\system32\fifugiku.dll not found.
File\Folder 2008-11-20 14:25 90164 --sha-w- c:\windows\system32\fulivapo.dll not found.
File\Folder 2008-11-28 07:15 93748 --sha-w- c:\windows\system32\gilavofi.dll not found.
File\Folder 2008-11-25 15:08 93236 --sha-w- c:\windows\system32\jepewosi.dll not found.
File\Folder 2008-11-27 05:34 93748 --sha-w- c:\windows\system32\jonotama.dll not found.
File\Folder 2008-11-15 01:28 92724 --sha-w- c:\windows\system32\jowudosu.dll not found.
File\Folder 2008-11-19 21:02 90164 --sha-w- c:\windows\system32\jusivefa.dll not found.
File\Folder 2008-11-10 17:29 92212 --sha-w- c:\windows\system32\kedawubo.dll not found.
File\Folder 2008-11-26 16:26 93748 --sha-w- c:\windows\system32\kitehevu.dll not found.
File\Folder 2008-11-21 19:34 90164 --sha-w- c:\windows\system32\kojofaba.dll not found.
File\Folder 2008-11-15 02:06 92724 --sha-w- c:\windows\system32\lasofesu.dll not found.
File\Folder 2008-11-12 19:04 92212 --sha-w- c:\windows\system32\loyuwisa.dll not found.
File\Folder 2008-08-14 06:23 46080 --sha-w- c:\windows\system32\lumuheze.dll not found.
File\Folder 2008-11-12 04:32 92212 --sha-w- c:\windows\system32\lutalafo.dll not found.
File\Folder 2008-11-15 02:06 85044 --sha-w- c:\windows\system32\nehafote.dll not found.
File\Folder 2008-11-18 13:46 90164 --sha-w- c:\windows\system32\noyilole.dll not found.
File\Folder 2008-11-13 14:04 92724 --sha-w- c:\windows\system32\peluloge.dll not found.
File\Folder 2008-11-24 22:34 93236 --sha-w- c:\windows\system32\popefuha.dll not found.
File\Folder 2008-12-27 02:29 98011 --sha-w- c:\windows\system32\rakedega.dll not found.
File\Folder 2008-11-08 15:26 92212 --sha-w- c:\windows\system32\silohuru.dll not found.
File\Folder 2008-11-15 01:05 92724 --sha-w- c:\windows\system32\tagafoha.dll not found.
File\Folder 2008-11-16 16:12 92724 --sha-w- c:\windows\system32\tehunevo.dll not found.
File\Folder 2008-11-23 04:10 90164 --sha-w- c:\windows\system32\wahotake.dll not found.
File\Folder 2008-11-07 21:15 92212 --sha-w- c:\windows\system32\wawavara.dll not found.
File\Folder 2008-11-15 00:42 92724 --sha-w- c:\windows\system32\wukaripa.dll not found.
File\Folder 2008-11-09 11:46 92212 --sha-w- c:\windows\system32\yemopego.dll not found.
File\Folder 2008-11-11 14:00 92212 --sha-w- c:\windows\system32\yivozizi.dll not found.
File\Folder 2008-12-27 01:29 97844 --sha-w- c:\windows\system32\zewobihu.dll not found.
File\Folder 2008-11-15 03:53 92724 --sha-w- c:\windows\system32\zotovebu.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Janet
->Temp folder emptied: 587193 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39904123 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 39.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.50.0 log created on 06222012_161324

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#12
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,176 posts
OK, can you do me another OTL scan please - Press 'Quick Scan'

Is it working OK now? any problems other than the ActiveX?

Any more info on the message? Does it say what it is? The only ones I can see on your system are Windows Updates and Java
  • 0

#13
bluesub90

bluesub90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
The warning message is an internet explorer pop up. It always appears as soon as the computer has booted up, even before I have clicked anything...

It says: An activex control on this page might be unsafe with other parts of the page. do you want to allow this interaction?

Will uninstalling internet explorer or removing it ...help in any way?
I always just select "NO" when it prompts me.


OTL report:

OTL logfile created on: 6/24/2012 7:13:04 PM - Run 4
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\Janet\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 493.55 Mb Available Physical Memory | 48.72% Memory free
2.38 Gb Paging File | 1.98 Gb Available in Paging File | 83.24% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 84.92 Gb Free Space | 36.48% Space Free | Partition Type: NTFS

Computer Name: NEW | User Name: Janet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/20 14:05:57 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Janet\Desktop\OTL.exe
PRC - [2008/11/20 13:53:47 | 000,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/08/13 18:32:46 | 001,017,648 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2008/08/13 18:32:40 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/06/10 04:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/18 14:43:34 | 000,274,432 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
PRC - [2006/11/05 13:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 12:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/10/20 19:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/08/17 11:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2001/11/15 13:00:42 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/20 10:34:38 | 005,640,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d701bfe5ae0e914d96ffa0571393729c\System.Xml.ni.dll
MOD - [2012/06/20 10:34:19 | 008,093,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9f5e6049b44be54ca9f9df8cf3e1a41f\System.ni.dll
MOD - [2012/06/20 10:34:07 | 011,411,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\667e93856b3f734591b7e2158be2d4b6\mscorlib.ni.dll
MOD - [2007/12/18 14:43:34 | 000,274,432 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
MOD - [2007/12/18 14:43:12 | 000,090,112 | ---- | M] () -- C:\Program Files\Launchy\plugins\weby.dll
MOD - [2007/12/18 14:43:12 | 000,057,344 | ---- | M] () -- C:\Program Files\Launchy\plugins\calcy.dll
MOD - [2007/12/18 14:43:04 | 000,069,632 | ---- | M] () -- C:\Program Files\Launchy\plugins\runner.dll
MOD - [2007/12/14 14:23:36 | 000,348,160 | ---- | M] () -- C:\Program Files\Launchy\QtNetwork4.dll
MOD - [2007/12/14 14:23:04 | 006,270,976 | ---- | M] () -- C:\Program Files\Launchy\QtGui4.dll
MOD - [2007/12/14 14:13:56 | 001,523,712 | ---- | M] () -- C:\Program Files\Launchy\QtCore4.dll
MOD - [2006/11/05 12:58:44 | 000,516,096 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/11/05 12:28:18 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/08/18 15:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Janet\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2007/07/23 09:23:46 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/07/23 09:23:46 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/07/23 09:23:44 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/06/13 22:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/08/18 15:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 15:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 15:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 15:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 15:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 15:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 15:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 15:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 12:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080121
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080121

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://maps.google.com/"
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.0.104
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/20 10:52:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/11/20 13:53:52 | 000,000,000 | ---D | M]

[2008/08/29 15:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Extensions
[2012/06/22 10:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions
[2008/09/13 20:08:37 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2008/10/07 20:32:04 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/06/11 07:52:33 | 000,000,000 | ---D | M] (United States English Dictionary) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions\[email protected]
[2008/10/20 20:44:41 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions\[email protected]
[2008/05/29 19:41:21 | 000,001,162 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\dictionarycom.xml
[2008/04/03 21:04:49 | 000,001,899 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\flickr-tags.xml
[2008/06/20 18:51:28 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\imdb.xml
[2008/06/20 18:51:28 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\wikipedia-en.xml
[2008/08/23 08:56:21 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\wikipedia-eng.xml
[2009/07/17 22:32:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2008/06/30 22:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2012/06/22 12:55:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1340201093734 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED2C2B8D-6687-4FFB-8877-534F4B8873B7}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Janet\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Janet\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/01/04 08:22:58 | 000,002,772 | ---- | M] () - C:\AutoRun.PNF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/22 16:13:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/22 15:14:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/06/22 12:49:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/06/22 12:48:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/22 12:48:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/22 12:48:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/22 12:48:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/22 12:48:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/22 12:47:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/06/22 12:47:22 | 004,565,264 | R--- | C] (Swearware) -- C:\Documents and Settings\Janet\Desktop\ComboFix.exe
[2012/06/22 10:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Desktop\bluesub90
[2012/06/21 09:54:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/21 09:52:15 | 000,649,489 | ---- | C] (maliprog @ Geekstogo) -- C:\Documents and Settings\Janet\Desktop\GrabSample.exe
[2012/06/20 14:05:57 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Janet\Desktop\OTL.exe
[2012/06/20 11:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Application Data\Malwarebytes
[2012/06/20 11:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/20 11:11:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/20 11:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/20 11:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/06/20 11:10:58 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Janet\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/20 10:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Application Data\ElevatedDiagnostics
[2012/06/20 10:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/06/20 10:36:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[1 C:\Documents and Settings\Janet\Desktop\*.tmp files -> C:\Documents and Settings\Janet\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/24 19:11:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/24 19:11:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/24 19:11:08 | 1062,387,712 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/22 12:55:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/22 12:49:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/06/22 12:47:24 | 004,565,264 | R--- | M] (Swearware) -- C:\Documents and Settings\Janet\Desktop\ComboFix.exe
[2012/06/22 10:40:38 | 000,029,292 | ---- | M] () -- C:\Documents and Settings\Janet\Desktop\bluesub90.zip
[2012/06/22 10:21:00 | 000,112,128 | ---- | M] () -- C:\Documents and Settings\Janet\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/22 10:21:00 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/06/22 10:20:06 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Janet\Desktop\Flash_Disinfector.exe
[2012/06/22 10:18:50 | 000,000,024 | -HS- | M] () -- C:\WINDOWS\System32\Janet.ini
[2012/06/21 09:52:16 | 000,649,489 | ---- | M] (maliprog @ Geekstogo) -- C:\Documents and Settings\Janet\Desktop\GrabSample.exe
[2012/06/20 14:05:57 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Janet\Desktop\OTL.exe
[2012/06/20 11:11:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/20 11:11:04 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Janet\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/20 10:34:57 | 000,405,640 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/20 10:34:57 | 000,064,064 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/20 09:57:58 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/20 09:55:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\Documents and Settings\Janet\Desktop\*.tmp files -> C:\Documents and Settings\Janet\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/22 12:49:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/06/22 12:49:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/06/22 12:48:13 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/22 12:48:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/22 12:48:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/22 12:48:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/22 12:48:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/22 10:40:38 | 000,029,292 | ---- | C] () -- C:\Documents and Settings\Janet\Desktop\bluesub90.zip
[2012/06/22 10:20:03 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Janet\Desktop\Flash_Disinfector.exe
[2012/06/21 09:50:17 | 1062,387,712 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/20 11:11:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

========== LOP Check ==========

[2008/01/21 14:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/10/14 13:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2012/06/20 10:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\ElevatedDiagnostics
[2008/11/25 18:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\gtk-2.0
[2008/01/27 18:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\Launchy
[2008/04/19 23:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\Snapfish
[2008/08/09 18:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\Template

========== Purity Check ==========



< End of report >
  • 0

#14
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,176 posts

The warning message is an internet explorer pop up. It always appears as soon as the computer has booted up, even before I have clicked anything...

It says: An activex control on this page might be unsafe with other parts of the page. do you want to allow this interaction?

Will uninstalling internet explorer or removing it ...help in any way?
I always just select "NO" when it prompts me.


Check if it still occurs after the next fix - if so we'll fix it

Run OTL again...
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Janet\LOCALS~1\Temp\catchme.sys -- (catchme)
    
    :Commands
    [purity]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


What Anti-virus are you running?
  • 0

#15
bluesub90

bluesub90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Yes, it still appears...


OTL report:

OTL logfile created on: 6/25/2012 11:08:20 AM - Run 5
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\Janet\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 559.39 Mb Available Physical Memory | 55.22% Memory free
2.38 Gb Paging File | 2.05 Gb Available in Paging File | 85.89% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 81.06 Gb Free Space | 34.82% Space Free | Partition Type: NTFS

Computer Name: NEW | User Name: Janet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/20 14:05:57 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Janet\Desktop\OTL.exe
PRC - [2008/08/13 18:32:46 | 001,017,648 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2008/08/13 18:32:40 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/06/10 04:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/18 14:43:34 | 000,274,432 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
PRC - [2006/11/05 13:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 12:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/10/20 19:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/08/17 11:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2001/11/15 13:00:42 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/20 10:34:38 | 005,640,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d701bfe5ae0e914d96ffa0571393729c\System.Xml.ni.dll
MOD - [2012/06/20 10:34:19 | 008,093,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9f5e6049b44be54ca9f9df8cf3e1a41f\System.ni.dll
MOD - [2012/06/20 10:34:07 | 011,411,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\667e93856b3f734591b7e2158be2d4b6\mscorlib.ni.dll
MOD - [2007/12/18 14:43:34 | 000,274,432 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
MOD - [2007/12/18 14:43:12 | 000,090,112 | ---- | M] () -- C:\Program Files\Launchy\plugins\weby.dll
MOD - [2007/12/18 14:43:12 | 000,057,344 | ---- | M] () -- C:\Program Files\Launchy\plugins\calcy.dll
MOD - [2007/12/18 14:43:04 | 000,069,632 | ---- | M] () -- C:\Program Files\Launchy\plugins\runner.dll
MOD - [2007/12/14 14:23:36 | 000,348,160 | ---- | M] () -- C:\Program Files\Launchy\QtNetwork4.dll
MOD - [2007/12/14 14:23:04 | 006,270,976 | ---- | M] () -- C:\Program Files\Launchy\QtGui4.dll
MOD - [2007/12/14 14:13:56 | 001,523,712 | ---- | M] () -- C:\Program Files\Launchy\QtCore4.dll
MOD - [2006/11/05 12:58:44 | 000,516,096 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/11/05 12:28:18 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/08/18 15:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2007/07/23 09:23:46 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/07/23 09:23:46 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/07/23 09:23:44 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/06/13 22:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/08/18 15:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 15:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 15:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 15:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 15:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 15:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 15:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 15:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 12:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080121
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080121
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://maps.google.com/"
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.0.104
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Janet\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Janet\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/20 10:52:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/11/20 13:53:52 | 000,000,000 | ---D | M]

[2008/08/29 15:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Extensions
[2012/06/22 10:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions
[2008/09/13 20:08:37 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2008/10/07 20:32:04 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/06/11 07:52:33 | 000,000,000 | ---D | M] (United States English Dictionary) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions\[email protected]
[2008/10/20 20:44:41 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\extensions\[email protected]
[2008/05/29 19:41:21 | 000,001,162 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\dictionarycom.xml
[2008/04/03 21:04:49 | 000,001,899 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\flickr-tags.xml
[2008/06/20 18:51:28 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\imdb.xml
[2008/06/20 18:51:28 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\wikipedia-en.xml
[2008/08/23 08:56:21 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Mozilla\Firefox\Profiles\dkm0l9ys.default\searchplugins\wikipedia-eng.xml
[2009/07/17 22:32:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2008/06/30 22:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll

========== Chrome ==========

CHR - Extension: YouTube = C:\Documents and Settings\Janet\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Janet\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Documents and Settings\Janet\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/06/22 12:55:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1340201093734 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED2C2B8D-6687-4FFB-8877-534F4B8873B7}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Janet\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Janet\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/01/04 08:22:58 | 000,002,772 | ---- | M] () - C:\AutoRun.PNF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/25 11:01:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Janet\IETldCache
[2012/06/24 20:07:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/06/24 20:06:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/06/24 19:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Start Menu\Programs\Google Chrome
[2012/06/24 19:19:09 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Janet\UserData
[2012/06/22 16:13:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/22 15:14:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/06/22 12:49:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/06/22 12:48:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/22 12:48:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/22 12:48:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/22 12:48:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/22 12:48:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/22 12:47:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/06/22 12:47:22 | 004,565,264 | R--- | C] (Swearware) -- C:\Documents and Settings\Janet\Desktop\ComboFix.exe
[2012/06/22 10:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Desktop\bluesub90
[2012/06/21 09:54:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/21 09:52:15 | 000,649,489 | ---- | C] (maliprog @ Geekstogo) -- C:\Documents and Settings\Janet\Desktop\GrabSample.exe
[2012/06/20 14:05:57 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Janet\Desktop\OTL.exe
[2012/06/20 11:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Application Data\Malwarebytes
[2012/06/20 11:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/20 11:11:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/20 11:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/20 11:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/06/20 11:10:58 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Janet\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/20 10:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet\Application Data\ElevatedDiagnostics
[2012/06/20 10:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/06/20 10:36:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[1 C:\Documents and Settings\Janet\Desktop\*.tmp files -> C:\Documents and Settings\Janet\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/25 11:11:22 | 000,405,640 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/25 11:11:22 | 000,064,064 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/25 11:06:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/25 11:06:41 | 1062,387,712 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/25 11:01:52 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Janet\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/25 11:01:34 | 000,352,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/24 20:08:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/24 19:31:18 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/06/24 19:29:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/24 19:22:02 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1950007586-820808814-895117673-1006Core.job
[2012/06/24 19:22:01 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1950007586-820808814-895117673-1006UA.job
[2012/06/22 12:55:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/22 12:49:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/06/22 12:47:24 | 004,565,264 | R--- | M] (Swearware) -- C:\Documents and Settings\Janet\Desktop\ComboFix.exe
[2012/06/22 10:40:38 | 000,029,292 | ---- | M] () -- C:\Documents and Settings\Janet\Desktop\bluesub90.zip
[2012/06/22 10:21:00 | 000,112,128 | ---- | M] () -- C:\Documents and Settings\Janet\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/22 10:20:06 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Janet\Desktop\Flash_Disinfector.exe
[2012/06/22 10:18:50 | 000,000,024 | -HS- | M] () -- C:\WINDOWS\System32\Janet.ini
[2012/06/21 09:52:16 | 000,649,489 | ---- | M] (maliprog @ Geekstogo) -- C:\Documents and Settings\Janet\Desktop\GrabSample.exe
[2012/06/20 14:05:57 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Janet\Desktop\OTL.exe
[2012/06/20 11:11:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/20 11:11:04 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Janet\Desktop\mbam-setup-1.61.0.1400.exe
[1 C:\Documents and Settings\Janet\Desktop\*.tmp files -> C:\Documents and Settings\Janet\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/24 19:23:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/06/24 19:23:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/06/24 19:17:24 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1950007586-820808814-895117673-1006UA.job
[2012/06/24 19:17:22 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1950007586-820808814-895117673-1006Core.job
[2012/06/22 12:49:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/06/22 12:49:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/06/22 12:48:13 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/22 12:48:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/22 12:48:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/22 12:48:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/22 12:48:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/22 10:40:38 | 000,029,292 | ---- | C] () -- C:\Documents and Settings\Janet\Desktop\bluesub90.zip
[2012/06/22 10:20:03 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Janet\Desktop\Flash_Disinfector.exe
[2012/06/21 09:50:17 | 1062,387,712 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/20 11:11:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

========== LOP Check ==========

[2008/01/21 14:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/10/14 13:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2012/06/20 10:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\ElevatedDiagnostics
[2008/11/25 18:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\gtk-2.0
[2008/01/27 18:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\Launchy
[2008/04/19 23:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\Snapfish
[2008/08/09 18:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet\Application Data\Template

========== Purity Check ==========



< End of report >



I am not running an anti-virus program yet, but I was planning on installing Norton.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP