Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

RUNDLL Error Pop-Ups After Booting Up


  • This topic is locked This topic is locked

#1
sbrnsouth

sbrnsouth

    Member

  • Member
  • PipPip
  • 31 posts
I have a Dell Inspiron 6000 running Windows XP Media Center Edition, Version 2002, Service Pack 3. Processor 1.7 Ghz 593 MHz, 1.00GB of Ram. It will not connect to the internet, even though it indicates that it's connected to my home network with an excellent connection. I have tried IE, Firefox, and Google Chrome, but always get the "webpage can't be displayed" error in each of them.

When the system boots up, there are three error boxes that pop up on the display. One says "Error loading c:\windows\system32\vimuvayo.dll The specific module could not be found" The second says the same thing except it's suwuwari.dll and the third is the same except it's lekaribu.dll.

I have followed all the steps in the Malware and Spyware Cleaning Guide thread. I was unable to run Malwarebytes Anti-Malware, after it seemed to install properly. I tried renaming the setup file for it, as suggested in the thread, but to no avail. When I try to run it, I get two error pop-ups. The first one says "Run-time error '0' " and the second says "Run-time error '440' Automation Error"

I did remove the AVG AntiVrus I was running on the system, and installed Microsoft Security Essentials. I then did a full system scan with it, and it found two threats: 1) win32/Starware which it indicated as a low alert level threat, and 2) win32/Tikuffed.5 which it indicated was a severe level threat. It indicates that both were "removed" from the system.

I am still getting the three RUNDLL error pop-ups when after booting the system up, and no internet connection, though it indicates I am connected to my home network with an excellent connection. I have two other laptops in the house that are working fine on my network. I took a picture of the RUNDLL error pop-ups that I can post, if it would help at all.

Here is the GMER log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-07 12:18:02
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Johnny\LOCALS~1\Temp\pxtdypog.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[112] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00FD28E5
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[112] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00FD2771
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[112] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00FD2863
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[112] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00FD27A9
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[112] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00FD27E1
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[240] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00ED28E5
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[240] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00ED2771
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[240] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00ED2863
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[240] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00ED27A9
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[240] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00ED27E1
.text C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe[252] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 036E28E5
.text C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe[252] ws2_32.dll!send 71AB4C27 5 Bytes JMP 036E2771
.text C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe[252] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 036E2863
.text C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe[252] ws2_32.dll!recv 71AB676F 5 Bytes JMP 036E27A9
.text C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe[252] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 036E27E1
.text C:\Program Files\iPod\bin\iPodService.exe[256] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B228E5
.text C:\Program Files\iPod\bin\iPodService.exe[256] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B22771
.text C:\Program Files\iPod\bin\iPodService.exe[256] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B22863
.text C:\Program Files\iPod\bin\iPodService.exe[256] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B227A9
.text C:\Program Files\iPod\bin\iPodService.exe[256] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B227E1
.text C:\Program Files\iTunes\iTunesHelper.exe[372] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 015428E5
.text C:\Program Files\iTunes\iTunesHelper.exe[372] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01542771
.text C:\Program Files\iTunes\iTunesHelper.exe[372] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01542863
.text C:\Program Files\iTunes\iTunesHelper.exe[372] WS2_32.dll!recv 71AB676F 5 Bytes JMP 015427A9
.text C:\Program Files\iTunes\iTunesHelper.exe[372] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 015427E1
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[376] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 083E28E5
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[376] WS2_32.dll!send 71AB4C27 5 Bytes JMP 083E2771
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[376] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 083E2863
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[376] WS2_32.dll!recv 71AB676F 5 Bytes JMP 083E27A9
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[376] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 083E27E1
.text C:\WINDOWS\System32\bcmwltry.exe[456] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 010828E5
.text C:\WINDOWS\System32\bcmwltry.exe[456] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01082771
.text C:\WINDOWS\System32\bcmwltry.exe[456] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01082863
.text C:\WINDOWS\System32\bcmwltry.exe[456] WS2_32.dll!recv 71AB676F 5 Bytes JMP 010827A9
.text C:\WINDOWS\System32\bcmwltry.exe[456] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 010827E1
.text C:\WINDOWS\ehome\ehtray.exe[820] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 013328E5
.text C:\WINDOWS\ehome\ehtray.exe[820] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01332771
.text C:\WINDOWS\ehome\ehtray.exe[820] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01332863
.text C:\WINDOWS\ehome\ehtray.exe[820] WS2_32.dll!recv 71AB676F 5 Bytes JMP 013327A9
.text C:\WINDOWS\ehome\ehtray.exe[820] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 013327E1
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1356] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B528E5
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1356] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B52771
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1356] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B52863
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1356] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B527A9
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1356] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B527E1
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1488] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DE28E5
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1488] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00DE2771
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1488] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DE2863
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1488] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DE27A9
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1488] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00DE27E1
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1624] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E928E5
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1624] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E92771
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1624] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E92863
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1624] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E927A9
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1624] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E927E1
.text C:\WINDOWS\system32\Ati2evxx.exe[1780] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C828E5
.text C:\WINDOWS\system32\Ati2evxx.exe[1780] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C82771
.text C:\WINDOWS\system32\Ati2evxx.exe[1780] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C82863
.text C:\WINDOWS\system32\Ati2evxx.exe[1780] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C827A9
.text C:\WINDOWS\system32\Ati2evxx.exe[1780] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C827E1
.text C:\WINDOWS\Explorer.EXE[1848] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00FE28E5
.text C:\WINDOWS\Explorer.EXE[1848] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00FE2771
.text C:\WINDOWS\Explorer.EXE[1848] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00FE2863
.text C:\WINDOWS\Explorer.EXE[1848] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00FE27A9
.text C:\WINDOWS\Explorer.EXE[1848] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00FE27E1
.text C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe[2040] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BF28E5
.text C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe[2040] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00BF2771
.text C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe[2040] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BF2863
.text C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe[2040] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00BF27A9
.text C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe[2040] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00BF27E1
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[2248] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00AC28E5
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[2248] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00AC2771
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[2248] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00AC2863
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[2248] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00AC27A9
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[2248] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00AC27E1
.text C:\Program Files\Dell Support\DSAgnt.exe[2328] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 016728E5
.text C:\Program Files\Dell Support\DSAgnt.exe[2328] ws2_32.dll!send 71AB4C27 5 Bytes JMP 01672771
.text C:\Program Files\Dell Support\DSAgnt.exe[2328] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01672863
.text C:\Program Files\Dell Support\DSAgnt.exe[2328] ws2_32.dll!recv 71AB676F 5 Bytes JMP 016727A9
.text C:\Program Files\Dell Support\DSAgnt.exe[2328] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 016727E1
.text C:\Program Files\Bonjour\mDNSResponder.exe[2384] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 007D28E5
.text C:\Program Files\Bonjour\mDNSResponder.exe[2384] WS2_32.dll!send 71AB4C27 5 Bytes JMP 007D2771
.text C:\Program Files\Bonjour\mDNSResponder.exe[2384] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 007D2863
.text C:\Program Files\Bonjour\mDNSResponder.exe[2384] WS2_32.dll!recv 71AB676F 5 Bytes JMP 007D27A9
.text C:\Program Files\Bonjour\mDNSResponder.exe[2384] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 007D27E1
.text C:\WINDOWS\eHome\ehmsas.exe[2476] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00CD28E5
.text C:\WINDOWS\eHome\ehmsas.exe[2476] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00CD2771
.text C:\WINDOWS\eHome\ehmsas.exe[2476] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00CD2863
.text C:\WINDOWS\eHome\ehmsas.exe[2476] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00CD27A9
.text C:\WINDOWS\eHome\ehmsas.exe[2476] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00CD27E1
.text C:\WINDOWS\eHome\ehRecvr.exe[2532] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00A128E5
.text C:\WINDOWS\eHome\ehRecvr.exe[2532] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A12771
.text C:\WINDOWS\eHome\ehRecvr.exe[2532] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00A12863
.text C:\WINDOWS\eHome\ehRecvr.exe[2532] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00A127A9
.text C:\WINDOWS\eHome\ehRecvr.exe[2532] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00A127E1
.text C:\WINDOWS\eHome\ehSched.exe[2756] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 009E28E5
.text C:\WINDOWS\eHome\ehSched.exe[2756] WS2_32.dll!send 71AB4C27 5 Bytes JMP 009E2771
.text C:\WINDOWS\eHome\ehSched.exe[2756] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 009E2863
.text C:\WINDOWS\eHome\ehSched.exe[2756] WS2_32.dll!recv 71AB676F 5 Bytes JMP 009E27A9
.text C:\WINDOWS\eHome\ehSched.exe[2756] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 009E27E1
.text C:\WINDOWS\system32\lxdicoms.exe[3028] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 012C28E5
.text C:\WINDOWS\system32\lxdicoms.exe[3028] ws2_32.dll!send 71AB4C27 5 Bytes JMP 012C2771
.text C:\WINDOWS\system32\lxdicoms.exe[3028] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 012C2863
.text C:\WINDOWS\system32\lxdicoms.exe[3028] ws2_32.dll!recv 71AB676F 5 Bytes JMP 012C27A9
.text C:\WINDOWS\system32\lxdicoms.exe[3028] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 012C27E1
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[3088] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 012328E5
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[3088] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01232771
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[3088] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01232863
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[3088] WS2_32.dll!recv 71AB676F 5 Bytes JMP 012327A9
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[3088] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 012327E1
.text C:\WINDOWS\system32\dllhost.exe[3464] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F228E5
.text C:\WINDOWS\system32\dllhost.exe[3464] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F22771
.text C:\WINDOWS\system32\dllhost.exe[3464] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F22863
.text C:\WINDOWS\system32\dllhost.exe[3464] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F227A9
.text C:\WINDOWS\system32\dllhost.exe[3464] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F227E1
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3752] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 009728E5
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3752] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00972771
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3752] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00972863
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3752] WS2_32.dll!recv 71AB676F 5 Bytes JMP 009727A9
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3752] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 009727E1
.text C:\WINDOWS\ehome\mcrdsvc.exe[4048] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BB28E5
.text C:\WINDOWS\ehome\mcrdsvc.exe[4048] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BB2771
.text C:\WINDOWS\ehome\mcrdsvc.exe[4048] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BB2863
.text C:\WINDOWS\ehome\mcrdsvc.exe[4048] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00BB27A9
.text C:\WINDOWS\ehome\mcrdsvc.exe[4048] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00BB27E1
.text c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe[5164] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 009628E5
.text c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe[5164] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00962771
.text c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe[5164] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00962863
.text c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe[5164] WS2_32.dll!recv 71AB676F 5 Bytes JMP 009627A9
.text c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe[5164] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 009627E1

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 86E2F0C0
Device \Driver\atapi \Device\Ide\IdePort0 86E2F0C0
Device \Driver\atapi \Device\Ide\IdePort1 86E2F0C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 86E2F0C0

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\.application\bootstrap@ bootstrap.application.1

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior;

---- EOF - GMER 1.0.15 ----


Here are the two logs from OTL:

OTL.txt:

OTL logfile created on: 9/7/2010 12:23:14 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Johnny\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 462.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 53.85 Gb Free Space | 77.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHN
Current User Name: Johnny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/07 09:50:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Johnny\Desktop\OTL.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/25 21:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2009/07/09 22:52:12 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/06 09:45:37 | 000,517,040 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdicoms.exe
PRC - [2007/03/06 09:43:09 | 000,435,120 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
PRC - [2007/03/05 13:40:41 | 000,020,480 | ---- | M] (Lexmark) -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
PRC - [2005/10/07 07:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/10/05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 20:20:46 | 000,464,384 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
PRC - [2005/09/08 20:20:46 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
PRC - [2005/09/08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/27 09:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2005/05/15 03:04:12 | 000,332,800 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2004/06/28 16:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2003/10/29 04:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2010/09/07 09:50:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Johnny\Desktop\OTL.exe
MOD - [2009/07/09 22:53:09 | 000,008,704 | ---- | M] () -- C:\Program Files\Real\RealPlayer\rpchromebrowserrecordhelper.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/02/21 04:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/06 09:45:37 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdicoms.exe -- (lxdi_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\Lxarscan.sys -- (LXARScan)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2005/11/02 20:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/28 13:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/09/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/08/04 05:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/10 23:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/17 21:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 21:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 21:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/26 21:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/02/13 17:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:05:06 | 000,025,216 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\OVSound2.sys -- (lusbaudio)
DRV - [2001/08/17 14:05:04 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCA.sys -- (QCAbsee) Logitech QuickCam Web (0801)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...-inc&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...-inc&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/07/09 22:53:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/24 06:10:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/24 06:11:20 | 000,000,000 | ---D | M]

[2009/01/18 17:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\u0nj2j6y.default\extensions
[2008/07/19 04:06:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\u0nj2j6y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/08/30 17:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\u0nj2j6y.default\extensions\DefaultManager@Microsoft
[2008/07/19 04:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\u0nj2j6y.default\extensions\staged-xpis
[2009/08/28 02:25:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/07/19 02:51:07 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/07/19 02:50:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2008/07/19 02:50:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2009/04/19 14:15:00 | 000,061,440 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FFComm.dll
[2006/10/11 03:04:58 | 000,061,036 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2006/10/11 03:04:59 | 000,048,742 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2006/10/11 03:05:03 | 000,029,313 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2006/10/11 03:05:03 | 000,041,082 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2006/10/11 03:04:58 | 000,166,510 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

O1 HOSTS File: ([2009/04/26 14:20:36 | 000,000,797 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (no name) - {70bbe460-500a-4041-a348-0c274e29f26a} - C:\WINDOWS\System32\ruzamako.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [9cb56c0e] C:\WINDOWS\System32\suwuwari.DLL File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe File not found
O4 - HKLM..\Run: [CPM9f865f92] C:\WINDOWS\System32\vimuvayo.DLL File not found
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [jabigowujo] C:\WINDOWS\System32\lekaribu.DLL File not found
O4 - HKLM..\Run: [jibimckm] C:\Documents and Settings\Johnny\Local Settings\Application Data\jirvdf\occtsftav.exe File not found
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe (Lexmark)
O4 - HKLM..\Run: [LXDICATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDItime.DLL (Lexmark International, Inc.)
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [msci] C:\DOCUME~1\Johnny\LOCALS~1\Temp\200672144328_mcinfo.exe File not found
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe File not found
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ShowLOMControl] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\Johnny\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - C:\WINDOWS\System32\vimuvayo.dll File not found
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - C:\WINDOWS\System32\vimuvayo.dll File not found
O24 - Desktop Components:0 () - http://www.survivors...brothertile.jpg
O24 - Desktop Components:1 () - http://www.thetankat...ult/page_bg.gif
O24 - Desktop Components:2 () - https://www.accounto...lendar_icon.gif
O24 - Desktop Components:3 (My Current Home Page) - About:Home
O24 - Desktop Components:4 () - http://superpass.rea...her?src=bb8icon
O24 - Desktop WallPaper: C:\Documents and Settings\Johnny\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Johnny\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2100/02/08 16:03:54 | 000,053,248 | ---- | C] (Silitek Corp.) -- C:\Program Files\ACMonitor_X73.exe
[2010/09/07 09:55:27 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Johnny\Desktop\OTL.exe
[2010/09/07 04:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/09/06 23:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/09/06 23:36:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/06 23:36:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/06 23:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/06 23:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/06 23:34:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/06 23:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/06 23:20:34 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Johnny\Desktop\TFC.exe
[2010/09/06 23:20:28 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Johnny\Desktop\scottia.exe
[2010/09/06 23:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2008/02/16 17:52:05 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll
[2008/02/16 17:52:05 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll
[2008/02/16 17:52:05 | 000,311,296 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihcp.dll
[2008/02/16 17:52:04 | 000,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll
[2008/02/16 17:52:03 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll
[2008/02/16 17:52:03 | 000,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll
[2008/02/16 17:52:03 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll
[2008/02/16 17:52:03 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll
[2008/02/16 17:52:02 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll
[2008/02/16 17:52:00 | 000,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll
[2008/02/16 17:51:58 | 000,761,856 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll
[2008/02/16 17:51:58 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll

========== Files - Modified Within 90 Days ==========

[2010/09/07 11:45:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/07 09:50:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Johnny\Desktop\OTL.exe
[2010/09/07 04:31:40 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/07 04:26:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/07 04:24:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/07 04:24:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/07 04:24:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/07 04:24:31 | 1073,152,000 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/07 04:24:31 | 000,122,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/07 04:23:36 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\Johnny\NTUSER.DAT
[2010/09/07 04:23:12 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Johnny\ntuser.ini
[2010/09/07 04:05:47 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/07 03:57:33 | 000,504,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/07 03:57:33 | 000,443,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/07 03:57:33 | 000,072,556 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/06 23:45:37 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft AntiVirus.lnk
[2010/09/06 23:39:16 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/06 23:33:38 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Johnny\Desktop\NTREGOPT.lnk
[2010/09/06 23:33:38 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Johnny\Desktop\ERUNT.lnk
[2010/09/06 23:14:42 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Johnny\Desktop\scottia.exe
[2010/09/06 23:13:16 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Johnny\Desktop\TFC.exe
[2010/09/05 13:04:05 | 002,002,469 | ---- | M] () -- C:\WINDOWS\iis6.BAK

========== Files Created - No Company Name ==========

[2100/02/23 14:35:34 | 000,000,768 | ---- | C] () -- C:\Program Files\x73_lut.dat
[2100/02/08 15:53:34 | 000,001,437 | ---- | C] () -- C:\Program Files\gtx73.ini
[2010/09/07 09:55:22 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Johnny\Desktop\gmer.exe
[2010/09/06 23:51:01 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/06 23:45:37 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft AntiVirus.lnk
[2010/09/06 23:36:16 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/06 23:33:38 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Johnny\Desktop\NTREGOPT.lnk
[2010/09/06 23:33:38 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Johnny\Desktop\ERUNT.lnk
[2009/09/19 16:10:18 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/04/23 13:12:20 | 000,000,121 | -HS- | C] () -- C:\WINDOWS\System32\irawuwus.ini
[2009/04/20 00:24:57 | 001,416,446 | -HS- | C] () -- C:\WINDOWS\System32\ojipukar.ini
[2009/04/19 00:25:15 | 001,416,446 | -HS- | C] () -- C:\WINDOWS\System32\inadimuj.ini
[2009/04/17 23:15:30 | 001,416,410 | -HS- | C] () -- C:\WINDOWS\System32\otoliyef.ini
[2009/04/13 21:13:44 | 001,416,410 | -HS- | C] () -- C:\WINDOWS\System32\urehamak.ini
[2009/04/12 16:47:53 | 001,405,937 | -HS- | C] () -- C:\WINDOWS\System32\awepepez.ini
[2009/01/26 14:20:16 | 000,001,982 | -HS- | C] () -- C:\WINDOWS\System32\suzeyiji.dll
[2009/01/26 14:20:13 | 000,001,982 | -HS- | C] () -- C:\WINDOWS\System32\wuniferi.dll
[2009/01/26 02:20:19 | 000,001,982 | -HS- | C] () -- C:\WINDOWS\System32\hiyokovu.dll
[2009/01/26 02:20:18 | 000,001,982 | -HS- | C] () -- C:\WINDOWS\System32\vuwizodi.dll
[2009/01/25 00:41:06 | 000,001,982 | -HS- | C] () -- C:\WINDOWS\System32\zowepaba.dll
[2009/01/25 00:41:04 | 000,001,982 | -HS- | C] () -- C:\WINDOWS\System32\samisede.dll
[2008/10/19 17:11:09 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/10/19 17:11:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/10/19 17:11:06 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/10/19 17:11:06 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/10/19 17:11:06 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/19 17:11:05 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/19 17:11:05 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/04/23 18:34:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/03/23 18:17:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/02/16 17:55:39 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll
[2008/02/16 17:55:37 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdicoin.dll
[2008/02/16 17:54:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdicaps.dll
[2008/02/16 17:54:37 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdidrs.dll
[2008/02/16 17:54:37 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdicnv4.dll
[2008/02/16 17:52:24 | 000,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdirwrd.ini
[2008/02/16 17:52:05 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxdiinst.dll
[2008/02/16 17:52:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll
[2007/06/02 20:50:43 | 000,000,659 | ---- | C] () -- C:\WINDOWS\Setupwizard.ini
[2007/06/02 18:45:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2007/06/02 18:45:49 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2007/06/02 18:45:49 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2007/06/02 18:45:49 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2007/03/25 18:26:02 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/03/25 18:25:40 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/12/09 14:14:19 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ztLib.dll
[2006/09/24 22:02:08 | 000,000,794 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/08/08 22:34:41 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Johnny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/30 23:52:30 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\63EC99102B.sys
[2006/07/30 23:52:29 | 000,006,580 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/02 14:27:55 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Johnny\Application Data\PFP120JPR.{PB
[2006/07/02 14:27:55 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Johnny\Application Data\PFP120JCM.{PB
[2006/03/27 21:50:55 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Johnny\Local Settings\Application Data\fusioncache.dat
[2006/03/20 10:57:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/20 10:53:14 | 000,000,183 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/20 10:41:08 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/03/20 10:17:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2006/03/20 10:16:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/03/20 10:16:30 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/03/20 10:16:18 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 09:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2001/10/12 02:42:49 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2001/07/20 10:48:06 | 000,008,116 | ---- | C] () -- C:\Program Files\OSLO3071b2.USB
[2000/12/05 15:56:34 | 000,114,688 | ---- | C] () -- C:\Program Files\lxarscan.dll
[2000/01/11 12:50:48 | 000,000,047 | ---- | C] () -- C:\Program Files\ACMonitor_X73.ini

========== LOP Check ==========

[2009/09/19 16:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2008/07/13 11:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/03/23 18:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2006/12/09 14:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Starware316
[2009/03/14 15:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2007/02/10 12:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/07 04:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/09/19 17:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/30 22:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/06/03 00:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Application Data\BudgetExpress 3
[2009/11/15 00:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Application Data\FrostWire
[2009/08/02 20:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Application Data\iPhoneRingToneMaker
[2006/04/08 17:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Application Data\Leadertech
[2008/07/13 13:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Application Data\Lexmark Imaging Studio
[2009/07/19 00:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Application Data\Netscape
[2009/02/16 06:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Application Data\Participatory Culture Foundation
[2008/03/23 18:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Application Data\pdf995
[2006/12/09 14:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Application Data\Starware316
[2009/03/14 16:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Application Data\TaxCut
[2010/03/01 21:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Application Data\uTorrent
[2007/02/10 12:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johnny\Application Data\Viewpoint
[2010/09/07 04:31:40 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/12/20 23:55:10 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2006/12/20 23:55:10 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/28 04:42:20 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/27 06:20:05 | 000,000,000 | ---- | M] () -- C:\DBS.TXT
[2006/03/20 10:20:46 | 000,006,034 | RH-- | M] () -- C:\dell.sdr
[2010/09/07 04:24:31 | 1073,152,000 | -HS- | M] () -- C:\hiberfil.sys
[2006/04/15 10:52:41 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2008/01/12 11:17:00 | 000,000,253 | ---- | M] () -- C:\INSTALL.LOG
[2005/08/16 05:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2008/03/14 16:10:12 | 000,000,142 | ---- | M] () -- C:\lxdi.log
[2005/08/16 05:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/10 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/29 20:10:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/07 04:24:29 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2009/07/19 00:28:09 | 000,001,763 | ---- | M] () -- C:\photodex-presenter-install.log
[2009/04/13 23:24:58 | 000,000,805 | ---- | M] () -- C:\rollback.ini
[2008/07/13 10:17:51 | 000,000,512 | ---- | M] () -- C:\ScanSectorLog.dat
[2008/02/04 11:16:27 | 000,000,004 | ---- | M] () -- C:\ss_nb.dat
[2008/02/04 11:16:26 | 000,000,004 | ---- | M] () -- C:\ss_udp.dat
[2008/02/04 11:16:26 | 000,000,004 | ---- | M] () -- C:\ss_udp2.dat
[2006/03/20 10:44:48 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2009/09/13 16:57:11 | 000,088,567 | ---- | M] () -- C:\VETlog.dmp
[2009/09/13 16:57:11 | 003,057,502 | ---- | M] () -- C:\VETlog.txt

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/08/16 05:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 05:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 05:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-07 09:06:08
< End of report >

Extras.txt:

OTL Extras logfile created on: 9/7/2010 12:23:14 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Johnny\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 462.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 53.85 Gb Free Space | 77.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHN
Current User Name: Johnny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"9558:TCP" = 9558:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3246:TCP" = 3246:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"9558:TCP" = 9558:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3246:TCP" = 3246:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- File not found
"C:\Program Files\Lexmark 3500-4500 Series\app4r.exe" = C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:BorgListener -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- ()
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- File not found
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service -- File not found
"C:\Documents and Settings\Johnny\Local Settings\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe" = C:\Documents and Settings\Johnny\Local Settings\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe:*:Enabled: -- File not found
"C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" = C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:*:Enabled:Lexmark Device Monitor -- (Lexmark)
"C:\Program Files\Lexmark 3500-4500 Series\app4r.exe" = C:\Program Files\Lexmark 3500-4500 Series\app4r.exe:*:Enabled:Lexmark Imaging Studio -- ()
"C:\WINDOWS\system32\lxdicfg.exe" = C:\WINDOWS\system32\lxdicfg.exe:*:Enabled: -- ( )
"C:\WINDOWS\system32\lxdicoms.exe" = C:\WINDOWS\system32\lxdicoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Lexmark 3500-4500 Series\Wireless\lxdiwpss.exe" = C:\Program Files\Lexmark 3500-4500 Series\Wireless\lxdiwpss.exe:*:Enabled: -- (Lexmark International, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Documents and Settings\Johnny\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Johnny\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Disabled:Octoshape add-in for Adobe Flash Player -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe:*:Enabled: -- (Lexmark International, Inc.)
"C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" = C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:*:Enabled: -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{17AC314E-3125-4AB7-989F-3B710FF1B54A}" = TaxCut Mississippi 2008
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{31C44235-A613-4E95-B297-207BF6C6A8C1}" = Creative ZEN Vision M Series
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{61100673-2546-42E1-BF92-467B5CB2AC6D}" = DeductionPro 2008
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77E912CE-6396-45B8-90C0-DF402B3D7566}" = BudgetExpress 3
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5EBB62-ADE7-41E2-8884-1517DE3505D1}" = DeductionPro 2007
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATI Display Driver" = ATI Display Driver
"AudibleManager" = AudibleManager
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Christmas Scenes Screensaver" = Christmas Scenes Screensaver
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"ContextTool" = ContextTool
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ERUNT_is1" = ERUNT 1.1j
"ESPNMotion" = ESPNMotion
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Full)
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (2.0)" = Mozilla Firefox (2.0)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Toolbar" = MSN Toolbar(01.02.5000.1021)
"NETGEAR Print Server Utility" = NETGEAR Print Server Utility
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"Photodex Presenter" = Photodex Presenter
"RealPlayer 6.0" = RealPlayer
"SpywareGuard_is1" = SpywareGuard v2.2
"SSSInst" = Screensavers Installer Version 2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SysInfo" = Creative System Information
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Winter Trees" = Winter Trees Screen Saver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/5/2010 2:29:53 PM | Computer Name = JOHN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 9/5/2010 2:38:33 PM | Computer Name = JOHN | Source = Application Error | ID = 1000
Description = Faulting application ctsyncu.exe, version 6.1.5.0, faulting module
ctsyncu.exe, version 6.1.5.0, fault address 0x0002d3ca.

Error - 9/5/2010 3:00:04 PM | Computer Name = JOHN | Source = Application Error | ID = 1000
Description = Faulting application ctsyncu.exe, version 6.1.5.0, faulting module
ctsyncu.exe, version 6.1.5.0, fault address 0x0002d3ca.

Error - 9/5/2010 3:31:01 PM | Computer Name = JOHN | Source = Application Error | ID = 1000
Description = Faulting application ctsyncu.exe, version 6.1.5.0, faulting module
ctsyncu.exe, version 6.1.5.0, fault address 0x0002d3ca.

Error - 9/5/2010 3:50:17 PM | Computer Name = JOHN | Source = Application Error | ID = 1000
Description = Faulting application ctsyncu.exe, version 6.1.5.0, faulting module
ctsyncu.exe, version 6.1.5.0, fault address 0x0002d3ca.

Error - 9/6/2010 4:11:38 PM | Computer Name = JOHN | Source = Application Error | ID = 1000
Description = Faulting application ctsyncu.exe, version 6.1.5.0, faulting module
ctsyncu.exe, version 6.1.5.0, fault address 0x0002d3ca.

Error - 9/7/2010 12:30:15 AM | Computer Name = JOHN | Source = Application Error | ID = 1000
Description = Faulting application ctsyncu.exe, version 6.1.5.0, faulting module
ctsyncu.exe, version 6.1.5.0, fault address 0x0002d3ca.

Error - 9/7/2010 12:45:20 AM | Computer Name = JOHN | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 9/7/2010 5:11:25 AM | Computer Name = JOHN | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: C:\Program Files\TurboTax\Home & Business 2009\32bit\TTAX.DLL
. Error code = 0x80131047

Error - 9/7/2010 5:25:29 AM | Computer Name = JOHN | Source = Application Error | ID = 1000
Description = Faulting application ctsyncu.exe, version 6.1.5.0, faulting module
ctsyncu.exe, version 6.1.5.0, fault address 0x0002d3ca.

[ System Events ]
Error - 9/7/2010 12:22:08 AM | Computer Name = JOHN | Source = Service Control Manager | ID = 7034
Description = The NICCONFIGSVC service terminated unexpectedly. It has done this
1 time(s).

Error - 9/7/2010 12:22:08 AM | Computer Name = JOHN | Source = Service Control Manager | ID = 7034
Description = The lxdi_device service terminated unexpectedly. It has done this
1 time(s).

Error - 9/7/2010 12:22:08 AM | Computer Name = JOHN | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 9/7/2010 12:22:08 AM | Computer Name = JOHN | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 9/7/2010 12:29:14 AM | Computer Name = JOHN | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%2

Error - 9/7/2010 12:29:14 AM | Computer Name = JOHN | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 9/7/2010 5:25:21 AM | Computer Name = JOHN | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%2

Error - 9/7/2010 5:25:21 AM | Computer Name = JOHN | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 9/7/2010 5:26:06 AM | Computer Name = JOHN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 9/7/2010 5:26:07 AM | Computer Name = JOHN | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053


< End of Report >

Thank you in advance for any help you can provide with this situation.

I have a picture of the three RUNDLL error pop-ups that appear on the screen after booting the system up, if it's needed.
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    [2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    O2 - BHO: (no name) - {70bbe460-500a-4041-a348-0c274e29f26a} - C:\WINDOWS\System32\ruzamako.dll File not found
    O4 - HKLM..\Run: [9cb56c0e] C:\WINDOWS\System32\suwuwari.DLL File not found
    O4 - HKLM..\Run: [CPM9f865f92] C:\WINDOWS\System32\vimuvayo.DLL File not found
    O4 - HKLM..\Run: [jabigowujo] C:\WINDOWS\System32\lekaribu.DLL File not found
    O4 - HKLM..\Run: [jibimckm] C:\Documents and Settings\Johnny\Local Settings\Application Data\jirvdf\occtsftav.exe File not found
    O4 - HKLM..\Run: [msci] C:\DOCUME~1\Johnny\LOCALS~1\Temp\200672144328_mcinfo.exe File not found
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - C:\WINDOWS\System32\vimuvayo.dll File not found
    O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - C:\WINDOWS\System32\vimuvayo.dll File not found
    O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    [2009/04/23 13:12:20 | 000,000,121 | -HS- | C] () -- C:\WINDOWS\System32\irawuwus.ini
    [2009/04/20 00:24:57 | 001,416,446 | -HS- | C] () -- C:\WINDOWS\System32\ojipukar.ini
    [2009/04/19 00:25:15 | 001,416,446 | -HS- | C] () -- C:\WINDOWS\System32\inadimuj.ini
    [2009/04/17 23:15:30 | 001,416,410 | -HS- | C] () -- C:\WINDOWS\System32\otoliyef.ini
    [2009/04/13 21:13:44 | 001,416,410 | -HS- | C] () -- C:\WINDOWS\System32\urehamak.ini
    [2009/04/12 16:47:53 | 001,405,937 | -HS- | C] () -- C:\WINDOWS\System32\awepepez.ini
    [2009/01/26 14:20:16 | 000,001,982 | -HS- | C] () -- C:\WINDOWS\System32\suzeyiji.dll
    [2009/01/26 14:20:13 | 000,001,982 | -HS- | C] () -- C:\WINDOWS\System32\wuniferi.dll
    [2009/01/26 02:20:19 | 000,001,982 | -HS- | C] () -- C:\WINDOWS\System32\hiyokovu.dll
    [2009/01/26 02:20:18 | 000,001,982 | -HS- | C] () -- C:\WINDOWS\System32\vuwizodi.dll
    [2009/01/25 00:41:06 | 000,001,982 | -HS- | C] () -- C:\WINDOWS\System32\zowepaba.dll
    [2009/01/25 00:41:04 | 000,001,982 | -HS- | C] () -- C:\WINDOWS\System32\samisede.dll
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "65533:TCP"=-
    "52344:TCP"=-
    "2479:TCP"=-
    "9558:TCP"=-
    "3389:TCP"=-
    "3246:TCP"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "65533:TCP"=-
    "52344:TCP"=-
    "2479:TCP"=-
    "9558:TCP"=-
    "3389:TCP"=-
    "3246:TCP"=-
    
    
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
Close out all other open programs and windows.
Double click the file to run it and follow any prompts.
If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.


*In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

mbr -f

Now, please do the Start>Run>mbr -f command a second time.
Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.
Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).
  • 0

#3
sbrnsouth

sbrnsouth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
First, thank you for your help!

I've run OTL and pasted in the commands you provided into the "Custom Scans/Fixes" box, then clicked "Run Fix". At the bottom of the OTL window it now says "Processing complete!", however the desktop icons, start button etc are all gone, but I can see the desktop wallpaper. Should I reboot by powering it off with the power button?

Sorry for the ignorance, I'm not the most technically savvy person in the world, and wanted to be sure before proceeding.
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
yes power it off with the power button
  • 0

#5
sbrnsouth

sbrnsouth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
When I restarted the computer, the three original RUNDLL error pop-ups were gone. I opened IE and it did connect to the internet! :)

Here is the helpasst -mbrt log:

C:\Documents and Settings\Johnny\Desktop\HelpAsst_mebroot_fix.exe
Tue 09/07/2010 at 13:38:55.50

HelpAssistant account is Active ~ attempting to de-activate

Account active Yes
Local Group Memberships *Administrators

HelpAssistant successfully set Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll present! ~ attempting to remove
Remove on reboot: C:\WINDOWS\system32\termsrv32.dll

~~ Checking firewall ports ~~

backing up DomainProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"3246:TCP"=-
"2479:TCP"=-

backing up StandardProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"3246:TCP"=-
"2479:TCP"=-

~~ Checking profile list ~~

HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-1196487081-3779771930-280355473-1004
HelpAssistant profile directory exists at C:\Documents and Settings\HelpAssistant ~ attempting to remove
~ All C:\Documents and Settings\HelpAssistant files successfully removed ~

~~ Checking mbr ~~

mbr infection detected! ~ running mbr -f

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x86dd8a70
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> 0x86876330
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0950E4C1
malicious code @ sector 0x0950E4C4 !
PE file found in sector at 0x0950E4DA !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
original MBR restored successfully !

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x86dd8a70
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> 0x86876330
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x0950E4C1
malicious code @ sector 0x0950E4C4 !
PE file found in sector at 0x0950E4DA !
Use "Recovery Console" command "fixmbr" to clear infection !

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Tue 09/07/2010 at 13:56:58.18

Account active No
Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0950E4C1
malicious code @ sector 0x0950E4C4 !
PE file found in sector at 0x0950E4DA !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~
  • 0

#6
sbrnsouth

sbrnsouth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I forgot to mention that I've been using a Flash Drive to transfer programs and log files between this pc and the infected Dell. Should I be concerned about the Flash being infected, or transfering the infection to this pc?

I only ask because in reading through some of the other threads I noticed they were instructed to run a program that disinfects their flash drives etc. Just wanted to check on that as well.

Also, I tried to run Malwarebytes' again on the Dell. I removed the initial installation, and downloaded it again and reinstalled, but still getting the two run-time errors I was getting before. How can I get it to run?

Thanks again for your time and expertise, it is greatly appreciated, and I will be making a donation once I get the all clear.

Edited by sbrnsouth, 07 September 2010 - 02:23 PM.

  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
the flash drives should be fine


Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#8
sbrnsouth

sbrnsouth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
ComboFix Log:

ComboFix 10-09-07.01 - Johnny 09/07/2010 16:14:48.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.507 [GMT -5:00]
Running from: c:\documents and settings\Johnny\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Johnny\LOCALS~1\Temp\install_flash_player.exe
c:\documents and settings\All Users\Application Data\Starware316
c:\documents and settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\Highlight.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\HighlightHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\highlighthotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\highlightxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\logo.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\logoxp.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Reference.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\referencexp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\screensaver.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Weather.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\weatherxp.png
c:\documents and settings\All Users\Application Data\Starware316\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware316\contexts\related.xml
c:\documents and settings\All Users\Application Data\Starware316\contexts\travel.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
c:\documents and settings\Johnny\Application Data\Starware316
c:\documents and settings\Johnny\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Johnny\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Johnny\Application Data\Starware316\Configurator\Configurator.xml
c:\documents and settings\Johnny\Application Data\Starware316\Configurator\Configurator.xml.backup
c:\documents and settings\Johnny\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\Johnny\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\Johnny\Application Data\Starware316\Games\GamesOptions.xml
c:\documents and settings\Johnny\Application Data\Starware316\Games\GamesOptions.xml.backup
c:\documents and settings\Johnny\Application Data\Starware316\Manager\ManagerOptions.xml
c:\documents and settings\Johnny\Application Data\Starware316\Manager\ManagerOptions.xml.backup
c:\documents and settings\Johnny\Application Data\Starware316\Movies\MoviesOptions.xml
c:\documents and settings\Johnny\Application Data\Starware316\Movies\MoviesOptions.xml.backup
c:\documents and settings\Johnny\Application Data\Starware316\Reference\ReferenceOptions.xml
c:\documents and settings\Johnny\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
c:\documents and settings\Johnny\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\Johnny\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\Johnny\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
c:\documents and settings\Johnny\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
c:\documents and settings\Johnny\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
c:\documents and settings\Johnny\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
c:\documents and settings\Johnny\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml
c:\documents and settings\Johnny\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
c:\documents and settings\Johnny\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml
c:\documents and settings\Johnny\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml.backup
c:\documents and settings\Johnny\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\Johnny\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\Johnny\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\Johnny\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\Johnny\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
c:\documents and settings\Johnny\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
c:\documents and settings\Johnny\Application Data\Starware316\Weather\WeatherOptions.xml
c:\documents and settings\Johnny\Application Data\Starware316\Weather\WeatherOptions.xml.backup
c:\program files\ContextTool
c:\program files\ContextTool\ContextHelper.dat
c:\program files\ContextTool\pcre3.dll
c:\program files\ContextTool\uninstall.exe
c:\program files\screensavers.com
c:\program files\screensavers.com\SSSInst\bin\iebyterange.xml
c:\program files\screensavers.com\SSSInst\bin\iebyterange.xml.backup
c:\program files\screensavers.com\SSSInst\bin\SSSUninst.exe
c:\program files\Search Enhancer Toolbar
c:\program files\Search Enhancer Toolbar\basis.xml
c:\program files\Search Enhancer Toolbar\icons.bmp
c:\program files\Search Enhancer Toolbar\NCL.crc
c:\program files\Search Enhancer Toolbar\version.txt
c:\program files\Starware316
c:\program files\Starware316\brand.bmp
c:\program files\Starware316\icons\star_16.ico
c:\program files\Starware316\Starware316Config.xml
c:\windows\system32\logs

.
((((((((((((((((((((((((( Files Created from 2010-08-07 to 2010-09-07 )))))))))))))))))))))))))))))))
.

2100-02-23 19:35 . 2001-02-22 14:54 768 ----a-w- c:\program files\x73_lut.dat
2100-02-08 21:03 . 2001-05-11 16:39 53248 ----a-w- c:\program files\ACMonitor_X73.exe
2010-09-07 20:17 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 20:17 . 2010-09-07 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-07 20:17 . 2010-09-07 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-07 20:17 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-07 18:38 . 2010-09-07 18:39 -------- d-----w- C:\HelpAsst_backup
2010-09-07 18:21 . 2010-09-07 18:21 -------- d-----w- C:\_OTL
2010-09-07 05:00 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-09-07 04:45 . 2010-09-07 04:46 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-09-07 04:33 . 2010-09-07 04:33 -------- d-----w- c:\program files\ERUNT
2010-09-07 04:19 . 2010-09-07 04:19 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-09-06 20:35 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-06 20:34 . 2010-06-24 12:21 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-06 20:20 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 18:58 . 2010-03-03 02:15 -------- d-----w- c:\documents and settings\Johnny\Application Data\U3
2010-09-07 09:24 . 2010-02-22 00:54 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-05 18:51 . 2006-03-29 05:38 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2010-09-05 18:49 . 2006-03-20 15:42 -------- d-----w- c:\program files\NetZeroInstallers
2010-09-05 18:44 . 2005-08-17 02:54 -------- d-----w- c:\program files\GemMaster
2010-09-04 19:01 . 2006-03-29 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-06-30 12:31 . 2005-08-16 10:18 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2005-08-16 10:18 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-03-20 15:15 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2005-08-16 10:18 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-08-16 10:40 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2005-08-16 10:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
2001-07-26 21:58 . 2000-01-11 17:50 47 ----a-w- c:\program files\ACMonitor_X73.ini
2001-07-05 17:46 . 2001-07-20 15:48 8116 ----a-w- c:\program files\OSLO3071b2.USB
2001-05-08 21:36 . 2000-12-05 20:56 114688 ----a-w- c:\program files\lxarscan.dll
2001-04-23 19:22 . 2100-02-08 20:53 1437 ----a-w- c:\program files\gtx73.ini
2009-04-19 19:15 . 2008-08-14 00:02 61440 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2006-10-11 08:04 . 2008-07-19 07:50 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-07-19 07:50 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-07-19 07:50 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-07-19 07:50 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-07-19 07:50 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-03-29 08:23 . 2006-07-31 04:52 104 --sh--r- c:\windows\system32\63EC99102B.sys
2009-03-29 08:23 . 2006-07-31 04:52 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2005-05-15 332800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl"="" [X]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-10 198160]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-03-06 435120]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 20480]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-18 177472]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"LXDICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXDItime.dll" [2007-02-26 102400]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-20 24576]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Johnny^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=c:\documents and settings\Johnny\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=c:\windows\pss\SpywareGuard.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2006-06-12 20:32 700416 ----a-w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-03-06 14:51 312240 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-16 00:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-09 01:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 22:16 1121792 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2009-07-10 03:52 214536 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\app4r.exe"=
"c:\\WINDOWS\\system32\\lxdicfg.exe"=
"c:\\WINDOWS\\system32\\lxdicoms.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\Wireless\\lxdiwpss.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=

R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
S2 gupdate1ca01115d5f86b6;Google Update Service (gupdate1ca01115d5f86b6);c:\program files\Google\Update\GoogleUpdate.exe [7/9/2009 10:48 PM 133104]
S3 QCAbsee;Logitech QuickCam Web (0801);c:\windows\system32\drivers\OVCA.sys [4/15/2006 10:52 AM 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 03:48]

2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 03:48]

2010-09-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/learnmore/learnmore.asp?close=true&lcode=en-us
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: intuit.com\ttlc
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Johnny\Application Data\Mozilla\Firefox\Profiles\u0nj2j6y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.08.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-PrinTray - c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
AddRemove-ContextTool - c:\program files\ContextTool\uninstall.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Johnny\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-07 16:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXDItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2312)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\LEXBCES.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdicoms.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2010-09-07 16:30:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-07 21:30

Pre-Run: 57,790,152,704 bytes free
Post-Run: 57,677,103,104 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 0AE9EDC3F1D17CDE33B64498D7203F73
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.



  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:
    :Commands
    [clearallrestorepoints]
  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES



  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes



  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0

#10
sbrnsouth

sbrnsouth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Thanks SO much for your time and expert help with this, I can't stress how much I appreciate it! This site is amazing, and all of you who help the rest of us out are AWESOME for doing so! I hope everyone who receives help here does right by you guys when it comes to donating! I've made a donation for your time. :)

If I might ask one more time before we are done, I still can't run Malwarebytes' for some reason. It's not that big a deal, but I'd like to run it on here if at all possible. Any suggestions? If not, no worries.

Best Regards,
Scott
  • 0

Advertisements


#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
sure

  • Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
  • Restart your computer (very important).
  • Download and run this utility. mbam-clean.exe
  • It will ask to restart your computer (please allow it to).
  • After the computer restarts, Temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here


It work now ?
  • 0

#12
sbrnsouth

sbrnsouth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I followed the instructions for Malwarebytes', but it's still giving me the two run-time errors when I try to run it. Do you think this is associated with the infection(s) we cleaned today? Is there an equivalent program to this one that I could use instead, if I'm not able to run Malwarebytes' ? Any suggestion is greatly appreciated.
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
try this


Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
    
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



then install MBAM again, it work ?
  • 0

#14
sbrnsouth

sbrnsouth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I've followed the OTM instructions, and can see the reults under the green "results" bar, but when I try to highlight the text in there, I get a beeping sound when I click the mouse. It won't do anything. I also get it when I tried to click the X to close the program.

Should I reboot with the power button, and then navigate to the log files to copy and paste them here?
  • 0

#15
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
yes do that
  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP