Haze
antivirus system pro (virus)
Started by
haze2c
, Dec 26 2009 07:26 PM
#1
Posted 26 December 2009 - 07:26 PM
haze2c
-
- Member
-
- 10 posts
Member
Haze
#2
Posted 27 December 2009 - 12:30 AM
fenzodahl512
-
- Malware Removal
-
- 9,863 posts
Hello, my name is fenzodahl512 and welcome to the forum.. Please do the following....
Please download The Comedian.exe by Rorschach112 to your desktop
NEXT
Please download OTL by OldTimer and save it to your desktop.
Under the Custom Scans/Fixes box paste this in
Don't change any setting... Just click on the Run Scan button.. Let it scan till finish..
Then a log will pop-up at your Desktop. Post the content of the log here
NEXT
We need to scan for Rootkits with GMER
Post me these logs in your next reply.. Post each log in separate post..
1. OTL
2. GMER
Please download The Comedian.exe by Rorschach112 to your desktop
- Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..
- Double click the program to run it. It will only take around several minutes to run.
- It will do a series of tasks and tell you when each one is finished.
- You will be prompted to press any key after each step
- When it is done it will close and exit itself automatically.
- You can delete The_Comedian.exe once it is finished
NEXT
Please download OTL by OldTimer and save it to your desktop.
Under the Custom Scans/Fixes box paste this in
netsvcs %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys /md5stop %systemroot%\*. /mp /s CREATERESTOREPOINT
Don't change any setting... Just click on the Run Scan button.. Let it scan till finish..
Then a log will pop-up at your Desktop. Post the content of the log here
NEXT
We need to scan for Rootkits with GMER
- Please download GMER from one of the following locations, and save it to your desktop:
- Main Mirror
This version will download a randomly named file (Recommended) - Zip Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
- Main Mirror
- Close any and all open programs, as this process may crash your computer.
- Double click
or 
on your desktop. - Allow the gmer.sys driver to load if asked.
- You may see this window. If you do, click No.
- Click on
and wait for the scan to finish. - If you see a rootkit warning window, click OK.
- Push
and save the logfile to your desktop. - Copy and Paste the contents of that file in your next post.
Post me these logs in your next reply.. Post each log in separate post..
1. OTL
2. GMER
#3
Posted 27 December 2009 - 07:02 AM
haze2c
- Topic Starter
-
- Member
-
- 10 posts
Member
Thanks for getting back to me...
I can't get online with the infected laptop (which is my daughters) it appears the IE explorer is infected and the option to remove IE explorer has been removed. So I downloaded Comedian.exe (which downloaded as Comedian.html) on my lap top and using a mem stick copied it on hers. It would not run on hers. Appeared to want to go to the internet.
suggestions?
I can't get online with the infected laptop (which is my daughters) it appears the IE explorer is infected and the option to remove IE explorer has been removed. So I downloaded Comedian.exe (which downloaded as Comedian.html) on my lap top and using a mem stick copied it on hers. It would not run on hers. Appeared to want to go to the internet.
suggestions?
#4
Posted 27 December 2009 - 07:14 AM
haze2c
- Topic Starter
-
- Member
-
- 10 posts
Member
Also, it apears Trend Micro does not like the comedian.exe... I have trend Micro on my lap top but not on the infected lap top, Since I can't get on the internet on the infected laptop i am downloading the files
9like comedian on mine and using mem stick to but them on the infected latop.
9like comedian on mine and using mem stick to but them on the infected latop.
#5
Posted 27 December 2009 - 09:04 AM
fenzodahl512
-
- Malware Removal
-
- 9,863 posts
Yeah, TrendMicro doesn't like anything related to us 
Just disable TrendMicro whenever you download anything..
After you download all those things, please do as per my previous instruction and post the log here
Just disable TrendMicro whenever you download anything..
After you download all those things, please do as per my previous instruction and post the log here
Edited by fenzodahl512, 27 December 2009 - 09:04 AM.
#6
Posted 27 December 2009 - 10:22 AM
haze2c
- Topic Starter
-
- Member
-
- 10 posts
Member
Ok, I got Comedian to work, it loaded erunt, said it had completed. I couldn't get OTL to run, it kept hanging up (as in not responding). I did run it last night though before i ran comedian will post the results below. Also ran GMER but each time while it was scanning it rebooted...?
OTL logfile created on: 12/26/2009 9:52:19 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Whitney Lamson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
382.00 Mb Total Physical Memory | 72.00 Mb Available Physical Memory | 19.00% Memory free
920.00 Mb Paging File | 632.00 Mb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 41.96 Gb Free Space | 75.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WHITNEY
Current User Name: Whitney Lamson
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2009/12/26 21:31:06 | 00,534,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Whitney Lamson\Desktop\OTL.exe
PRC - [2009/11/11 15:37:31 | 00,040,960 | ---- | M] () -- C:\WINDOWS\System32\rass32.exe
PRC - [2009/11/09 15:46:39 | 00,044,544 | ---- | M] () -- C:\Documents and Settings\All Users\Defence\smss.exe
PRC - [2009/11/09 15:45:16 | 00,179,712 | ---- | M] () -- C:\WINDOWS\msa.exe
PRC - [2009/11/09 14:20:20 | 00,252,928 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Whitney Lamson\Local Settings\Application Data\beepaj\sqaasysguard.exe
PRC - [2009/08/27 00:18:44 | 00,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/08/25 17:11:58 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/07/13 13:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/07/13 13:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/26 16:18:30 | 00,434,176 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2008/12/14 08:29:00 | 00,467,240 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/12/12 17:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 17:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 19:12:19 | 01,053,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/05/09 19:24:16 | 00,050,760 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1137939057\ee\AOLSoftware.exe
PRC - [2005/09/30 19:22:50 | 00,116,224 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/04/11 09:00:00 | 00,360,448 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/04/11 08:31:26 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2005/04/01 17:11:14 | 00,815,104 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005/03/04 14:16:18 | 00,118,784 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\SHARED\HPQWMI.exe
PRC - [2005/02/22 18:32:14 | 00,058,880 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/02/02 07:12:22 | 00,122,880 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/02/02 07:11:12 | 00,712,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/12/03 12:24:20 | 00,311,296 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
PRC - [2004/11/02 18:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PRC - [2004/08/04 03:00:00 | 00,075,776 | ---- | M] (Netopsystems AG) -- C:\WINDOWS\System32\FastNetSrv.exe
========== Modules (SafeList) ==========
MOD - [2009/12/26 21:31:06 | 00,534,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Whitney Lamson\Desktop\OTL.exe
MOD - [2009/08/11 15:36:42 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\system32\zawomebe.dll
MOD - [2009/03/21 09:06:58 | 00,024,064 | -HS- | M] (Microsoft) -- C:\WINDOWS\system32\calc.dll
MOD - [2008/04/13 19:12:08 | 00,052,224 | ---- | M] () -- C:\WINDOWS\mslstl.dll
MOD - [2005/02/02 07:12:14 | 00,069,724 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2004/08/04 03:00:00 | 00,002,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lz32.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/11/11 15:37:35 | 00,098,304 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\lynzyk.exe -- (Nationalbbs)
SRV - [2009/08/25 17:11:56 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/07/13 13:02:50 | 00,542,496 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 17:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/04/13 19:11:56 | 00,061,440 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\6to4v32.dll -- (6to4)
SRV - [2007/10/25 15:27:54 | 00,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2005/09/30 19:22:50 | 00,116,224 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/07/25 14:25:18 | 00,512,000 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcgcoms.exe -- (lxcg_device)
SRV - [2005/04/29 06:07:23 | 00,000,000 | ---D | M] [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc -- (MSDTC)
SRV - [2005/04/11 08:31:26 | 00,360,448 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/03/04 14:16:18 | 00,118,784 | R--- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\HPQ\SHARED\HPQWMI.exe -- (hpqwmi)
SRV - [2005/02/22 18:32:14 | 00,058,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2004/11/02 18:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/08/17 20:00:00 | 00,073,728 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\system32\Iasex.dll -- (Ias)
SRV - [2004/08/04 03:00:00 | 00,075,776 | ---- | M] (Netopsystems AG) [Auto | Running] -- C:\WINDOWS\System32\FastNetSrv.exe -- (fastnetsrv)
SRV - [2004/08/04 03:00:00 | 00,046,080 | ---- | M] (FTD2XX Software Technology) [Auto | Running] -- C:\WINDOWS\system32\BtwSrv.dll -- (BtwSrv)
SRV - [2004/07/15 03:49:26 | 00,053,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
========== Driver Services (SafeList) ==========
DRV - [2009/03/19 15:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/12/12 17:05:20 | 00,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\purendis.sys -- (purendis)
DRV - [2008/12/12 17:05:18 | 00,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\pnarp.sys -- (pnarp)
DRV - [2008/04/13 19:11:56 | 00,002,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\winmes.sys -- (winmes)
DRV - [2008/04/13 19:11:56 | 00,002,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\daqdrv.sys -- (daqdrv)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2005/04/11 08:33:52 | 01,035,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/10 04:41:52 | 00,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX)
DRV - [2005/03/03 14:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/02/18 10:42:02 | 00,349,696 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/02/18 10:41:18 | 00,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/02/02 06:58:58 | 00,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP)
DRV - [2005/01/26 04:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/01/18 11:52:16 | 00,055,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/12/15 10:18:30 | 00,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys -- (HSFHWATI)
DRV - [2004/12/15 10:18:28 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 10:18:26 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/11 18:30:00 | 00,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8)
DRV - [2004/08/04 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink)
DRV - [2004/04/14 09:36:50 | 00,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\EABFiltr.sys -- (eabfiltr)
DRV - [2004/03/17 06:04:14 | 00,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/06/06 13:46:16 | 00,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\eabusb.sys -- (eabusb)
DRV - [2001/08/17 14:10:28 | 00,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 10:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Ask.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsear.......p;l=zj&o=sb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[2009/11/09 15:47:12 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/09 15:47:12 | 00,000,000 | ---D | M] (Internal security) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
O1 HOSTS File: (161 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 awareremover2009.microsoft.com
O1 - Hosts: 91.212.127.227 awareremover2009.com
O1 - Hosts: 91.212.127.227 www.awareremover2009.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {A45A4B15-23F2-42AD-F4E4-00AAC39C0004} - No CLSID value found.
O2 - BHO: (no name) - {AE6A3731-95A2-4E1F-977C-D196C10E4808} - No CLSID value found.
O2 - BHO: (BHO) - {B6D223F6-C185-49a2-BA7E-A03E84744702} - C:\WINDOWS\system32\iehelper.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [21131917] C:\DOCUME~1\ALLUSE~1\APPLIC~1\21131917\21131917.exe File not found
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [calc] C:\WINDOWS\System32\calc.DLL (Microsoft)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137939057\ee\AOLSoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [khwyohtb] C:\Documents and Settings\Whitney Lamson\Local Settings\Application Data\beepaj\sqaasysguard.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LXCGCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.DLL ()
O4 - HKLM..\Run: [msnmager] C:\WINDOWS\TEMP\igffbh.DLL ()
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [rass32] C:\WINDOWS\System32\rass32.exe ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [AntiMalware] C:\Program Files\AntiMalware\antimalware.exe File not found
O4 - HKCU..\Run: [BackUp Windows 2009] C:\DOCUME~1\WHITNE~1\LOCALS~1\Temp\mwjmwaw1g9.exe File not found
O4 - HKCU..\Run: [calc] C:\Documents and Settings\LocalService\ntuser.dll (Microsoft)
O4 - HKCU..\Run: [Defence] C:\Documents and Settings\All Users\Defence\smss.exe ()
O4 - HKCU..\Run: [khwyohtb] C:\Documents and Settings\Whitney Lamson\Local Settings\Application Data\beepaj\sqaasysguard.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [winhbt.exe] C:\DOCUME~1\WHITNE~1\LOCALS~1\Temp\winhbt.exe File not found
O4 - HKCU..\Run: [wow64main.exe] C:\DOCUME~1\WHITNE~1\LOCALS~1\Temp\wow64main.exe File not found
O4 - HKCU..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\DOCUME~1\WHITNE~1\LOCALS~1\Temp\mdm.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - AppInit_DLLs: (zawomebe.dll) - C:\WINDOWS\System32\zawomebe.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: lofurasek - {47ceb989-20b6-4807-9817-3fea38171e8c} - C:\WINDOWS\System32\lasofesu.dll File not found
O22 - SharedTaskScheduler: {47ceb989-20b6-4807-9817-3fea38171e8c} - jugezatag - C:\WINDOWS\System32\lasofesu.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8f039550-f291-11de-bb38-00c09ff09848}\Shell\AutoRun\command - "" = E:\WMIPRVSE.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2009/12/26 21:45:14 | 00,534,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Whitney Lamson\Desktop\OTL.exe
[2009/12/26 21:45:08 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Whitney Lamson\Desktop\erunt_setup.exe
[2009/12/26 21:44:37 | 00,041,472 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Whitney Lamson\Desktop\SysRestorePoint.exe
[2009/12/26 21:44:25 | 00,431,616 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Whitney Lamson\Desktop\TFC.exe
[2009/11/27 14:46:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2009/11/27 14:42:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2009/11/27 14:42:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/11/27 14:37:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/11/27 14:32:19 | 00,040,960 | ---- | C] (Made in U.S.A) -- C:\WINDOWS\System32\Microsofs.dll
[2009/11/27 14:32:19 | 00,030,208 | ---- | C] (Svchont) -- C:\WINDOWS\System32\SvcHoss.exe
[2009/08/06 06:45:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/04/28 20:07:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/03/13 10:46:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/07/11 17:25:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/05/30 09:34:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2006/05/30 09:34:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2005/12/25 10:58:33 | 01,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgusb1.dll
[2005/12/25 10:58:32 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgserv.dll
[2005/12/25 10:58:31 | 00,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgprox.dll
[2005/12/25 10:58:31 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgpplc.dll
[2005/12/25 10:58:28 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomm.dll
[2005/12/25 10:58:27 | 00,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomc.dll
[2005/12/25 10:58:26 | 00,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcglmpm.dll
[2005/04/29 06:07:17 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
========== Files - Modified Within 30 Days ==========
[2009/12/26 21:58:14 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\zibigihu
[2009/12/26 21:55:25 | 00,000,258 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2009/12/26 21:52:34 | 00,012,032 | ---- | M] () -- C:\WINDOWS\System32\iehelper.dll
[2009/12/26 21:51:06 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/26 21:50:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/26 21:49:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/26 21:49:40 | 40,113,3568 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/26 21:48:31 | 03,407,872 | ---- | M] () -- C:\Documents and Settings\Whitney Lamson\ntuser.dat
[2009/12/26 21:48:31 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Whitney Lamson\ntuser.ini
[2009/12/26 21:31:06 | 00,534,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Whitney Lamson\Desktop\OTL.exe
[2009/12/26 20:44:42 | 00,431,616 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Whitney Lamson\Desktop\TFC.exe
[2009/12/26 18:23:43 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\nqfxon.sys
[2009/12/26 18:01:47 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\cgevwtqy.job
[2009/12/26 17:36:29 | 00,001,475 | ---- | M] () -- C:\Documents and Settings\Whitney Lamson\Desktop\Windows Explorer.lnk
[2009/11/27 14:41:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/27 14:32:34 | 00,000,056 | ---- | M] () -- C:\WINDOWS\Micorsoft.bat
[2009/11/27 14:32:30 | 00,000,148 | ---- | M] () -- C:\WINDOWS\System32\delme.bat
[2009/11/27 14:32:19 | 00,040,960 | ---- | M] (Made in U.S.A) -- C:\WINDOWS\System32\Microsofs.dll
[2009/11/27 14:32:19 | 00,030,208 | ---- | M] (Svchont) -- C:\WINDOWS\System32\SvcHoss.exe
[2009/11/27 14:32:17 | 00,431,616 | ---- | M] () -- C:\WINDOWS\System32\uxtj.exe
[2009/11/27 14:32:17 | 00,000,094 | ---- | M] () -- C:\WINDOWS\System32\swork.bat
[2009/11/27 14:32:17 | 00,000,053 | ---- | M] () -- C:\WINDOWS\System32\winset.ini
[2009/11/27 14:31:58 | 00,006,144 | ---- | M] () -- C:\WINDOWS\System32\winnts.dll
[2009/11/27 14:31:54 | 00,042,392 | ---- | M] () -- C:\WINDOWS\System32\winnt.exe
[2009/11/27 14:31:41 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\yupohote.dll
[2009/11/27 14:31:40 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\migitiho.dll
[2009/11/27 14:30:48 | 00,061,952 | ---- | M] () -- C:\WINDOWS\System32\wuziviba.dll
========== Files Created - No Company Name ==========
[2009/12/26 19:02:11 | 00,012,032 | ---- | C] () -- C:\WINDOWS\System32\iehelper.dll
[2009/12/26 18:23:43 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\nqfxon.sys
[2009/11/27 14:41:10 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/27 14:32:34 | 00,000,056 | ---- | C] () -- C:\WINDOWS\Micorsoft.bat
[2009/11/27 14:32:30 | 00,000,148 | ---- | C] () -- C:\WINDOWS\System32\delme.bat
[2009/11/27 14:32:17 | 00,000,094 | ---- | C] () -- C:\WINDOWS\System32\swork.bat
[2009/11/27 14:32:12 | 00,431,616 | ---- | C] () -- C:\WINDOWS\System32\uxtj.exe
[2009/11/27 14:32:10 | 00,000,053 | ---- | C] () -- C:\WINDOWS\System32\winset.ini
[2009/11/27 14:31:58 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\winnts.dll
[2009/11/27 14:31:55 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\cgevwtqy.job
[2009/11/27 14:31:41 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\yupohote.dll
[2009/11/27 14:31:40 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\migitiho.dll
[2009/11/27 14:30:48 | 00,061,952 | ---- | C] () -- C:\WINDOWS\System32\wuziviba.dll
[2009/11/11 15:37:32 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\WinRAR.dll
[2009/11/11 15:36:21 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\guvebosa.dll
[2009/11/11 15:18:49 | 00,039,424 | ---- | C] () -- C:\WINDOWS\System32\bipehozo.dll
[2009/11/09 14:31:37 | 00,004,286 | ---- | C] () -- C:\Documents and Settings\Whitney Lamson\Application Data\avp.ico
[2009/11/09 14:28:45 | 00,000,826 | ---- | C] () -- C:\WINDOWS\System32\wininit.dll
[2009/09/14 10:43:56 | 08,673,792 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/08/27 14:31:36 | 00,006,144 | -HS- | C] () -- C:\WINDOWS\System32\sulumetu.dll
[2009/08/27 14:31:36 | 00,002,048 | -HS- | C] () -- C:\WINDOWS\System32\jejuvusu.dll
[2009/08/27 14:31:35 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\yevazani.dll
[2009/08/27 14:31:35 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\fiwupaga.dll
[2009/08/12 03:36:14 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\miyefira.dll
[2009/08/12 03:36:13 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\luwakefi.dll
[2009/08/11 15:36:42 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\zawomebe.dll
[2009/08/11 15:36:42 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\sekisahi.dll
[2009/08/11 15:36:42 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\hoyuvuki.dll
[2009/08/11 15:36:11 | 00,011,264 | -HS- | C] () -- C:\WINDOWS\System32\kasiyebo.dll
[2009/08/11 15:36:09 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\gekujoni.dll
[2009/08/11 15:36:08 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\sizesare.dll
[2009/08/09 14:30:32 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\jefaduku.dll
[2009/08/09 14:30:29 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\yirejame.dll
[2009/03/13 08:00:07 | 00,000,077 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2009/03/03 17:16:56 | 00,002,460 | ---- | C] () -- C:\Documents and Settings\Whitney Lamson\Application Data\wklnhst.dat
[2007/06/10 08:40:02 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2005/12/25 13:07:31 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/12/25 11:38:56 | 00,011,776 | ---- | C] () -- C:\Documents and Settings\Whitney Lamson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/25 10:58:34 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcgvs.dll
[2005/04/29 07:54:19 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/04/29 07:54:19 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/04/29 07:54:18 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/04/29 07:54:18 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/04/29 07:54:18 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/04/29 07:54:18 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/04/29 07:42:10 | 00,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/12 03:33:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/17 20:00:00 | 00,073,728 | -H-- | C] () -- C:\WINDOWS\System32\Iasex.dll
[2004/08/07 08:16:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 08:10:08 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/04 03:00:00 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\Ipripv32.dll
[2004/08/04 03:00:00 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll
[2004/08/04 03:00:00 | 00,052,224 | ---- | C] () -- C:\WINDOWS\mslstl.dll
[2004/08/04 03:00:00 | 00,020,580 | ---- | C] () -- C:\WINDOWS\batmeter16.dll
[2004/08/04 03:00:00 | 00,002,432 | ---- | C] () -- C:\WINDOWS\System32\winmes.sys
[2004/08/04 03:00:00 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\daqdrv.sys
[2004/08/04 03:00:00 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\FInstall.sys
========== Files - Unicode (All) ==========
[2009/11/09 15:47:12 | 00,061,440 | -H-- | C] ()(C:\Documents and Settings\Whitney Lamson\Desktop\????????n???????????????????????????????????) -- C:\Documents and Settings\Whitney Lamson\Desktop\䕍圽楨湴祥䰠浡潳n单剅剐䙏䱉㵅㩃䑜捯浵湥獴愠摮匠瑥楴杮屳桗瑩敮⁹慌獭湯眀湩楤㵲㩃坜义佄南
[2009/11/09 15:46:34 | 00,061,440 | -H-- | M] ()(C:\Documents and Settings\Whitney Lamson\Desktop\????????n???????????????????????????????????) -- C:\Documents and Settings\Whitney Lamson\Desktop\䕍圽楨湴祥䰠浡潳n单剅剐䙏䱉㵅㩃䑜捯浵湥獴愠摮匠瑥楴杮屳桗瑩敮⁹慌獭湯眀湩楤㵲㩃坜义佄南
< End of report >
What next?
OTL logfile created on: 12/26/2009 9:52:19 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Whitney Lamson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
382.00 Mb Total Physical Memory | 72.00 Mb Available Physical Memory | 19.00% Memory free
920.00 Mb Paging File | 632.00 Mb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 41.96 Gb Free Space | 75.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WHITNEY
Current User Name: Whitney Lamson
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2009/12/26 21:31:06 | 00,534,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Whitney Lamson\Desktop\OTL.exe
PRC - [2009/11/11 15:37:31 | 00,040,960 | ---- | M] () -- C:\WINDOWS\System32\rass32.exe
PRC - [2009/11/09 15:46:39 | 00,044,544 | ---- | M] () -- C:\Documents and Settings\All Users\Defence\smss.exe
PRC - [2009/11/09 15:45:16 | 00,179,712 | ---- | M] () -- C:\WINDOWS\msa.exe
PRC - [2009/11/09 14:20:20 | 00,252,928 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Whitney Lamson\Local Settings\Application Data\beepaj\sqaasysguard.exe
PRC - [2009/08/27 00:18:44 | 00,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/08/25 17:11:58 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/07/13 13:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/07/13 13:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/26 16:18:30 | 00,434,176 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2008/12/14 08:29:00 | 00,467,240 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/12/12 17:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 17:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 19:12:19 | 01,053,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/05/09 19:24:16 | 00,050,760 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1137939057\ee\AOLSoftware.exe
PRC - [2005/09/30 19:22:50 | 00,116,224 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/04/11 09:00:00 | 00,360,448 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/04/11 08:31:26 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2005/04/01 17:11:14 | 00,815,104 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005/03/04 14:16:18 | 00,118,784 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\SHARED\HPQWMI.exe
PRC - [2005/02/22 18:32:14 | 00,058,880 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/02/02 07:12:22 | 00,122,880 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/02/02 07:11:12 | 00,712,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/12/03 12:24:20 | 00,311,296 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
PRC - [2004/11/02 18:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PRC - [2004/08/04 03:00:00 | 00,075,776 | ---- | M] (Netopsystems AG) -- C:\WINDOWS\System32\FastNetSrv.exe
========== Modules (SafeList) ==========
MOD - [2009/12/26 21:31:06 | 00,534,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Whitney Lamson\Desktop\OTL.exe
MOD - [2009/08/11 15:36:42 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\system32\zawomebe.dll
MOD - [2009/03/21 09:06:58 | 00,024,064 | -HS- | M] (Microsoft) -- C:\WINDOWS\system32\calc.dll
MOD - [2008/04/13 19:12:08 | 00,052,224 | ---- | M] () -- C:\WINDOWS\mslstl.dll
MOD - [2005/02/02 07:12:14 | 00,069,724 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2004/08/04 03:00:00 | 00,002,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lz32.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/11/11 15:37:35 | 00,098,304 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\lynzyk.exe -- (Nationalbbs)
SRV - [2009/08/25 17:11:56 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/07/13 13:02:50 | 00,542,496 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 17:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/04/13 19:11:56 | 00,061,440 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\6to4v32.dll -- (6to4)
SRV - [2007/10/25 15:27:54 | 00,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2005/09/30 19:22:50 | 00,116,224 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/07/25 14:25:18 | 00,512,000 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcgcoms.exe -- (lxcg_device)
SRV - [2005/04/29 06:07:23 | 00,000,000 | ---D | M] [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc -- (MSDTC)
SRV - [2005/04/11 08:31:26 | 00,360,448 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/03/04 14:16:18 | 00,118,784 | R--- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\HPQ\SHARED\HPQWMI.exe -- (hpqwmi)
SRV - [2005/02/22 18:32:14 | 00,058,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2004/11/02 18:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/08/17 20:00:00 | 00,073,728 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\system32\Iasex.dll -- (Ias)
SRV - [2004/08/04 03:00:00 | 00,075,776 | ---- | M] (Netopsystems AG) [Auto | Running] -- C:\WINDOWS\System32\FastNetSrv.exe -- (fastnetsrv)
SRV - [2004/08/04 03:00:00 | 00,046,080 | ---- | M] (FTD2XX Software Technology) [Auto | Running] -- C:\WINDOWS\system32\BtwSrv.dll -- (BtwSrv)
SRV - [2004/07/15 03:49:26 | 00,053,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
========== Driver Services (SafeList) ==========
DRV - [2009/03/19 15:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/12/12 17:05:20 | 00,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\purendis.sys -- (purendis)
DRV - [2008/12/12 17:05:18 | 00,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\pnarp.sys -- (pnarp)
DRV - [2008/04/13 19:11:56 | 00,002,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\winmes.sys -- (winmes)
DRV - [2008/04/13 19:11:56 | 00,002,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\daqdrv.sys -- (daqdrv)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2005/04/11 08:33:52 | 01,035,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/10 04:41:52 | 00,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX)
DRV - [2005/03/03 14:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/02/18 10:42:02 | 00,349,696 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/02/18 10:41:18 | 00,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/02/02 06:58:58 | 00,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP)
DRV - [2005/01/26 04:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/01/18 11:52:16 | 00,055,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/12/15 10:18:30 | 00,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys -- (HSFHWATI)
DRV - [2004/12/15 10:18:28 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 10:18:26 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/11 18:30:00 | 00,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8)
DRV - [2004/08/04 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink)
DRV - [2004/04/14 09:36:50 | 00,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\EABFiltr.sys -- (eabfiltr)
DRV - [2004/03/17 06:04:14 | 00,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/06/06 13:46:16 | 00,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\eabusb.sys -- (eabusb)
DRV - [2001/08/17 14:10:28 | 00,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 10:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Ask.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsear.......p;l=zj&o=sb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[2009/11/09 15:47:12 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/09 15:47:12 | 00,000,000 | ---D | M] (Internal security) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
O1 HOSTS File: (161 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 awareremover2009.microsoft.com
O1 - Hosts: 91.212.127.227 awareremover2009.com
O1 - Hosts: 91.212.127.227 www.awareremover2009.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {A45A4B15-23F2-42AD-F4E4-00AAC39C0004} - No CLSID value found.
O2 - BHO: (no name) - {AE6A3731-95A2-4E1F-977C-D196C10E4808} - No CLSID value found.
O2 - BHO: (BHO) - {B6D223F6-C185-49a2-BA7E-A03E84744702} - C:\WINDOWS\system32\iehelper.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [21131917] C:\DOCUME~1\ALLUSE~1\APPLIC~1\21131917\21131917.exe File not found
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [calc] C:\WINDOWS\System32\calc.DLL (Microsoft)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137939057\ee\AOLSoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [khwyohtb] C:\Documents and Settings\Whitney Lamson\Local Settings\Application Data\beepaj\sqaasysguard.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LXCGCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.DLL ()
O4 - HKLM..\Run: [msnmager] C:\WINDOWS\TEMP\igffbh.DLL ()
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [rass32] C:\WINDOWS\System32\rass32.exe ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [AntiMalware] C:\Program Files\AntiMalware\antimalware.exe File not found
O4 - HKCU..\Run: [BackUp Windows 2009] C:\DOCUME~1\WHITNE~1\LOCALS~1\Temp\mwjmwaw1g9.exe File not found
O4 - HKCU..\Run: [calc] C:\Documents and Settings\LocalService\ntuser.dll (Microsoft)
O4 - HKCU..\Run: [Defence] C:\Documents and Settings\All Users\Defence\smss.exe ()
O4 - HKCU..\Run: [khwyohtb] C:\Documents and Settings\Whitney Lamson\Local Settings\Application Data\beepaj\sqaasysguard.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [winhbt.exe] C:\DOCUME~1\WHITNE~1\LOCALS~1\Temp\winhbt.exe File not found
O4 - HKCU..\Run: [wow64main.exe] C:\DOCUME~1\WHITNE~1\LOCALS~1\Temp\wow64main.exe File not found
O4 - HKCU..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\DOCUME~1\WHITNE~1\LOCALS~1\Temp\mdm.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - AppInit_DLLs: (zawomebe.dll) - C:\WINDOWS\System32\zawomebe.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: lofurasek - {47ceb989-20b6-4807-9817-3fea38171e8c} - C:\WINDOWS\System32\lasofesu.dll File not found
O22 - SharedTaskScheduler: {47ceb989-20b6-4807-9817-3fea38171e8c} - jugezatag - C:\WINDOWS\System32\lasofesu.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8f039550-f291-11de-bb38-00c09ff09848}\Shell\AutoRun\command - "" = E:\WMIPRVSE.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2009/12/26 21:45:14 | 00,534,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Whitney Lamson\Desktop\OTL.exe
[2009/12/26 21:45:08 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Whitney Lamson\Desktop\erunt_setup.exe
[2009/12/26 21:44:37 | 00,041,472 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Whitney Lamson\Desktop\SysRestorePoint.exe
[2009/12/26 21:44:25 | 00,431,616 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Whitney Lamson\Desktop\TFC.exe
[2009/11/27 14:46:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2009/11/27 14:42:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2009/11/27 14:42:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/11/27 14:37:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/11/27 14:32:19 | 00,040,960 | ---- | C] (Made in U.S.A) -- C:\WINDOWS\System32\Microsofs.dll
[2009/11/27 14:32:19 | 00,030,208 | ---- | C] (Svchont) -- C:\WINDOWS\System32\SvcHoss.exe
[2009/08/06 06:45:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/04/28 20:07:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/03/13 10:46:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/07/11 17:25:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/05/30 09:34:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2006/05/30 09:34:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2005/12/25 10:58:33 | 01,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgusb1.dll
[2005/12/25 10:58:32 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgserv.dll
[2005/12/25 10:58:31 | 00,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgprox.dll
[2005/12/25 10:58:31 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgpplc.dll
[2005/12/25 10:58:28 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomm.dll
[2005/12/25 10:58:27 | 00,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomc.dll
[2005/12/25 10:58:26 | 00,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcglmpm.dll
[2005/04/29 06:07:17 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
========== Files - Modified Within 30 Days ==========
[2009/12/26 21:58:14 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\zibigihu
[2009/12/26 21:55:25 | 00,000,258 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2009/12/26 21:52:34 | 00,012,032 | ---- | M] () -- C:\WINDOWS\System32\iehelper.dll
[2009/12/26 21:51:06 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/26 21:50:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/26 21:49:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/26 21:49:40 | 40,113,3568 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/26 21:48:31 | 03,407,872 | ---- | M] () -- C:\Documents and Settings\Whitney Lamson\ntuser.dat
[2009/12/26 21:48:31 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Whitney Lamson\ntuser.ini
[2009/12/26 21:31:06 | 00,534,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Whitney Lamson\Desktop\OTL.exe
[2009/12/26 20:44:42 | 00,431,616 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Whitney Lamson\Desktop\TFC.exe
[2009/12/26 18:23:43 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\nqfxon.sys
[2009/12/26 18:01:47 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\cgevwtqy.job
[2009/12/26 17:36:29 | 00,001,475 | ---- | M] () -- C:\Documents and Settings\Whitney Lamson\Desktop\Windows Explorer.lnk
[2009/11/27 14:41:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/27 14:32:34 | 00,000,056 | ---- | M] () -- C:\WINDOWS\Micorsoft.bat
[2009/11/27 14:32:30 | 00,000,148 | ---- | M] () -- C:\WINDOWS\System32\delme.bat
[2009/11/27 14:32:19 | 00,040,960 | ---- | M] (Made in U.S.A) -- C:\WINDOWS\System32\Microsofs.dll
[2009/11/27 14:32:19 | 00,030,208 | ---- | M] (Svchont) -- C:\WINDOWS\System32\SvcHoss.exe
[2009/11/27 14:32:17 | 00,431,616 | ---- | M] () -- C:\WINDOWS\System32\uxtj.exe
[2009/11/27 14:32:17 | 00,000,094 | ---- | M] () -- C:\WINDOWS\System32\swork.bat
[2009/11/27 14:32:17 | 00,000,053 | ---- | M] () -- C:\WINDOWS\System32\winset.ini
[2009/11/27 14:31:58 | 00,006,144 | ---- | M] () -- C:\WINDOWS\System32\winnts.dll
[2009/11/27 14:31:54 | 00,042,392 | ---- | M] () -- C:\WINDOWS\System32\winnt.exe
[2009/11/27 14:31:41 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\yupohote.dll
[2009/11/27 14:31:40 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\migitiho.dll
[2009/11/27 14:30:48 | 00,061,952 | ---- | M] () -- C:\WINDOWS\System32\wuziviba.dll
========== Files Created - No Company Name ==========
[2009/12/26 19:02:11 | 00,012,032 | ---- | C] () -- C:\WINDOWS\System32\iehelper.dll
[2009/12/26 18:23:43 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\nqfxon.sys
[2009/11/27 14:41:10 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/27 14:32:34 | 00,000,056 | ---- | C] () -- C:\WINDOWS\Micorsoft.bat
[2009/11/27 14:32:30 | 00,000,148 | ---- | C] () -- C:\WINDOWS\System32\delme.bat
[2009/11/27 14:32:17 | 00,000,094 | ---- | C] () -- C:\WINDOWS\System32\swork.bat
[2009/11/27 14:32:12 | 00,431,616 | ---- | C] () -- C:\WINDOWS\System32\uxtj.exe
[2009/11/27 14:32:10 | 00,000,053 | ---- | C] () -- C:\WINDOWS\System32\winset.ini
[2009/11/27 14:31:58 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\winnts.dll
[2009/11/27 14:31:55 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\cgevwtqy.job
[2009/11/27 14:31:41 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\yupohote.dll
[2009/11/27 14:31:40 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\migitiho.dll
[2009/11/27 14:30:48 | 00,061,952 | ---- | C] () -- C:\WINDOWS\System32\wuziviba.dll
[2009/11/11 15:37:32 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\WinRAR.dll
[2009/11/11 15:36:21 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\guvebosa.dll
[2009/11/11 15:18:49 | 00,039,424 | ---- | C] () -- C:\WINDOWS\System32\bipehozo.dll
[2009/11/09 14:31:37 | 00,004,286 | ---- | C] () -- C:\Documents and Settings\Whitney Lamson\Application Data\avp.ico
[2009/11/09 14:28:45 | 00,000,826 | ---- | C] () -- C:\WINDOWS\System32\wininit.dll
[2009/09/14 10:43:56 | 08,673,792 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/08/27 14:31:36 | 00,006,144 | -HS- | C] () -- C:\WINDOWS\System32\sulumetu.dll
[2009/08/27 14:31:36 | 00,002,048 | -HS- | C] () -- C:\WINDOWS\System32\jejuvusu.dll
[2009/08/27 14:31:35 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\yevazani.dll
[2009/08/27 14:31:35 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\fiwupaga.dll
[2009/08/12 03:36:14 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\miyefira.dll
[2009/08/12 03:36:13 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\luwakefi.dll
[2009/08/11 15:36:42 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\zawomebe.dll
[2009/08/11 15:36:42 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\sekisahi.dll
[2009/08/11 15:36:42 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\hoyuvuki.dll
[2009/08/11 15:36:11 | 00,011,264 | -HS- | C] () -- C:\WINDOWS\System32\kasiyebo.dll
[2009/08/11 15:36:09 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\gekujoni.dll
[2009/08/11 15:36:08 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\sizesare.dll
[2009/08/09 14:30:32 | 00,045,056 | -HS- | C] () -- C:\WINDOWS\System32\jefaduku.dll
[2009/08/09 14:30:29 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\yirejame.dll
[2009/03/13 08:00:07 | 00,000,077 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2009/03/03 17:16:56 | 00,002,460 | ---- | C] () -- C:\Documents and Settings\Whitney Lamson\Application Data\wklnhst.dat
[2007/06/10 08:40:02 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2005/12/25 13:07:31 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/12/25 11:38:56 | 00,011,776 | ---- | C] () -- C:\Documents and Settings\Whitney Lamson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/25 10:58:34 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcgvs.dll
[2005/04/29 07:54:19 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/04/29 07:54:19 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/04/29 07:54:18 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/04/29 07:54:18 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/04/29 07:54:18 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/04/29 07:54:18 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/04/29 07:42:10 | 00,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/12 03:33:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/17 20:00:00 | 00,073,728 | -H-- | C] () -- C:\WINDOWS\System32\Iasex.dll
[2004/08/07 08:16:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 08:10:08 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/04 03:00:00 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\Ipripv32.dll
[2004/08/04 03:00:00 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll
[2004/08/04 03:00:00 | 00,052,224 | ---- | C] () -- C:\WINDOWS\mslstl.dll
[2004/08/04 03:00:00 | 00,020,580 | ---- | C] () -- C:\WINDOWS\batmeter16.dll
[2004/08/04 03:00:00 | 00,002,432 | ---- | C] () -- C:\WINDOWS\System32\winmes.sys
[2004/08/04 03:00:00 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\daqdrv.sys
[2004/08/04 03:00:00 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\FInstall.sys
========== Files - Unicode (All) ==========
[2009/11/09 15:47:12 | 00,061,440 | -H-- | C] ()(C:\Documents and Settings\Whitney Lamson\Desktop\????????n???????????????????????????????????) -- C:\Documents and Settings\Whitney Lamson\Desktop\䕍圽楨湴祥䰠浡潳n单剅剐䙏䱉㵅㩃䑜捯浵湥獴愠摮匠瑥楴杮屳桗瑩敮⁹慌獭湯眀湩楤㵲㩃坜义佄南
[2009/11/09 15:46:34 | 00,061,440 | -H-- | M] ()(C:\Documents and Settings\Whitney Lamson\Desktop\????????n???????????????????????????????????) -- C:\Documents and Settings\Whitney Lamson\Desktop\䕍圽楨湴祥䰠浡潳n单剅剐䙏䱉㵅㩃䑜捯浵湥獴愠摮匠瑥楴杮屳桗瑩敮⁹慌獭湯眀湩楤㵲㩃坜义佄南
< End of report >
What next?
#7
Posted 27 December 2009 - 07:06 PM
haze2c
- Topic Starter
-
- Member
-
- 10 posts
Member
Any suggestions would be appreciated... Greatly...
#8
Posted 28 December 2009 - 06:23 AM
fenzodahl512
-
- Malware Removal
-
- 9,863 posts
Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..
Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.
During the download, rename Combofix to Combo-Fix as follows:
It is important you rename Combofix during the download, but not after.
**NOTE: If you are using Firefox, make sure that your download settings are as follows:
After that, double-click and run Combo-Fix. Let it finish its job and post the log here
If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..
Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..
Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.
During the download, rename Combofix to Combo-Fix as follows:
It is important you rename Combofix during the download, but not after.
**NOTE: If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
After that, double-click and run Combo-Fix. Let it finish its job and post the log here
If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..
Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..
#9
Posted 28 December 2009 - 07:38 AM
haze2c
- Topic Starter
-
- Member
-
- 10 posts
Member
Thanks for getting back to me. Ok, I downloaded combo-fix.exe and ran it. error message came up saying reload combofix cause this file is infected with "file patching virus Virut" I also ran Stopzilla (spyware removal first) I tried running combo-fix anyways and it just took the Icon off the desk top and stopped.
This is a good one eh?
This is a good one eh?
#10
Posted 28 December 2009 - 08:07 AM
fenzodahl512
-
- Malware Removal
-
- 9,863 posts
"file patching virus Virut"
Very-ultra-super-bad-one...
A quick tip about "Virut".. It has no proven cure.. 99% cases ended up reformat.. That means, you have to backup your data first..
I would advised you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installer and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar/.pif/.asp/.php/.iso files... We are looking for possible Virut or Sality infection, and if it is.. Then you might have to wipe the machine clean..
Make sure you back-up everything ONLY via CD or DVD (non-rewritable).. If you need to backup into external hard drive or thumbdrive, make sure it is EMPTY.. Meaning NO FILE inside it.. Format the external drive first before attach it to the infected computer.. A single .exe file inside the external drive may infected other computers as well
Now, lets do some online scans to make sure whether its indeed Virut or not...
Please show hidden files and folders
Please go to VirusTotal.
1. Browse these files.. You can only scan one file at a time
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
2. Hit the Send File >> Don't close the browser!
3. If the files have been analyze before, click on the Reanalyze file now button
4. Let it do the scanning until finish
5. Copy the report and paste it here (alternatively you can just post the link of the result)
Note: you can only send one file at a time..
If any one of those files detected as Virut, just paste the scan result here and reformat is the only way..
#11
Posted 28 December 2009 - 08:39 AM
haze2c
- Topic Starter
-
- Member
-
- 10 posts
Member
Not sounding good... But remember I can't get online with the infected computer. I was downloading the files from my laptop with memstick andcopying them onto the infected Laptop. I am worried about bringing those files on my laptop to scan them on the virus total website.. I did scan those files on my laptop to check to see if the virus transfered to mine via memstick, but those file were clean according to Virus total site... but again I did run the file on the infected computer...
Any other suggestions? Or is it doomed?
Any other suggestions? Or is it doomed?
#12
Posted 29 December 2009 - 05:52 AM
fenzodahl512
-
- Malware Removal
-
- 9,863 posts
Ok, once a computer been infected with Virut, the only advised I can give you is to reformat the computer..
Should you have any important data to copy, please refer to my previous post.. Please confirmed with me that you've already backup all your data first before we proceed with the next step
Should you have any important data to copy, please refer to my previous post.. Please confirmed with me that you've already backup all your data first before we proceed with the next step
#13
Posted 31 December 2009 - 04:03 PM
haze2c
- Topic Starter
-
- Member
-
- 10 posts
Member
I have backed up most on a clean thumb stick. I don't have the systen disc so called HP and ordered the system disc for tis laptop. should be here next week. Thank you for your time. I suspect I will reload the system at that time and I believe that it reformats when it reloads.. I hope...lol
Haze
Haze
#14
Posted 31 December 2009 - 09:02 PM
fenzodahl512
-
- Malware Removal
-
- 9,863 posts
Its okay.. I'll let this topic open until you successfully reformat the computer
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
