Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet Explorer keeps popping up with my home page [Closed]

Started by tracei , Apr 30 2009 07:20 PM

  • This topic is locked This topic is locked

#1
tracei
Posted 30 April 2009 - 07:20 PM

tracei

    Member

  • Member
  • PipPip
  • 12 posts
When I am on the internet my internet explorer keeps popping up with my home page 20 + times I have ran every spyware program and antivirus, nothing seems to fix it can someone help me?

I am getting ready to start school online and can't afford a new computer.

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:148538 Mo/Free:3040 Mo)
D:\ [Fixed] - FAT32 - (Total:4078 Mo/Free:2216 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
J:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
K:\ [Removable] (Total:17 Mo/Free:17 Mo)

Thu 04/30/2009|20:56

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\WINDOWS\system32\cisvc.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
---------- C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
---------- C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\cidaemon.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\Owner\Local Settings\Temporary Internet Files\Content.IE5\VZXZJ7WJ\topmafia_safecracker_bg[1].jpg


1 - "C:\Rooter$\Rooter_1.txt" - Thu 04/30/2009|18:52
2 - "C:\Rooter$\Rooter_2.txt" - Thu 04/30/2009|20:57

----------------------\\ Scan completed at 20:57

OTListIt logfile created on: 4/30/2009 9:03:06 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.1 Folder = C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WBHD4NNW
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 113.50 Mb Available Physical Memory | 25.42% Memory free
1.03 Gb Paging File | 0.47 Gb Available in Paging File | 45.29% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.06 Gb Total Space | 114.97 Gb Free Space | 79.26% Space Free | Partition Type: NTFS
Drive D: | 3.98 Gb Total Space | 2.16 Gb Free Space | 54.34% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 17.59 Mb Total Space | 17.31 Mb Free Space | 98.38% Space Free | Partition Type: FAT

Computer Name: YOUR-7C60552B9E
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
PRC - C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe (ACNielsen)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe (magicJack L.P.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\cidaemon.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WBHD4NNW\OTListIt2[1].exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Disabled | Stopped]) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (America Online)
SRV - (AOL TopSpeedMonitor [Disabled | Stopped]) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (dvpapi [Disabled | Stopped]) -- C:\Program Files\Common Files\Command Software\dvpapi.exe (Command Software Systems, Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MDM [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Disabled | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (PrismXL [Disabled | Stopped]) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (SupportSoft RemoteAssist [Disabled | Stopped]) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (usnsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.dll (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Disabled | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WinDefend [Disabled | Stopped]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (YahooAUService [Disabled | Stopped]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ALCXSENS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (CSS DVP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\css-dvp.sys (Command Software Systems, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DCamUSBSQTECH [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SQcaptur.sys (Service & Quality Technology.)
DRV - (FTDIBUS [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (km_filter [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\km_filter.sys (The Nielsen Company)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (motccgp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motccgp.sys (Motorola)
DRV - (motccgpfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motccgpfl.sys (Motorola)
DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motmodem.sys (Motorola)
DRV - (motport [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motport.sys (Motorola)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (mxnic [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mxnic.sys (Macronix International Co., Ltd. )
DRV - (nnrnstdi [System | Running]) -- C:\WINDOWS\System32\drivers\nnrnstdi.sys (The Nielsen Company)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RTL8023 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (SunkFilt [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\sunkfilt.sys (Alcor Micro Corp.)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viagfx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 1886680168
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/16 08:18:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/01/07 23:27:08 | 00,000,000 | ---D | M]


O1 HOSTS File: (309585 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 www.1800searchonline.com
O1 - Hosts: 127.0.0.1 www.180searchassistant.com
O1 - Hosts: 127.0.0.1 www.180solutions.com
O1 - Hosts: 127.0.0.1 www.181.365soft.info
O1 - Hosts: 127.0.0.1 www.1987324.com
O1 - Hosts: 127.0.0.1 www.1-domains-registrations.com
O1 - Hosts: 127.0.0.1 www.1sexparty.com
O1 - Hosts: 127.0.0.1 www.1stantivirus.com
O1 - Hosts: 127.0.0.1 www.1stpagehere.com
O1 - Hosts: 127.0.0.1 www.1stsearchportal.com
O1 - Hosts: 127.0.0.1 www.2006ooo.com
O1 - Hosts: 127.0.0.1 www.2007-download.com
O1 - Hosts: 127.0.0.1 www.2020search.com
O1 - Hosts: 10354 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll (eBay Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - Reg Error: Value error. File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Me.dium IE Statusbar BHO) - {F28D74EC-B064-4402-926D-E00687233421} - C:\Program Files\Me.dium\Browser Add-ons\MediumIEStatusbar.dll (Me.dium, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll (eBay Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - C:\Program Files\Me.dium\Browser Add-ons\MediumIEToolbar.dll (Me.dium, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DXDllRegExe] dxdllreg.exe File not found
O4 - HKLM..\Run: [MegaPanel] C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe (ACNielsen)
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK (magicJack L.P.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html (eBay Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: pogo.com ([game1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pogo.com ([game3] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pogo.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: surveyrouter.com ([ups] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1196872036468 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229806325734 (MUWebControl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalci....1.11_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valu...018/flashax.cab (FlashXControl Object)
O16 - DPF: Aces Up! by pogo http://game3.pogo.co.../aces-en_US.cab (Reg Error: Key error.)
O16 - DPF: Backgammon by pogo http://game1.pogo.co...n-ob-assets.cab (Reg Error: Key error.)
O16 - DPF: Bingo Luau by pogo http://game3.pogo.co...bingo-en_US.cab (Reg Error: Key error.)
O16 - DPF: Blackjack by pogo http://game3.pogo.co...kjack-en_US.cab (Reg Error: Key error.)
O16 - DPF: Blooop by pogo http://game3.pogo.co...scade-en_US.cab (Reg Error: Key error.)
O16 - DPF: Bowling by pogo http://game1.pogo.co...wling-en_US.cab (Reg Error: Key error.)
O16 - DPF: Canasta by pogo http://game1.pogo.co...nasta-en_US.cab (Reg Error: Key error.)
O16 - DPF: Checkers by pogo http://game1.pogo.co...ckers-en_US.cab (Reg Error: Key error.)
O16 - DPF: Chess by pogo http://game1.pogo.co...hess2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Cribbage by pogo http://game3.pogo.co...bbage-en_US.cab (Reg Error: Key error.)
O16 - DPF: Dice City Roller by pogo http://game1.pogo.co...z/ytz-en_US.cab (Reg Error: Key error.)
O16 - DPF: Dominoes by pogo http://game1.pogo.co...omino-en_US.cab (Reg Error: Key error.)
O16 - DPF: Euchre by pogo http://game1.pogo.co...uchre-en_US.cab (Reg Error: Key error.)
O16 - DPF: First Class Solitaire by pogo http://game3.pogo.co...lass2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Fortune Bingo by pogo http://game1.pogo.co...bingo-en_US.cab (Reg Error: Key error.)
O16 - DPF: Greenback Bayou by pogo http://game3.pogo.co...nback-en_US.cab (Reg Error: Key error.)
O16 - DPF: Harvest Mania by pogo http://game1.pogo.co...rvest-en_US.cab (Reg Error: Key error.)
O16 - DPF: High Stakes Pool by pogo http://game1.pogo.co.../pool-en_US.cab (Reg Error: Key error.)
O16 - DPF: Jungle Gin by pogo http://game1.pogo.co...n/gin-en_US.cab (Reg Error: Key error.)
O16 - DPF: KenoPop! by pogo http://game3.pogo.co...dkeno-en_US.cab (Reg Error: Key error.)
O16 - DPF: Lost Temple Poker by pogo http://game1.pogo.co...poker-en_US.cab (Reg Error: Key error.)
O16 - DPF: Lottso by pogo http://game1.pogo.co...ottso-en_US.cab (Reg Error: Key error.)
O16 - DPF: Mah Jong Garden by pogo http://game3.pogo.co...jong2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Monopoly by pogo http://game3.pogo.co...opoly-en_US.cab (Reg Error: Key error.)
O16 - DPF: Payday FreeCell by pogo http://game1.pogo.co...ecell-en_US.cab (Reg Error: Key error.)
O16 - DPF: Payday Freecell Solitaire by pogo http://game3.pogo.co...cell2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Penguin Blocks by pogo http://game1.pogo.co...guins-en_US.cab (Reg Error: Key error.)
O16 - DPF: Phlinx by pogo http://game3.pogo.co...inger-en_US.cab (Reg Error: Key error.)
O16 - DPF: Poppit by pogo http://game1.pogo.co...ppit2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Quick Quack by pogo http://game1.pogo.co...k-ob-assets.cab (Reg Error: Key error.)
O16 - DPF: QWERTY by pogo http://game1.pogo.co...uares-en_US.cab (Reg Error: Key error.)
O16 - DPF: Ride The Tide by pogo http://game1.pogo.co.../ride-en_US.cab (Reg Error: Key error.)
O16 - DPF: Scrabble by pogo http://game3.pogo.co...abble-en_US.cab (Reg Error: Key error.)
O16 - DPF: Spooky Slots http://game3.pogo.co...pooky-en_US.cab (Reg Error: Key error.)
O16 - DPF: Stax by pogo http://game1.pogo.co.../stax-en_US.cab (Reg Error: Key error.)
O16 - DPF: Stellar Sweeper by pogo http://game1.pogo.co...eeper-en_US.cab (Reg Error: Key error.)
O16 - DPF: Sweet Tooth 2 by Pogo http://game3.pogo.co...ooth2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Team Bingo by Pogo http://game3.pogo.co...bingo-en_US.cab (Reg Error: Key error.)
O16 - DPF: Texas Hold'em Poker by pogo http://game1.pogo.co...oldem-en_US.cab (Reg Error: Key error.)
O16 - DPF: Thousand Island Solitaire by pogo http://game1.pogo.co...lbrae-en_US.cab (Reg Error: Key error.)
O16 - DPF: Tri-Peaks by pogo http://game1.pogo.co...peaks-en_US.cab (Reg Error: Key error.)
O16 - DPF: Trivial Pursuit by pogo http://game3.pogo.co...ivial-en_US.cab (Reg Error: Key error.)
O16 - DPF: Tumble Bees by pogo http://game1.pogo.co...umbee-en_US.cab (Reg Error: Key error.)
O16 - DPF: Turbo 21 v2 by pogo http://game1.pogo.co...rbo22-en_US.cab (Reg Error: Key error.)
O16 - DPF: Vaults of Atlantis Slots by pogo http://game1.pogo.co...slots-en_US.cab (Reg Error: Key error.)
O16 - DPF: Wonderland Memories by pogo http://game1.pogo.co...ories-en_US.cab (Reg Error: Key error.)
O16 - DPF: Word Search Daily by pogo http://game1.pogo.co...earch-en_US.cab (Reg Error: Key error.)
O16 - DPF: Word Whomp by pogo http://game1.pogo.co...homp2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Word Whomp Whackdown by pogo http://game1.pogo.co...kdown-en_US.cab (Reg Error: Key error.)
O16 - DPF: World Class Solitaire by pogo http://game1.pogo.co...class-en_US.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Literati http://download2.gam...nts/y/tt5_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Pool 2 http://download.game...ts/y/pote_x.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0792.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0792.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 14:04:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/07/21 09:20:07 | 00,027,992 | R--- | M] (magicJack L.P.) - J:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 09:20:07 | 00,016,158 | R--- | M] () - J:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 09:20:07 | 00,000,308 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 09:20:07 | 00,706,144 | R--- | M] (magicJack L.P.) - J:\autorunu.exe -- [ CDFS ]
O32 - AutoRun File - [2008/06/10 15:12:12 | 00,000,270 | ---- | M] () - K:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{0ee3ad35-8b35-11dd-85f0-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{0ee3ad35-8b35-11dd-85f0-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0ee3ad35-8b35-11dd-85f0-00038a000015}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{36db705f-3c72-11d8-a150-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{36db705f-3c72-11d8-a150-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4021e6df-0a2a-11da-b762-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4021e6df-0a2a-11da-b762-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dcd886df-1ef9-11da-9a49-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{dcd886df-1ef9-11da-9a49-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{deff3a65-0821-11da-8b7d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{deff3a65-0821-11da-8b7d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/04/30 19:00:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/04/30 19:00:26 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/30 19:00:20 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/04/30 19:00:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2009/04/30 18:49:51 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/30 18:24:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/04/30 18:18:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/04/30 18:18:13 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/30 18:18:12 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/30 18:18:09 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/30 18:18:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/30 18:18:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/30 18:17:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/30 18:16:50 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/30 18:16:44 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\NTREGOPT.lnk
[2009/04/30 18:16:43 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\ERUNT.lnk
[2009/04/30 18:16:39 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/30 18:06:54 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF29939.exe
[2009/04/30 18:05:44 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/30 17:57:38 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2009/04/30 17:50:32 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/04/21 05:50:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Turbo Lister Backup
[2009/04/20 21:30:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Virginia College
[2009/04/15 02:26:31 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 02:26:30 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 02:26:29 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 02:26:29 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 02:26:28 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 02:26:28 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 02:26:27 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 02:26:27 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 02:26:26 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 02:20:42 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 02:20:41 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 02:20:41 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/10 19:27:49 | 00,367,253 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Aubrey pic of Jess.jpg
[2009/04/10 09:03:55 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/04/09 17:29:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\LimeWire
[2009/04/09 17:28:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2009/04/09 17:26:18 | 00,001,578 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\LimeWire 5.1.2.lnk
[2009/04/09 13:57:04 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/04/02 20:54:40 | 00,000,984 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\magicJack.lnk
[2009/04/02 20:52:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\mjusbsp
[2009/04/02 20:52:14 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2009/04/02 20:52:14 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2009/03/28 17:34:26 | 00,000,110 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2009/02/12 14:47:54 | 00,000,241 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/14 20:23:25 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\uwamolak.ini
[2008/12/11 22:45:38 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\zahuzihi.dll
[2007/10/30 19:13:07 | 00,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2006/06/09 03:19:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/07/29 08:28:58 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/07/29 08:28:55 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/07/29 08:22:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/27 06:50:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 12:12:43 | 00,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 12:12:43 | 00,000,485 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 12:12:21 | 00,000,968 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/26 12:12:17 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/04/30 21:10:00 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{01B6BCA4-E5A7-4413-BB3F-A288379595F8}.job
[2009/04/30 20:28:55 | 00,000,984 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\magicJack.lnk
[2009/04/30 20:27:04 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/30 20:26:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/30 20:26:28 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\desktop.ini
[2009/04/30 20:26:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/30 19:00:26 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/30 18:18:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/30 18:16:50 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/30 18:16:44 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\NTREGOPT.lnk
[2009/04/30 18:16:43 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\ERUNT.lnk
[2009/04/30 18:05:33 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF29939.exe
[2009/04/30 17:51:34 | 35,631,196 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/30 17:51:34 | 00,046,861 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/30 17:50:32 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/04/30 09:00:00 | 00,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2009/04/30 02:04:07 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/04/26 03:04:40 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/22 07:08:57 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/04/22 07:08:56 | 00,000,968 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/22 07:08:56 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/20 22:04:50 | 00,509,708 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/20 22:04:50 | 00,092,004 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/20 22:04:49 | 00,612,882 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/20 03:04:15 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/18 08:06:54 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/04/18 08:06:53 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/04/18 08:06:39 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/04/17 18:59:37 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/10 19:28:02 | 00,367,253 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Aubrey pic of Jess.jpg
[2009/04/09 17:26:18 | 00,001,578 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\LimeWire 5.1.2.lnk
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/03 03:20:10 | 00,309,585 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38AE9DA3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

OTListIt Extras logfile created on: 4/30/2009 9:03:06 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.1 Folder = C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WBHD4NNW
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 113.50 Mb Available Physical Memory | 25.42% Memory free
1.03 Gb Paging File | 0.47 Gb Available in Paging File | 45.29% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.06 Gb Total Space | 114.97 Gb Free Space | 79.26% Space Free | Partition Type: NTFS
Drive D: | 3.98 Gb Total Space | 2.16 Gb Free Space | 54.34% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 17.59 Mb Total Space | 17.31 Mb Free Space | 98.38% Space Free | Partition Type: FAT

Computer Name: YOUR-7C60552B9E
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader (AOL LLC)
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL (America Online)
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL (America Online)
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL (America Online, Inc.)
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon (America Online, Inc)
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed (America Online Inc)
C:\Program Files\Common Files\AOL\1122639952\EE\AOLServiceHost.exe:*:Enabled:AOL (America Online, Inc.)
C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL (America Online Inc.)
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL (Gteko Ltd.)
C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger File not found
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server File not found
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe File not found
C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe File not found
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) (Microsoft Corporation)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\WINDOWS\Temp\~os73.tmp\ossproxy.exe:*:Enabled:ossproxy.exe File not found
c:\program files\permissionresearch\prmrsr.exe:*:Enabled:prmrsr.exe File not found
C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh File not found
C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire (FrostWire Group)
C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM ()
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack (magicJack L.P.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{18E0918E-1060-48f3-925C-56C82E88551B}" = HP PSC & OfficeJet 3.5
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC
"{22988B2A-374A-4A7B-B795-A1AFF2046BE9}" = PhotoGallery
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2B43252C-A1E3-4C47-927C-9F2C276D3515}" = S3GSetup
"{2CF91C86-5CF4-4456-8C21-A2AD2F980C16}" = 5500_Help
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39D29A9B-B772-4F4F-A70A-D5B3357F45B2}" = Ultimate MySpace Toolbar
"{3CE06D54-72B1-44B2-AB60-E4277EC80EF4}" = Microsoft XML Parser
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3DB5FD00-BB93-4AF3-B925-77DAA0E4E2F4}" = eBay Toolbar Featuring Yahoo!
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{47C25360-AEBC-4B21-B233-87CE653B3369}" = AIOMinimal
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6864A62D-3EF3-415F-9922-240EED34B4C0}" = Fax
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7A837109-E671-470D-B489-F1EBE471D220}" = Windows Live Messenger
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92BF38A8-5616-4209-87A3-D910B45A1D98}" = Homescan Internet Transporter
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99D48FBB-2DEF-49A9-BCC9-C5AF63DD2643}" = AiOSoftware
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AEC20FEC-47D8-4DEA-85D7-0B7E5D905D11}" = AiO_Scan
"{B47C253A-8FDB-41A4-9855-2A866A45493E}" = SuperslotsCasino
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7B07346-07BE-44D1-B2EB-4DDC2ECC4BD1}" = 5500Trb
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2BBED5D-079B-4653-A9AC-F32A531074BA}" = SuperSlotsCasino
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBBAF948-F7B3-47CD-8413-CD1BDA4479EF}" = 5500Tour
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D3386797-A836-4030-AB5D-4E89F2F15F33}" = Authentium
"{E443F067-3345-482C-BD7A-12675A53D292}" = Readme
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F0F08C03-39AB-479C-B3E4-0E46E58A7553}" = 5500
"{F652D238-5F29-42D5-BAF3-0115EF977EC2}" = Windows Live Sign-in Assistant
"{F8722041-B63A-47FB-82A8-5F0977E1CF45}" = TWC Customer Controls
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM_6" = AIM 6
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Uninstaller" = AOL Uninstaller
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"AVG8Uninstall" = AVG 8.5
"BigFix" = BigFix
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"Coupon Printer for Windows2.0" = Coupon Printer for Windows
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"ERUNT_is1" = ERUNT 1.1j
"FrostWire" = FrostWire 4.17.2
"FTDICOMM" = FTDI USB Serial Converter Drivers
"HP Photo & Imaging" = HP Image Zone 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"InterActual Player" = InterActual Player
"LimeWire" = LimeWire 5.1.2
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"mypoints" = MyPoints Toolbar
"MySpaceIM" = MySpaceIM
"NetSight" = Homescan Online
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Port Magic" = Pure Networks Port Magic
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Starcraft" = Starcraft
"VIA/S3G UniChrome Family Win2K/XP Display" = VIA/S3G Display Driver
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Viewpoint Toolbar" = Viewpoint Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"VisualTool" = VisualTool
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Puzzle Pirates" = Puzzle Pirates

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/30/2009 6:53:29 PM | Computer Name = YOUR-7C60552B9E | Source = Application Error | ID = 1000
Description = Faulting application otlistit2[1].exe, version 2.0.15.1, faulting
module otlistit2[1].exe, version 2.0.15.1, fault address 0x0006ec63.

Error - 4/30/2009 6:53:33 PM | Computer Name = YOUR-7C60552B9E | Source = Application Error | ID = 1001
Description = Fault bucket 1254840362.

Error - 4/30/2009 6:53:34 PM | Computer Name = YOUR-7C60552B9E | Source = Application Error | ID = 1000
Description = Faulting application otlistit2[1].exe, version 2.0.15.1, faulting
module otlistit2[1].exe, version 2.0.15.1, fault address 0x0006ec63.

Error - 4/30/2009 6:53:57 PM | Computer Name = YOUR-7C60552B9E | Source = Application Error | ID = 1000
Description = Faulting application otlistit2[1].exe, version 2.0.15.1, faulting
module otlistit2[1].exe, version 2.0.15.1, fault address 0x000045b4.

Error - 4/30/2009 6:54:32 PM | Computer Name = YOUR-7C60552B9E | Source = Application Error | ID = 1000
Description = Faulting application otlistit2[1].exe, version 2.0.15.1, faulting
module otlistit2[1].exe, version 2.0.15.1, fault address 0x000045b4.

Error - 4/30/2009 6:55:49 PM | Computer Name = YOUR-7C60552B9E | Source = Application Error | ID = 1000
Description = Faulting application otlistit2.exe, version 2.0.15.1, faulting module
otlistit2.exe, version 2.0.15.1, fault address 0x000045b4.

Error - 4/30/2009 6:55:55 PM | Computer Name = YOUR-7C60552B9E | Source = Application Error | ID = 1000
Description = Faulting application otlistit2.exe, version 2.0.15.1, faulting module
otlistit2.exe, version 2.0.15.1, fault address 0x00002ecc.

Error - 4/30/2009 6:56:26 PM | Computer Name = YOUR-7C60552B9E | Source = Application Error | ID = 1000
Description = Faulting application otlistit2.exe, version 2.0.15.1, faulting module
otlistit2.exe, version 2.0.15.1, fault address 0x000045b4.

Error - 4/30/2009 6:56:35 PM | Computer Name = YOUR-7C60552B9E | Source = Application Error | ID = 1000
Description = Faulting application otlistit2.exe, version 2.0.15.1, faulting module
otlistit2.exe, version 2.0.15.1, fault address 0x00002ecc.

Error - 4/30/2009 9:01:25 PM | Computer Name = YOUR-7C60552B9E | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2[1].exe, version 2.0.15.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/10/2009 1:48:54 PM | Computer Name = YOUR-7C60552B9E | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 4/10/2009 1:48:59 PM | Computer Name = YOUR-7C60552B9E | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.11 for the Network Card with network
address 0040CAAAF462 has been denied by the DHCP server 76.85.238.14 (The DHCP Server
sent a DHCPNACK message).

Error - 4/14/2009 12:55:10 PM | Computer Name = YOUR-7C60552B9E | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 4/21/2009 6:15:12 AM | Computer Name = YOUR-7C60552B9E | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 4/30/2009 3:11:42 AM | Computer Name = YOUR-7C60552B9E | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070652: Update for Microsoft Outlook 2003 Junk Email Filter (KB969376).

Error - 4/30/2009 1:40:26 PM | Computer Name = YOUR-7C60552B9E | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/30/2009 1:42:26 PM | Computer Name = YOUR-7C60552B9E | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/30/2009 1:44:26 PM | Computer Name = YOUR-7C60552B9E | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/30/2009 1:46:32 PM | Computer Name = YOUR-7C60552B9E | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/30/2009 6:35:50 PM | Computer Name = YOUR-7C60552B9E | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
gagp30kx
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp


< End of report >
  • 0

Advertisements

#2
heir
Posted 01 May 2009 - 03:55 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Hello tracei !

Welcome to the site! :) My nickname is heir and I'll be helping clean up your computer. :)

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
  • Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
  • Make sure you reply to this thread using the Add Reply button: Posted Image

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.

I'm reviewing your logs. I'll be back soon with instructions.

heir
  • 0

#3
heir
Posted 01 May 2009 - 04:37 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
I'm Back

I am getting ready to start school online and can't afford a new computer.

No worries just keep calm and we'll fix this. :)

Seems like you've run ComboFix .
Powerful tools like ComboFIx should be used unless supervised by a trusted helper on a forum. Doing so might severely cripple you computer. Don't do that cause it's risky.If you've been instructed to run it on another forum - then please please let me know and I'll close this topic and you can continue to get help in the other forum as posting and getting help from different forums is not advisable. It can mess things up on your computer and you are also wasting our time.

If you want to proceed in this topic please do the following
I need to see the log from when you ran ComboFix and I also need to do another scan, please.

Step 1.
Find and post a log:

Please post the content of C:\ComboFix.txt in your reply. Just find the log, do NOT run ComboFix to produce a new log.

Step 2.
Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)


Step 3.
Things I would like to see in your reply:

  • The content of C:\ComboFix.txt from step 1.
  • The content of C:\lopR.txt from step 2.

  • 0

#4
tracei
Posted 01 May 2009 - 04:24 PM

tracei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
This is the only forum that I have been in I had a friend that said they knew what they were doing look at it but I did not run combofix he must have. I am not letting him touch my puter again. I appreciate any help you can give me and I will now do the steps you told me to do and then I will reply that you so much for your help.

Tracei
  • 0

#5
tracei
Posted 01 May 2009 - 04:37 PM

tracei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I cannot find combofix.txt on my puter. What should I do?




--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron™ Processor 3300+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Owner ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.5 (Activated)
C:\ (Local Disk) - NTFS - Total:145 Go (Free:114 Go)
D:\ (Local Disk) - FAT32 - Total:3 Go (Free:2 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
K:\ (USB) - FAT - Total:17 Mo (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Fri 05/01/2009|18:28 )

--------------------\\ Listing folders in Application Data

[07/29/2005|08:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> AOL
[08/08/2005|11:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> CyberLink
[08/26/2004|02:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[07/29/2005|08:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> McAfee
[02/27/2009|11:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[07/29/2005|08:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> SampleView
[07/29/2005|08:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[11/23/2008|01:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> acccore
[03/11/2009|11:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[11/23/2008|01:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[11/23/2008|01:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[02/27/2009|11:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[08/08/2005|11:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[03/15/2009|06:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> eBay
[09/26/2008|06:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[12/12/2008|07:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[04/30/2009|06:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[07/29/2005|08:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[06/17/2006|04:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[09/02/2008|03:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MGS
[09/02/2008|03:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microgaming
[02/27/2009|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[12/29/2007|12:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> muvee Technologies
[06/17/2006|05:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Napster
[09/26/2008|06:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NOS
[10/31/2008|08:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap
[07/29/2005|08:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Prism Deploy
[07/29/2005|08:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pure Networks
[06/13/2006|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[12/12/2008|03:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SITEguard
[11/29/2007|06:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[01/08/2006|04:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SnapKids
[04/30/2009|06:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[12/12/2008|05:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> STOPzilla!
[04/30/2009|07:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[06/17/2006|04:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[04/30/2009|01:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[01/20/2009|06:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[03/15/2009|06:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WholeSecurity
[01/13/2006|02:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[03/19/2009|08:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> yahoo!
[03/19/2009|08:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[07/29/2005|08:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> AOL
[08/08/2005|11:38] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> CyberLink
[08/26/2004|02:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[07/29/2005|08:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> McAfee
[07/29/2005|08:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[07/29/2005|08:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> SampleView
[07/29/2005|08:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[01/20/2009|06:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Adobe
[02/14/2006|05:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[02/27/2009|11:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[04/25/2006|05:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Symantec

[02/27/2009|11:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[11/23/2008|01:23] C:\DOCUME~1\Owner\APPLIC~1\<DIR> acccore
[11/29/2008|11:16] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Adobe
[08/25/2008|04:13] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AdobeUM
[01/18/2006|04:10] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AOL
[07/21/2008|02:03] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Common Files
[08/08/2005|11:38] C:\DOCUME~1\Owner\APPLIC~1\<DIR> CyberLink
[03/15/2009|06:28] C:\DOCUME~1\Owner\APPLIC~1\<DIR> eBay
[04/26/2009|05:13] C:\DOCUME~1\Owner\APPLIC~1\<DIR> FrostWire
[12/03/2007|04:57] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Google
[01/03/2006|11:08] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Help
[07/21/2008|02:02] C:\DOCUME~1\Owner\APPLIC~1\<DIR> HP
[08/26/2004|02:09] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Identities
[08/25/2008|10:16] C:\DOCUME~1\Owner\APPLIC~1\<DIR> InstallShield
[06/17/2006|04:46] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Lavasoft
[04/12/2009|10:23] C:\DOCUME~1\Owner\APPLIC~1\<DIR> LimeWire
[01/12/2006|01:01] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Macromedia
[04/30/2009|06:18] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Malwarebytes
[12/20/2008|03:29] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft
[05/01/2009|06:09] C:\DOCUME~1\Owner\APPLIC~1\<DIR> mjusbsp
[09/26/2008|06:41] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Move Networks
[04/09/2009|05:28] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Mozilla
[12/11/2008|08:07] C:\DOCUME~1\Owner\APPLIC~1\<DIR> MSNInstaller
[10/30/2007|10:43] C:\DOCUME~1\Owner\APPLIC~1\<DIR> MySpace
[12/07/2008|04:47] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Real
[07/29/2005|08:25] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SampleView
[12/28/2007|01:43] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Skype
[12/05/2007|12:19] C:\DOCUME~1\Owner\APPLIC~1\<DIR> skypePM
[01/08/2006|06:57] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sun
[04/30/2009|07:00] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SUPERAntiSpyware.com
[01/03/2006|09:07] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Symantec
[05/13/2008|08:56] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Template
[03/15/2009|06:57] C:\DOCUME~1\Owner\APPLIC~1\<DIR> U3
[12/16/2008|04:21] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Uniblue
[11/25/2007|11:34] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Viewpoint
[08/25/2008|10:26] C:\DOCUME~1\Owner\APPLIC~1\<DIR> VTExtra
[11/29/2007|06:59] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Yahoo!
[07/29/2005|08:27] C:\DOCUME~1\Owner\APPLIC~1\<DIR> You've Got Pictures Screensaver

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[05/01/2009 02:03 AM][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[05/01/2009 06:25 PM][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{01B6BCA4-E5A7-4413-BB3F-A288379595F8}.job
[05/01/2009 09:00 AM][--a------] C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[05/01/2009 03:17 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 03:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[03/28/2009|05:34] C:\Program Files\<DIR> ACNielsen
[03/11/2009|11:15] C:\Program Files\<DIR> Adobe
[11/23/2008|01:17] C:\Program Files\<DIR> AIM6
[11/25/2008|08:01] C:\Program Files\<DIR> Alwil Software
[11/10/2007|03:12] C:\Program Files\<DIR> America Online 9.0
[01/03/2006|02:20] C:\Program Files\<DIR> AOL
[02/27/2009|11:39] C:\Program Files\<DIR> AVG
[07/29/2005|08:28] C:\Program Files\<DIR> AvRack
[10/30/2007|04:34] C:\Program Files\<DIR> BigFix
[09/25/2008|06:58] C:\Program Files\<DIR> BitComet
[04/30/2009|06:24] C:\Program Files\<DIR> Common Files
[08/26/2004|02:01] C:\Program Files\<DIR> ComPlus Applications
[07/29/2005|08:00] C:\Program Files\<DIR> CONEXANT
[04/01/2009|02:18] C:\Program Files\<DIR> Coupons
[02/21/2009|10:33] C:\Program Files\<DIR> Creative Installation Information
[07/29/2005|08:23] C:\Program Files\<DIR> CyberLink
[07/29/2005|08:11] C:\Program Files\<DIR> Digital Media Reader
[12/11/2008|08:06] C:\Program Files\<DIR> Digital Photo Software
[02/11/2006|07:36] C:\Program Files\<DIR> EA GAMES
[03/15/2009|06:28] C:\Program Files\<DIR> eBay
[04/30/2009|06:16] C:\Program Files\<DIR> ERUNT
[04/30/2009|06:43] C:\Program Files\<DIR> Free Window Registry Repair
[12/10/2008|11:42] C:\Program Files\<DIR> FrostWire
[12/11/2008|08:06] C:\Program Files\<DIR> Google
[11/25/2008|07:50] C:\Program Files\<DIR> Grisoft
[04/30/2009|05:59] C:\Program Files\<DIR> HijackThis
[10/30/2007|07:24] C:\Program Files\<DIR> HP
[03/15/2009|06:31] C:\Program Files\<DIR> InstallShield Installation Information
[03/11/2008|12:26] C:\Program Files\<DIR> InterActual
[03/19/2009|08:19] C:\Program Files\<DIR> Internet Explorer
[04/02/2009|02:11] C:\Program Files\<DIR> Java
[04/09/2009|05:26] C:\Program Files\<DIR> LimeWire
[04/30/2009|06:18] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[12/16/2008|05:54] C:\Program Files\<DIR> Me.dium
[09/25/2008|07:24] C:\Program Files\<DIR> MediaMonkey
[12/21/2008|09:33] C:\Program Files\<DIR> Messenger
[07/29/2005|08:21] C:\Program Files\<DIR> Microsoft ActiveSync
[12/20/2008|05:15] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[08/26/2004|02:04] C:\Program Files\<DIR> microsoft frontpage
[02/12/2009|04:43] C:\Program Files\<DIR> Microsoft Office
[04/09/2009|01:57] C:\Program Files\<DIR> Microsoft Silverlight
[10/01/2008|09:24] C:\Program Files\<DIR> Microsoft Visual Studio
[07/29/2005|08:11] C:\Program Files\<DIR> Microsoft Works
[07/29/2005|08:21] C:\Program Files\<DIR> Microsoft.NET
[12/21/2008|09:25] C:\Program Files\<DIR> Movie Maker
[02/12/2009|08:52] C:\Program Files\<DIR> MSBuild
[02/12/2009|04:42] C:\Program Files\<DIR> MSECache
[12/11/2008|08:07] C:\Program Files\<DIR> MSN
[07/29/2005|08:28] C:\Program Files\<DIR> MSN Encarta Plus
[08/26/2004|02:00] C:\Program Files\<DIR> MSN Gaming Zone
[09/15/2008|02:35] C:\Program Files\<DIR> MSN Messenger
[12/05/2007|12:43] C:\Program Files\<DIR> MSXML 4.0
[12/12/2008|11:02] C:\Program Files\<DIR> mypoints
[10/30/2007|10:43] C:\Program Files\<DIR> MySpace
[06/17/2006|05:00] C:\Program Files\<DIR> Napster
[12/21/2008|09:19] C:\Program Files\<DIR> NetMeeting
[11/30/2007|09:45] C:\Program Files\<DIR> NetRatingsNetSight
[09/26/2008|06:40] C:\Program Files\<DIR> NOS
[12/13/2008|04:33] C:\Program Files\<DIR> Online Services
[12/21/2008|09:19] C:\Program Files\<DIR> Outlook Express
[09/17/2008|05:26] C:\Program Files\<DIR> Overland
[07/29/2005|08:26] C:\Program Files\<DIR> Pure Networks
[07/29/2005|08:27] C:\Program Files\<DIR> QuickTime
[06/26/2006|04:17] C:\Program Files\<DIR> Real
[07/29/2005|08:28] C:\Program Files\<DIR> Realtek Sound Manager
[02/12/2009|08:51] C:\Program Files\<DIR> Reference Assemblies
[12/11/2008|08:09] C:\Program Files\<DIR> Registry Mechanic
[03/16/2009|03:01] C:\Program Files\<DIR> SelectRebates
[12/05/2007|01:08] C:\Program Files\<DIR> Skype
[01/08/2006|04:54] C:\Program Files\<DIR> SnapKids
[04/30/2009|06:41] C:\Program Files\<DIR> Spybot - Search & Destroy
[04/10/2009|07:22] C:\Program Files\<DIR> Spyware Doctor
[04/30/2009|01:59] C:\Program Files\<DIR> SpywareBlaster
[08/03/2006|11:17] C:\Program Files\<DIR> Starcraft
[04/30/2009|07:00] C:\Program Files\<DIR> SUPERAntiSpyware
[12/15/2007|03:32] C:\Program Files\<DIR> SuperslotsCasino
[09/10/2008|03:34] C:\Program Files\<DIR> Three Rings Design
[12/12/2008|10:57] C:\Program Files\<DIR> Trend Micro
[08/26/2004|02:09] C:\Program Files\<DIR> Uninstall Information
[07/29/2005|08:24] C:\Program Files\<DIR> VIA
[01/20/2009|06:47] C:\Program Files\<DIR> Viewpoint
[12/12/2008|09:16] C:\Program Files\<DIR> VisualTool
[12/16/2008|05:30] C:\Program Files\<DIR> Windows Defender
[12/20/2008|01:37] C:\Program Files\<DIR> Windows Live Safety Center
[08/25/2008|10:26] C:\Program Files\<DIR> Windows Media Connect 2
[12/21/2008|09:19] C:\Program Files\<DIR> Windows Media Player
[12/21/2008|09:19] C:\Program Files\<DIR> Windows NT
[08/26/2004|02:02] C:\Program Files\<DIR> WindowsUpdate
[08/26/2004|02:04] C:\Program Files\<DIR> xerox
[03/19/2009|08:12] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[03/11/2009|11:15] C:\Program Files\Common Files\<DIR> Adobe
[01/18/2006|04:32] C:\Program Files\Common Files\<DIR> AOL
[07/29/2005|08:26] C:\Program Files\Common Files\<DIR> AolCoach
[01/03/2006|07:46] C:\Program Files\Common Files\<DIR> aolshare
[12/21/2007|01:11] C:\Program Files\Common Files\<DIR> CasinoVegasShared
[08/03/2006|11:17] C:\Program Files\Common Files\<DIR> Command Software
[07/29/2005|08:21] C:\Program Files\Common Files\<DIR> DESIGNER
[10/30/2007|07:24] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[10/30/2007|07:20] C:\Program Files\Common Files\<DIR> HP
[02/21/2009|10:32] C:\Program Files\Common Files\<DIR> InstallShield
[12/11/2008|08:46] C:\Program Files\Common Files\<DIR> iS3
[12/05/2007|01:17] C:\Program Files\Common Files\<DIR> Java
[10/01/2008|09:27] C:\Program Files\Common Files\<DIR> L&H
[02/27/2009|11:04] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/26/2004|02:01] C:\Program Files\Common Files\<DIR> MSSoap
[07/29/2005|08:04] C:\Program Files\Common Files\<DIR> New Boundary
[01/13/2006|11:16] C:\Program Files\Common Files\<DIR> NSV
[07/29/2005|08:27] C:\Program Files\Common Files\<DIR> Nullsoft
[08/26/2004|06:54] C:\Program Files\Common Files\<DIR> ODBC
[11/25/2008|09:11] C:\Program Files\Common Files\<DIR> Real
[01/18/2006|04:32] C:\Program Files\Common Files\<DIR> Scanner
[08/26/2004|02:01] C:\Program Files\Common Files\<DIR> Services
[11/23/2008|01:16] C:\Program Files\Common Files\<DIR> Software Update Utility
[08/26/2004|06:54] C:\Program Files\Common Files\<DIR> SpeechEngines
[08/25/2008|03:28] C:\Program Files\Common Files\<DIR> Supportsoft
[12/21/2008|09:19] C:\Program Files\Common Files\<DIR> System
[01/20/2009|06:47] C:\Program Files\Common Files\<DIR> Viewpoint
[04/30/2009|06:24] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[11/25/2008|09:11] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 35 Processes )

iexplore.exe ~ [PID:1576]
iexplore.exe ~ [PID:1140]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Owner\LOCALS~1\Temp\nsrA.tmp

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 18:30:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Owner\My Documents\My Music\Eminem Feat Dr. Dre & 50 Cent - Crack A Bottle.mp3
C:\DOCUME~1\Owner\My Documents\My Music\Khia - Lick My Neck, My Back, My Pussy, and My Crack.mp3


[F:383][D:62]-> C:\DOCUME~1\Owner\LOCALS~1\Temp
[F:70][D:0]-> C:\DOCUME~1\Owner\Cookies
[F:5850][D:30]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Fri 05/01/2009|18:31 - Option : [1]

--------------------\\ Scan completed at 18:31:40
  • 0

#6
heir
Posted 01 May 2009 - 05:18 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts

I cannot find combofix.txt on my puter. What should I do?

That's OK. I'll use a tool in this post finding out about ComboFix.
No worries, together we'll sort the issues you have with the computer.

Let's start the process of cleaning the computer then.

Step 1.
Uninstall unwanted software:

Posted Image Older versions have vulnerabilities that malware can use to infect your system.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Java™ 6 Update 3
Java™ 6 Update 7
FrostWire 4.17.2
LimeWire 5.1.2
Viewpoint Manager (Remove Only)
Viewpoint Toolbar
Viewpoint Media Player


Optional removals
Limewire, FrostWire and P2P programs in general are legal themselves, but much of the content downloaded with them is downloaded illegally. They are also a great way to infect yourself with malware.
It's up to you if you want to remove the above programs, however I recommend you do.

Step 2.
OTL-fix:

Please follow the instructions laid out. OTListIt2 wasn't saved on your desktop previously.

Download OTListIt2 to your desktop.

Double-click on OTListIt2.exe on your desktop to start it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
PRC - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
SRV - (Viewpoint Manager Service [Disabled | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - C:\Program Files\Me.dium\Browser Add-ons\MediumIEToolbar.dll (Me.dium, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/06/10 15:12:12 | 00,000,270 | ---- | M] () - K:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{0ee3ad35-8b35-11dd-85f0-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{0ee3ad35-8b35-11dd-85f0-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0ee3ad35-8b35-11dd-85f0-00038a000015}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{36db705f-3c72-11d8-a150-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{36db705f-3c72-11d8-a150-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4021e6df-0a2a-11da-b762-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4021e6df-0a2a-11da-b762-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dcd886df-1ef9-11da-9a49-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{dcd886df-1ef9-11da-9a49-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{deff3a65-0821-11da-8b7d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{deff3a65-0821-11da-8b7d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
[2008/12/14 20:23:25 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\uwamolak.ini
[2008/12/11 22:45:38 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\zahuzihi.dll
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\LimeWire\LimeWire.exe=-
C:\WINDOWS\Temp\~os73.tmp\ossproxy.exe=-
c:\program files\permissionresearch\prmrsr.exe=-
C:\Program Files\iMesh Applications\iMesh\iMesh.exe=-
C:\Program Files\FrostWire\FrostWire.exe=-
:Files
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
C:\Program Files\BitComet
C:\Program Files\Viewpoint
C:\Program Files\Common Files\Viewpoint
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL2 fixlog

Step 3.
OTL-scan:

  • Double click on OTListIt2.ex to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scans/Fixes box at the bottom left paste the following in

    C:\Qoobox\*.* /s

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window with OTListIt.Txt that's saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it with your next reply.

Step 4.
Things I would like to see in your reply:

  • Which P2P softwares were uninstalled in step 1.
  • The content of the fixlog from OTL2 in step 2.
  • The content of OTListIt.txt from step 3.
  • Information on how your computer is running now.

  • 0

#7
tracei
Posted 01 May 2009 - 07:00 PM

tracei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
When I run the fix in the OTList it runs then it says it is not responding I have tryed it 3 times and it locks up at the process of 02. What do I do?
  • 0

#8
heir
Posted 02 May 2009 - 01:04 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Use this fix for step 2 instead and then continue with the other steps in my previous post.

Step 2.
OTL-fix:

Please follow the instructions laid out. OTListIt2 wasn't saved on your desktop previously.

Download OTListIt2 to your desktop.

Double-click on OTListIt2.exe on your desktop to start it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
PRC - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
SRV - (Viewpoint Manager Service [Disabled | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - C:\Program Files\Me.dium\Browser Add-ons\MediumIEToolbar.dll (Me.dium, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/06/10 15:12:12 | 00,000,270 | ---- | M] () - K:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{0ee3ad35-8b35-11dd-85f0-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{0ee3ad35-8b35-11dd-85f0-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0ee3ad35-8b35-11dd-85f0-00038a000015}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{36db705f-3c72-11d8-a150-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{36db705f-3c72-11d8-a150-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4021e6df-0a2a-11da-b762-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4021e6df-0a2a-11da-b762-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dcd886df-1ef9-11da-9a49-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{dcd886df-1ef9-11da-9a49-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{deff3a65-0821-11da-8b7d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{deff3a65-0821-11da-8b7d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
[2008/12/14 20:23:25 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\uwamolak.ini
[2008/12/11 22:45:38 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\zahuzihi.dll
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\LimeWire\LimeWire.exe=-
C:\WINDOWS\Temp\~os73.tmp\ossproxy.exe=-
c:\program files\permissionresearch\prmrsr.exe=-
C:\Program Files\iMesh Applications\iMesh\iMesh.exe=-
C:\Program Files\FrostWire\FrostWire.exe=-
:Files
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
C:\Program Files\BitComet
C:\Program Files\Viewpoint
C:\Program Files\Common Files\Viewpoint
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL2 fixlog

  • 0

#9
heir
Posted 02 May 2009 - 01:06 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Use this fix for step 2 instead and then continue with the other steps in my previous post.

Step 2.
OTL-fix:

Please follow the instructions laid out. OTListIt2 wasn't saved on your desktop previously.

Download OTListIt2 to your desktop.

Double-click on OTListIt2.exe on your desktop to start it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
PRC - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
SRV - (Viewpoint Manager Service [Disabled | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - C:\Program Files\Me.dium\Browser Add-ons\MediumIEToolbar.dll (Me.dium, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/06/10 15:12:12 | 00,000,270 | ---- | M] () - K:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{0ee3ad35-8b35-11dd-85f0-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{0ee3ad35-8b35-11dd-85f0-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0ee3ad35-8b35-11dd-85f0-00038a000015}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{36db705f-3c72-11d8-a150-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{36db705f-3c72-11d8-a150-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4021e6df-0a2a-11da-b762-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4021e6df-0a2a-11da-b762-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dcd886df-1ef9-11da-9a49-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{dcd886df-1ef9-11da-9a49-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{deff3a65-0821-11da-8b7d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{deff3a65-0821-11da-8b7d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
[2008/12/14 20:23:25 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\uwamolak.ini
[2008/12/11 22:45:38 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\zahuzihi.dll
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\LimeWire\LimeWire.exe=-
C:\WINDOWS\Temp\~os73.tmp\ossproxy.exe=-
c:\program files\permissionresearch\prmrsr.exe=-
C:\Program Files\iMesh Applications\iMesh\iMesh.exe=-
C:\Program Files\FrostWire\FrostWire.exe=-
:Files
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
C:\Program Files\BitComet
C:\Program Files\Viewpoint
C:\Program Files\Common Files\Viewpoint
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL2 fixlog

  • 0

#10
tracei
Posted 02 May 2009 - 06:57 AM

tracei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
My computer is getting worse. I can't run the otl2 it keeps not responding I started it this time and left it running for two hours and camE back and it was not responding. The internet explorer is popping so bad now it is hard to even type this. I do want to thank you for all your help. Tracei
  • 0

Advertisements

#11
heir
Posted 02 May 2009 - 08:09 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
I'm not giving up. Are you?
Let's bring on the powerful Combofix.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Edited by heir, 02 May 2009 - 08:10 AM.

  • 0

#12
tracei
Posted 02 May 2009 - 01:53 PM

tracei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I have removed all the stuff you told me including limewire and frostwire.

ComboFix 09-05-02.4 - Owner 05/02/2009 11:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.149 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\program files\SelectRebates
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\uwamolak.ini
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))))
.

2009-05-02 13:51 . 2005-08-26 05:50 77312 ----a-w c:\windows\system32\ztvunace26.dll
2009-05-02 13:51 . 2006-05-25 19:52 162304 ----a-w c:\windows\system32\ztvunrar36.dll
2009-05-02 13:51 . 2006-06-19 17:01 69632 ----a-w c:\windows\system32\ztvcabinet.dll
2009-05-02 13:51 . 2002-03-06 05:00 75264 ----a-w c:\windows\system32\unacev2.dll
2009-05-02 13:51 . 2003-02-03 00:06 153088 ----a-w c:\windows\system32\unrar3.dll
2009-05-02 13:51 . 2009-05-02 13:51 -------- d-----w c:\documents and settings\Owner\Application Data\Simply Super Software
2009-05-02 13:51 . 2009-05-02 13:51 -------- d-----w c:\documents and settings\All Users\Application Data\Simply Super Software
2009-05-01 23:32 . 2009-05-01 23:32 -------- d-----w C:\_OTListIt
2009-05-01 22:26 . 2009-05-01 22:31 -------- d-----w C:\Lop SD
2009-04-30 23:00 . 2009-04-30 23:00 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-30 23:00 . 2009-04-30 23:00 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-30 23:00 . 2009-04-30 23:00 -------- d-----w c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-04-30 22:49 . 2009-05-01 00:57 -------- d-----w C:\Rooter$
2009-04-30 22:24 . 2009-04-30 22:24 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-30 22:18 . 2009-04-30 22:18 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-04-30 22:18 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-30 22:18 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 22:18 . 2009-04-30 22:18 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-30 22:18 . 2009-04-30 22:18 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-30 22:16 . 2009-04-30 22:16 -------- d-----w c:\program files\ERUNT
2009-04-15 06:26 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 06:26 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 06:26 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 06:26 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 06:26 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 06:26 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 06:26 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 06:26 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 06:26 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 06:20 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 06:20 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-10 13:03 . 2009-04-10 23:22 -------- d-----w c:\program files\Spyware Doctor
2009-04-09 17:57 . 2009-04-09 17:57 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-03 01:12 . 2009-04-03 01:12 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\tjnet
2009-04-03 00:52 . 2009-05-02 12:42 -------- d-----w c:\documents and settings\Owner\Application Data\mjusbsp
2009-04-03 00:52 . 2008-04-13 18:45 10368 -c--a-w c:\windows\system32\dllcache\hidusb.sys
2009-04-03 00:52 . 2008-04-13 18:45 10368 ----a-w c:\windows\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 15:15 . 2008-12-13 15:13 422 ---ha-w c:\windows\Tasks\User_Feed_Synchronization-{01B6BCA4-E5A7-4413-BB3F-A288379595F8}.job
2009-05-02 15:13 . 2004-08-26 18:08 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-02 13:00 . 2007-12-31 23:41 306 ----a-w c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2009-05-02 06:04 . 2009-02-28 03:11 330 ---ha-w c:\windows\Tasks\MP Scheduled Scan.job
2009-05-02 01:17 . 2005-07-29 12:26 -------- d-----w c:\program files\Pure Networks
2009-05-02 01:10 . 2005-07-29 12:15 -------- d-----w c:\program files\BigFix
2009-05-02 01:09 . 2009-03-15 22:14 -------- d-----w c:\program files\eBay
2009-05-02 01:07 . 2007-11-20 14:52 -------- d-----w c:\program files\Coupons
2009-05-01 23:29 . 2008-10-03 20:31 -------- d-----w c:\program files\Viewpoint
2009-05-01 23:28 . 2008-08-25 22:46 -------- d-----w c:\program files\LimeWire
2009-05-01 23:28 . 2007-12-05 17:20 -------- d-----w c:\program files\Java
2009-05-01 01:57 . 2009-01-02 01:57 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-30 22:43 . 2008-12-16 08:30 -------- d-----w c:\program files\Free Window Registry Repair
2009-04-30 22:41 . 2006-01-13 06:00 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-30 17:59 . 2009-02-12 17:28 -------- d-----w c:\program files\SpywareBlaster
2009-04-18 12:06 . 2009-02-28 03:39 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-18 12:06 . 2009-02-28 03:39 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-18 12:06 . 2009-02-28 03:39 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-03-28 21:34 . 2009-03-10 20:38 -------- d-----w c:\program files\ACNielsen
2009-03-28 15:54 . 2006-01-08 22:21 66360 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-20 00:12 . 2006-02-18 17:48 -------- d-----w c:\program files\Yahoo!
2009-03-15 22:31 . 2005-07-29 12:12 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-11 15:15 . 2007-12-09 14:00 -------- d-----w c:\program files\Common Files\Adobe
2009-03-09 09:19 . 2009-01-08 03:27 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 08:34 . 2004-08-26 16:12 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-08-26 16:11 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-08-26 16:11 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-08-26 16:12 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-08-26 16:11 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-08-26 16:11 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-08-26 16:11 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-08-26 16:12 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-08-26 16:12 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2004-08-26 16:12 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-26 16:12 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-09 12:10 . 2008-08-26 00:23 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-08-26 00:23 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-08-26 00:23 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-26 16:12 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2008-08-26 00:23 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2008-08-26 00:23 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2008-08-26 00:23 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2008-08-26 00:23 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-26 16:12 35328 ----a-w c:\windows\system32\sc.exe
2009-02-05 17:37 . 2009-02-05 17:37 49152 ----a-r c:\windows\system32\inetwh32.dll
2009-02-05 17:37 . 2009-02-05 17:37 1044480 ----a-r c:\windows\system32\roboex32.dll
2009-02-03 20:49 . 2009-02-03 20:49 552 ----a-w c:\windows\system32\d3d8caps.dat
2009-02-03 19:59 . 2004-08-26 16:12 56832 ----a-w c:\windows\system32\secur32.dll
2008-12-12 02:45 . 2008-12-12 02:45 2713 --sh--w c:\windows\system32\zahuzihi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F28D74EC-B064-4402-926D-E00687233421}]
2008-10-23 09:55 61728 ----a-w c:\program files\Me.dium\Browser Add-ons\MediumIEStatusbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E}"= "c:\program files\Me.dium\Browser Add-ons\MediumIEToolbar.dll" [2008-10-23 66336]

[HKEY_CLASSES_ROOT\clsid\{9516eb1c-ac77-492d-8fd6-a05afac9ea6e}]
[HKEY_CLASSES_ROOT\TypeLib\{A7A86710-D3B4-42A1-8350-217072343052}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-18 1932568]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2008-10-31 45056]
"MegaPanel"="c:\program files\ACNielsen\Homescan Internet Transporter\HSTrans.exe" [2006-05-11 2064384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-07-29 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-18 12:06 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLAspSunset2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Consumer Input
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Consumer Input Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Earthlink Protection Control Center
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PermissionResearch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"SupportSoft RemoteAssist"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"PrismXL"=2 (0x2)
"ose"=3 (0x3)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"YahooAUService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"dvpapi"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1122639952\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=

R3 ADSFilter;ADSFilter - (Aluria Filter Driver); [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-19 23680]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
R4 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-18 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-18 108552]
S1 nnrnstdi;nnrnstdi; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-28 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-04-28 72944]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-18 298264]
S3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2008-08-22 8832]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-04-28 7408]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ee3ad35-8b35-11dd-85f0-00038a000015}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36db705f-3c72-11d8-a150-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4021e6df-0a2a-11da-b762-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcd886df-1ef9-11da-9a49-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{deff3a65-0821-11da-8b7d-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-05-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-05-02 c:\windows\Tasks\User_Feed_Synchronization-{01B6BCA4-E5A7-4413-BB3F-A288379595F8}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-DXDllRegExe - dxdllreg.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
Trusted Zone: pogo.com\game1
Trusted Zone: pogo.com\game3
Trusted Zone: pogo.com\www
Trusted Zone: surveyrouter.com\ups
DPF: Aces Up! by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/aces/aces-en_US.cab
DPF: Backgammon by pogo - hxxp://game1.pogo.com/applet-6.5.0.45/backgammon/backgammon-ob-assets.cab
DPF: Bingo Luau by pogo - hxxp://game3.pogo.com/v/9.1.5.8/applet/freebingo/freebingo-en_US.cab
DPF: Blackjack by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/blackjack/blackjack-en_US.cab
DPF: Blooop by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/cascade/cascade-en_US.cab
DPF: Bowling by pogo - hxxp://game1.pogo.com/v/8.1.4.14/applet/bowling/bowling-en_US.cab
DPF: Canasta by pogo - hxxp://game1.pogo.com/applet-6.5.4.34/canasta/canasta-en_US.cab
DPF: Checkers by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/checkers2/checkers-en_US.cab
DPF: Chess by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/chess2/chess2-en_US.cab
DPF: Cribbage by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/cribbage/cribbage-en_US.cab
DPF: Dice City Roller by pogo - hxxp://game1.pogo.com/v/8.1.4.1/applet/ytz/ytz-en_US.cab
DPF: Dominoes by pogo - hxxp://game1.pogo.com/applet-6.5.5.29/domino/domino-en_US.cab
DPF: Euchre by pogo - hxxp://game1.pogo.com/applet-6.5.5.36/euchre/euchre-en_US.cab
DPF: First Class Solitaire by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/firstclass2/firstclass2-en_US.cab
DPF: Fortune Bingo by pogo - hxxp://game1.pogo.com/applet-6.5.1.31/superbingo/superbingo-en_US.cab
DPF: Greenback Bayou by pogo - hxxp://game3.pogo.com/v/9.1.6.34/applet/greenback/greenback-en_US.cab
DPF: Harvest Mania by pogo - hxxp://game1.pogo.com/applet-6.5.4.34/harvest/harvest-en_US.cab
DPF: High Stakes Pool by pogo - hxxp://game1.pogo.com/applet-6.5.5.29/pool2/pool-en_US.cab
DPF: Jungle Gin by pogo - hxxp://game1.pogo.com/applet-6.5.5.36/gin/gin-en_US.cab
DPF: KenoPop! by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/speedkeno/speedkeno-en_US.cab
DPF: Lost Temple Poker by pogo - hxxp://game1.pogo.com/applet-6.5.5.36/mhpoker/mhpoker-en_US.cab
DPF: Lottso by pogo - hxxp://game1.pogo.com/v/8.1.4.1/applet/lottso/lottso-en_US.cab
DPF: Mah Jong Garden by pogo - hxxp://game3.pogo.com/v/9.1.4.5/applet/mahjong2/mahjong2-en_US.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Monopoly by pogo - hxxp://game3.pogo.com/v/9.1.5.23/applet/monopoly/monopoly-en_US.cab
DPF: Payday FreeCell by pogo - hxxp://game1.pogo.com/applet-6.5.1.31/freecell/freecell-en_US.cab
DPF: Payday Freecell Solitaire by pogo - hxxp://game3.pogo.com/v/9.1.6.34/applet/freecell2/freecell2-en_US.cab
DPF: Penguin Blocks by pogo - hxxp://game1.pogo.com/applet-6.5.5.29/penguins/penguins-en_US.cab
DPF: Phlinx by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/flinger/flinger-en_US.cab
DPF: Poppit by pogo - hxxp://game1.pogo.com/v/8.1.2.12/applet/poppit2/poppit2-en_US.cab
DPF: Quick Quack by pogo - hxxp://game1.pogo.com/applet-6.5.0.45/hotstreak/hotstreak-ob-assets.cab
DPF: QWERTY by pogo - hxxp://game1.pogo.com/v/8.1.4.1/applet/squares/squares-en_US.cab
DPF: Ride The Tide by pogo - hxxp://game1.pogo.com/applet-6.5.3.44/ride/ride-en_US.cab
DPF: Scrabble by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/scrabble/scrabble-en_US.cab
DPF: Spooky Slots - hxxp://game3.pogo.com/v/9.1.5.14/applet/spooky/spooky-en_US.cab
DPF: Stax by pogo - hxxp://game1.pogo.com/applet-6.5.2.33/stax/stax-en_US.cab
DPF: Stellar Sweeper by pogo - hxxp://game1.pogo.com/applet-6.5.1.31/sweeper/sweeper-en_US.cab
DPF: Sweet Tooth 2 by Pogo - hxxp://game3.pogo.com/v/9.1.6.34/applet/sweettooth2/sweettooth2-en_US.cab
DPF: Team Bingo by Pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/teambingo/teambingo-en_US.cab
DPF: Texas Hold'em Poker by pogo - hxxp://game1.pogo.com/applet-6.5.1.24/holdem/holdem-en_US.cab
DPF: Thousand Island Solitaire by pogo - hxxp://game1.pogo.com/v/8.1.4.2/applet/millbrae/millbrae-en_US.cab
DPF: Tri-Peaks by pogo - hxxp://game1.pogo.com/v/8.1.4.1/applet/peaks/peaks-en_US.cab
DPF: Trivial Pursuit by pogo - hxxp://game3.pogo.com/v/9.1.6.35/applet/trivial/trivial-en_US.cab
DPF: Tumble Bees by pogo - hxxp://game1.pogo.com/applet-6.5.3.44/jumbee/jumbee-en_US.cab
DPF: Turbo 21 v2 by pogo - hxxp://game1.pogo.com/v/8.1.4.1/applet/turbo22/turbo22-en_US.cab
DPF: Vaults of Atlantis Slots by pogo - hxxp://game1.pogo.com/v/8.1.1.1/applet/mlslots/mlslots-en_US.cab
DPF: Wonderland Memories by pogo - hxxp://game1.pogo.com/applet-6.5.3.37/memories/memories-en_US.cab
DPF: Word Search Daily by pogo - hxxp://game1.pogo.com/v/8.1.4.24/applet/wordsearch/wordsearch-en_US.cab
DPF: Word Whomp by pogo - hxxp://game1.pogo.com/v/8.1.4.1/applet/wordwhomp2/whomp2-en_US.cab
DPF: Word Whomp Whackdown by pogo - hxxp://game1.pogo.com/applet-6.5.1.31/whackdown/whackdown-en_US.cab
DPF: World Class Solitaire by pogo - hxxp://game1.pogo.com/applet-6.7.1.33/worldclass/worldclass-en_US.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-02 11:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(524)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2092)
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgtray.exe
.
**************************************************************************
.
Completion time: 2009-05-02 11:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-02 15:20

Pre-Run: 123,637,760,000 bytes free
Post-Run: 123,881,422,848 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

327 --- E O F --- 2009-04-30 18:05
  • 0

#13
heir
Posted 02 May 2009 - 03:21 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Let's try the OTL-fix again

Step 1.
OTL-fix:

Please follow the instructions laid out. OTListIt2 wasn't saved on your desktop previously.

Download OTListIt2 to your desktop.

Double-click on OTListIt2.exe on your desktop to start it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
PRC - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
SRV - (Viewpoint Manager Service [Disabled | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - C:\Program Files\Me.dium\Browser Add-ons\MediumIEToolbar.dll (Me.dium, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/06/10 15:12:12 | 00,000,270 | ---- | M] () - K:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{0ee3ad35-8b35-11dd-85f0-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{0ee3ad35-8b35-11dd-85f0-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0ee3ad35-8b35-11dd-85f0-00038a000015}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{36db705f-3c72-11d8-a150-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{36db705f-3c72-11d8-a150-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4021e6df-0a2a-11da-b762-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4021e6df-0a2a-11da-b762-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dcd886df-1ef9-11da-9a49-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{dcd886df-1ef9-11da-9a49-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{deff3a65-0821-11da-8b7d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{deff3a65-0821-11da-8b7d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
[2008/12/14 20:23:25 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\uwamolak.ini
[2008/12/11 22:45:38 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\zahuzihi.dll
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\LimeWire\LimeWire.exe=-
C:\WINDOWS\Temp\~os73.tmp\ossproxy.exe=-
c:\program files\permissionresearch\prmrsr.exe=-
C:\Program Files\iMesh Applications\iMesh\iMesh.exe=-
C:\Program Files\FrostWire\FrostWire.exe=-
:Files
C:\DOCUME~1\Owner\APPLIC~1\FrostWire
C:\DOCUME~1\Owner\APPLIC~1\LimeWire
C:\Program Files\FrostWire
C:\Program Files\LimeWire
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
C:\Program Files\BitComet
C:\Program Files\Viewpoint
C:\Program Files\Common Files\Viewpoint
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL2 fixlog

Step 2.
OTL-scan:

  • Double click on OTListIt2.ex to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window with OTListIt.Txt that's saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it with your next reply.


Step 3.
Things I would like to see in your reply:

  • The content of the fixlog from OTL2 in step 1.
  • The content of the fresh OTListIt.txt from step 2.

  • 0

#14
tracei
Posted 03 May 2009 - 08:27 PM

tracei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I think it might be fixed because the internet explorer isn't popping up anymore but I could not run the OTL it is still locking up and not responding. Thank you for your help.
  • 0

#15
heir
Posted 04 May 2009 - 02:22 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts

I think it might be fixed because the internet explorer isn't popping up anymore but I could not run the OTL it is still locking up and not responding. Thank you for your help.

We'll use an other approach then.


Step 1.
CFSCript:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File::
c:\windows\system32\zahuzihi.dll
C:\WINDOWS\System32\uwamolak.ini
Folder::
c:\program files\Viewpoint
c:\program files\LimeWire
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
C:\DOCUME~1\Owner\APPLIC~1\FrostWire
C:\DOCUME~1\Owner\APPLIC~1\LimeWire
C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
C:\Program Files\BitComet
C:\Program Files\FrostWire
C:\Program Files\Common Files\Viewpoint
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ee3ad35-8b35-11dd-85f0-00038a000015}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36db705f-3c72-11d8-a150-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4021e6df-0a2a-11da-b762-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcd886df-1ef9-11da-9a49-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{deff3a65-0821-11da-8b7d-806d6172696f}]
Driver::
ADSFilter
nnrnstdi

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Step 2.
OTL-scan:

Delete OTListIt2.exe from your desktop

  • Download OTListIt2 to your desktop.
  • Double click on OTListIt2.ex to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window with OTListIt.Txt that's saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it with your next reply.


Step 3.
Things I would like to see in your reply:

  • The content of C:\ComboFix.txt in step 1.
  • The content of the fresh OTListIt.txt from step 2.

Edited by heir, 04 May 2009 - 02:24 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP