Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

ThinkPoint and System Tool cleaned

Started by help_virus , Nov 18 2010 02:59 PM

Please log in to reply

#1
help_virus

Posted 18 November 2010 - 02:59 PM

New Member

Member
5 posts

Hello, everyone!

I'm running on a Dell Latitude D600
It's got Windows XP Professional SP3

I had a couple of fake anti-virus programs last week. With the help of Google, this forum, Avast Anti-Virus, Malwarebytes' Anti-Malware, and Hijackthis, I believe I've removed the fake programs and fixed a Google redirect.

There still seems to be some leftover infection, though.

As Avast is running in the background every 10-20 minutes, it tells me that C:\WINDOWS\system32\svchost.exe throws a malicious url. Fortunately, it seems that Avast is doing a good job of blocking them.

Also, when I run a scan with Avast or Malwarebytes' it tells me that C:\WINDOWS\system32\svchost.exe and C:\WINDOWS\explorer.exe are infected. It won't repair the files, and if I removed them, it would mess up my OS pretty bad, right?

I'm hoping that someone here may be able to help me fix the last bits of the infection. So, here are my OTL logs.

Thank you all!!

OTL.Txt

OTL logfile created on: 11/18/2010 2:25:52 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Kendra\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 41.00 Mb Available Physical Memory | 8.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 18.96 Gb Free Space | 50.90% Space Free | Partition Type: NTFS

Computer Name: HAROLD | User Name: Kendra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/18 14:25:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kendra\Desktop\OTL.exe
PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/23 04:59:14 | 002,388,264 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/12 11:02:08 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
PRC - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/14 05:42:40 | 000,507,904 | ---- | M] () -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/11/18 14:25:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kendra\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\spoolsv.exe -- (Spooler)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\6to4v32.dll -- (6to4)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans)
DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/11/10 22:49:24 | 001,406,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/04/21 21:58:38 | 000,092,550 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ozscr.sys -- (OZSCR)
DRV - [2004/11/15 15:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 DC EC 19 56 87 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/12 15:49:20 | 000,000,000 | ---D | M]

[2010/10/29 06:32:06 | 000,002,077 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/11/18 12:59:23 | 000,000,000 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe (Microsoft Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.micr...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1229440879408 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.31.0.9 172.31.0.7
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Kendra\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kendra\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/22 05:56:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/18 14:24:57 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kendra\Desktop\OTL.exe
[2010/11/18 12:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/11/15 17:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kendra\Application Data\Windows Search
[2010/11/15 17:49:54 | 003,024,056 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Kendra\My Documents\dfsetup200.exe
[2010/11/15 17:47:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kendra\Recent
[2010/11/15 17:42:49 | 002,811,584 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Kendra\My Documents\ccsetup300.exe
[2010/11/15 11:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2010/11/15 11:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2010/11/12 15:55:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/12 15:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/11/12 15:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/11/12 15:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/11/12 15:08:26 | 000,000,000 | ---D | C] -- C:\ccleaner
[2010/11/10 15:51:29 | 000,000,000 | ---D | C] -- C:\65da8d16445ba9271017c21d797c
[2010/11/10 15:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kendra\Application Data\Windows Desktop Search
[2010/11/10 15:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/11/10 15:39:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/11/10 15:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/11/10 15:34:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/11/10 15:34:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/11/10 15:31:08 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/11/10 15:31:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/11/10 15:31:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2010/11/10 14:25:31 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/11/10 09:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010/11/10 09:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/09 18:47:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/11/08 12:06:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kendra\Application Data\Malwarebytes
[2010/11/08 11:19:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/11/08 09:53:53 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/11/08 09:53:53 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/11/08 09:53:51 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/11/08 09:53:49 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/11/08 09:53:47 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/11/08 09:53:47 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/11/08 09:53:46 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/11/08 09:53:35 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/11/08 09:53:34 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/11/08 09:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/11/08 09:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/04 17:14:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/04 17:14:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/04 17:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/04 17:14:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/04 16:48:26 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/11/04 15:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/11/04 15:21:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/11/04 15:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\cEaGe02001
[2010/11/02 02:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/02 02:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/02 01:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/02 01:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/02 01:25:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[1 C:\Documents and Settings\Kendra\My Documents\*.tmp files -> C:\Documents and Settings\Kendra\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/18 14:28:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/18 14:25:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kendra\Desktop\OTL.exe
[2010/11/18 14:21:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\Updater.job
[2010/11/18 13:59:27 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\Kendra\Desktop\HiJackThis.lnk
[2010/11/18 13:38:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/11/18 13:38:00 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/11/18 13:34:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010/11/18 13:33:14 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/18 13:32:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/18 12:59:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/15 20:32:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/15 20:32:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/15 19:26:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/15 19:26:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/15 19:26:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/15 17:53:00 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2010/11/15 17:50:23 | 003,024,056 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Kendra\My Documents\dfsetup200.exe
[2010/11/15 17:48:22 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/11/15 17:45:28 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/15 17:43:16 | 002,811,584 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Kendra\My Documents\ccsetup300.exe
[2010/11/15 09:38:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/12 15:31:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/12 15:31:20 | 000,110,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/10 17:28:02 | 000,012,477 | ---- | M] () -- C:\WINDOWS\System32\234.js
[2010/11/10 15:54:38 | 000,429,418 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/10 15:54:38 | 000,071,880 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/10 15:39:39 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/11/10 15:37:09 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Kendra\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/11/10 15:37:09 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Kendra\Desktop\Windows Media Player.lnk
[2010/11/10 15:37:06 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/11/10 15:37:06 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/11/10 15:34:20 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/11/10 14:40:41 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Kendra\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/11/10 10:28:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/09 18:47:42 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/09 17:13:25 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/11/09 14:34:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/08 18:54:45 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/08 16:18:29 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Kendra\Application Data\completescan
[2010/11/08 09:53:48 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/04 15:39:51 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/04 15:31:54 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Kendra\Application Data\start
[2010/11/04 15:22:54 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Kendra\Application Data\install
[2010/11/04 15:22:50 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/04 15:22:50 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/04 15:22:50 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/04 15:21:59 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/04 15:21:59 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/04 15:21:59 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/04 15:21:59 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/04 15:21:59 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/04 15:21:59 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/04 15:21:59 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/04 15:21:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/04 15:21:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/04 15:21:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/04 15:21:36 | 000,000,201 | ---- | M] () -- C:\Documents and Settings\Kendra\Application Data\dkfjasdfshd.bat
[2010/11/04 12:34:09 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\sourcelistinternet.doc
[2010/11/04 02:24:46 | 009,367,681 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\Ra-Ra-Riot-Boy-RAC-Mix.mp3
[2010/11/04 02:18:13 | 003,083,038 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\kag.mp3
[2010/11/04 02:16:28 | 005,003,339 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\When-I-Am-Gone.mp3
[2010/11/04 02:15:51 | 005,119,649 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\11 Beauty.mp3
[2010/11/04 02:15:07 | 007,662,372 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\Ribbon Bow.mp3
[2010/11/04 02:14:52 | 009,882,570 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\08-Meet-the-Frownies.mp3
[2010/11/04 02:12:23 | 005,308,613 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\01-Mornin.mp3
[2010/11/04 02:12:20 | 004,317,767 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\lina.mp3
[2010/11/04 02:11:56 | 009,946,215 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\06-pure-affection.mp3
[2010/11/04 02:10:56 | 006,202,152 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\Kissing-Clouds.mp3
[2010/11/04 02:10:38 | 005,550,079 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\Watch-The-Glow.mp3
[2010/11/04 02:08:32 | 005,613,325 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\02-Tea-Lights.mp3
[2010/11/04 02:08:15 | 003,565,743 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\07-A-Bright-[bleep]-Light.mp3
[2010/11/04 01:51:36 | 004,921,936 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\backinyourheadrac.mp3
[2010/11/04 01:44:20 | 000,051,626 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\tegan-and-sara-home-recordings-1.html
[2010/11/04 01:41:54 | 000,051,626 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\tegan-and-sara-home-recordings.html
[2010/11/04 01:26:05 | 005,936,736 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\ohdarling.mp3
[2010/11/04 01:15:50 | 016,535,575 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\Broken-Social-Scene-World-Sick.mp3
[2010/11/04 01:13:32 | 007,480,278 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\Kate-Nash-I-Just-Love-You-More.mp3
[2010/11/03 15:44:11 | 003,937,841 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\Kate-Nash-Do-Wah-Doo.mp3
[2010/11/03 15:44:03 | 004,913,327 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\Kate-Nash-Paris.mp3
[2010/11/02 16:58:03 | 003,616,896 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\Prince - Kiss.mp3
[2010/11/02 16:39:27 | 004,313,127 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\09-pumpkin-soup.mp3
[2010/11/02 16:31:10 | 007,000,923 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\01.the raveonettes - bang!.mp3
[2010/11/02 15:29:39 | 015,830,600 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\Prince (Bassnectar Remix).mp3
[2010/11/02 11:20:01 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\journalresources.doc
[2010/11/01 17:32:14 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\litnotes.doc
[2010/11/01 15:32:32 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\journal4.doc
[2010/11/01 15:30:53 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\journal3-1.doc
[2010/11/01 14:48:00 | 000,265,104 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\Introduction_to_Literature.pdf
[2010/10/31 21:46:56 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\websummary6.doc
[2010/10/28 19:26:39 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\philofreligionnotes.doc
[2010/10/28 16:52:28 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\hhh8.doc
[2010/10/28 12:25:13 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\sourcelistbooks.doc
[2010/10/26 12:29:19 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\emmainterview.doc
[2010/10/26 12:24:53 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\apologeticreferences1.doc
[2010/10/26 10:34:34 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Kendra\My Documents\~$ologeticreferences.doc
[2010/10/25 14:34:59 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\introtoartsnotes.doc
[2010/10/25 12:19:24 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\websummary5.doc
[2010/10/25 00:01:04 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\journal3.doc
[2010/10/21 16:26:50 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\hhh7.doc
[2010/10/21 15:01:14 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Kendra\My Documents\hhh6.doc
[1 C:\Documents and Settings\Kendra\My Documents\*.tmp files -> C:\Documents and Settings\Kendra\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/02 16:57:34 | 003,616,896 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\Prince - Kiss.mp3
[2010/12/02 15:26:52 | 015,830,600 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\Prince (Bassnectar Remix).mp3
[2010/11/18 12:40:30 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\Kendra\Desktop\HiJackThis.lnk
[2010/11/15 17:53:00 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2010/11/15 17:45:28 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/10 15:39:39 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/11/10 15:36:55 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Kendra\Desktop\Windows Media Player.lnk
[2010/11/10 15:34:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/11/10 10:28:04 | 000,012,477 | ---- | C] () -- C:\WINDOWS\System32\234.js
[2010/11/08 18:52:09 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/11/04 15:31:54 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Kendra\Application Data\start
[2010/11/04 15:26:59 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Kendra\Application Data\completescan
[2010/11/04 15:22:54 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Kendra\Application Data\install
[2010/11/04 15:22:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/11/04 15:22:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/11/04 15:22:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/11/04 15:22:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/11/04 15:22:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/11/04 15:22:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/11/04 15:22:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/11/04 15:21:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/11/04 15:21:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/11/04 15:21:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/11/04 15:21:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/11/04 15:21:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/11/04 15:21:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/11/04 15:21:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/11/04 15:21:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/11/04 15:21:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/11/04 15:21:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/11/04 15:21:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/11/04 15:21:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/11/04 15:21:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/11/04 15:21:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/11/04 15:21:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/11/04 15:21:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/11/04 15:21:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/11/04 15:21:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\Updater.job
[2010/11/04 15:21:36 | 000,000,201 | ---- | C] () -- C:\Documents and Settings\Kendra\Application Data\dkfjasdfshd.bat
[2010/11/04 12:34:09 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\sourcelistinternet.doc
[2010/11/04 02:23:52 | 009,367,681 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\Ra-Ra-Riot-Boy-RAC-Mix.mp3
[2010/11/04 02:18:04 | 003,083,038 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\kag.mp3
[2010/11/04 02:16:16 | 005,003,339 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\When-I-Am-Gone.mp3
[2010/11/04 02:15:27 | 005,119,649 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\11 Beauty.mp3
[2010/11/04 02:14:25 | 007,662,372 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\Ribbon Bow.mp3
[2010/11/04 02:14:22 | 009,882,570 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\08-Meet-the-Frownies.mp3
[2010/11/04 02:12:08 | 005,308,613 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\01-Mornin.mp3
[2010/11/04 02:11:54 | 004,317,767 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\lina.mp3
[2010/11/04 02:11:36 | 009,946,215 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\06-pure-affection.mp3
[2010/11/04 02:10:44 | 006,202,152 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\Kissing-Clouds.mp3
[2010/11/04 02:10:23 | 005,550,079 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\Watch-The-Glow.mp3
[2010/11/04 02:08:18 | 005,613,325 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\02-Tea-Lights.mp3
[2010/11/04 02:08:08 | 003,565,743 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\07-A-Bright-[bleep]-Light.mp3
[2010/11/04 01:50:49 | 004,921,936 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\backinyourheadrac.mp3
[2010/11/04 01:44:18 | 000,051,626 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\tegan-and-sara-home-recordings-1.html
[2010/11/04 01:41:50 | 000,051,626 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\tegan-and-sara-home-recordings.html
[2010/11/04 01:25:43 | 005,936,736 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\ohdarling.mp3
[2010/11/04 01:13:50 | 016,535,575 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\Broken-Social-Scene-World-Sick.mp3
[2010/11/04 01:12:39 | 007,480,278 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\Kate-Nash-I-Just-Love-You-More.mp3
[2010/11/03 15:43:20 | 003,937,841 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\Kate-Nash-Do-Wah-Doo.mp3
[2010/11/03 15:43:16 | 004,913,327 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\Kate-Nash-Paris.mp3
[2010/11/02 16:38:52 | 004,313,127 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\09-pumpkin-soup.mp3
[2010/11/02 16:29:51 | 007,000,923 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\01.the raveonettes - bang!.mp3
[2010/11/02 10:20:41 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\journalresources.doc
[2010/11/02 01:26:12 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/11/02 01:26:11 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010/11/02 01:26:11 | 000,000,248 | -H-- | C] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/11/01 15:32:22 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\journal4.doc
[2010/11/01 15:30:53 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\journal3-1.doc
[2010/11/01 14:48:00 | 000,265,104 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\Introduction_to_Literature.pdf
[2010/10/31 21:28:55 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\websummary6.doc
[2010/10/28 16:52:25 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\hhh8.doc
[2010/10/28 12:25:12 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\sourcelistbooks.doc
[2010/10/26 11:23:09 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\apologeticreferences1.doc
[2010/10/26 10:34:34 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Kendra\My Documents\~$ologeticreferences.doc
[2010/10/25 16:22:50 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\emmainterview.doc
[2010/10/25 14:34:59 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\introtoartsnotes.doc
[2010/10/25 00:59:18 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\websummary5.doc
[2010/10/25 00:01:03 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\journal3.doc
[2010/10/21 16:26:50 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Kendra\My Documents\hhh7.doc
[2010/01/11 00:24:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/17 10:52:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/09/19 16:16:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2004/09/22 05:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Absolutist
[2010/11/08 09:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/04 18:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/11/08 18:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cEaGe02001
[2010/03/23 11:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/11/04 15:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/08/16 16:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2004/09/22 05:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/11/10 15:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kendra\Application Data\Windows Desktop Search
[2010/11/15 17:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kendra\Application Data\Windows Search
[2010/11/04 15:21:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/11/04 15:21:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/11/09 14:34:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/11/12 15:31:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/11/18 14:28:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/11/10 10:28:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/11/04 15:21:59 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/11/08 18:54:45 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/11/15 19:26:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/11/15 19:26:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/11/15 20:32:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/11/15 09:38:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/11/15 20:32:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/11/04 15:22:50 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/11/15 19:26:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/11/04 15:22:50 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/11/04 15:22:50 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/11/04 15:21:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/11/04 15:21:59 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/11/04 15:21:59 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/11/04 15:21:59 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/11/04 15:21:59 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/11/04 15:21:59 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/11/04 15:21:59 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/11/18 14:21:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\Updater.job
[2010/11/18 13:38:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/11/18 13:38:00 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/11/18 13:34:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========

< End of report >

Extras.Txt

OTL Extras logfile created on: 11/18/2010 2:25:52 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Kendra\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 41.00 Mb Available Physical Memory | 8.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 18.96 Gb Free Space | 50.90% Space Free | Partition Type: NTFS

Computer Name: HAROLD | User Name: Kendra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{66468F4D-BC4E-470C-9093-B3B6A1BB378C}" = MSN Toolbar Platform
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}" = O2Micro Smartcard Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem
"Defraggler" = Defraggler
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}" = O2Micro Smartcard Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Plants vs. Zombies" = Plants vs. Zombies
"VLC media player" = VLC media player 0.9.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/15/2010 7:31:02 PM | Computer Name = HAROLD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 11/15/2010 9:20:45 PM | Computer Name = HAROLD | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 11/15/2010 10:28:23 PM | Computer Name = HAROLD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 11/15/2010 10:28:24 PM | Computer Name = HAROLD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 11/18/2010 2:36:59 PM | Computer Name = HAROLD | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\KENDRA\RECENT\DESKTOP.INI> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 11/18/2010 2:37:21 PM | Computer Name = HAROLD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 11/18/2010 2:37:21 PM | Computer Name = HAROLD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 11/18/2010 2:47:48 PM | Computer Name = HAROLD | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 11/18/2010 3:46:59 PM | Computer Name = HAROLD | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 11/18/2010 4:29:09 PM | Computer Name = HAROLD | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

[ System Events ]
Error - 11/18/2010 2:34:53 PM | Computer Name = HAROLD | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 11/18/2010 2:37:29 PM | Computer Name = HAROLD | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 11/18/2010 3:28:32 PM | Computer Name = HAROLD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/18/2010 3:28:40 PM | Computer Name = HAROLD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 11/18/2010 3:30:00 PM | Computer Name = HAROLD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 11/18/2010 3:30:00 PM | Computer Name = HAROLD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 11/18/2010 3:30:32 PM | Computer Name = HAROLD | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 11/18/2010 3:30:35 PM | Computer Name = HAROLD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/18/2010 3:33:05 PM | Computer Name = HAROLD | Source = Service Control Manager | ID = 7000
Description = The Print Spooler service failed to start due to the following error:
%%2

Error - 11/18/2010 3:33:05 PM | Computer Name = HAROLD | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

< End of report >

#2
Rorschach112

Posted 18 November 2010 - 03:13 PM

Ralphie

Retired Staff
47,710 posts

Please download OTM

Save it to your desktop.
Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Processes

:Services

:Reg

:Files
ipconfig /flushdns /c
%systemroot%\prefetch\*.*
C:\WINDOWS\tasks\At*.job
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]

Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Download ComboFix here :

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

Click me
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

#3
help_virus

Posted 18 November 2010 - 06:49 PM

New Member

Topic Starter
Member
5 posts

I ended up running OTM a few times. It kept rebooting the computer too quick for me to copy and paste the results. However, here is what is in the log from OTM:

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Kendra\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Kendra\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 13539278 bytes
->Temporary Internet Files folder emptied: 186207 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kendra
->Temp folder emptied: 1113674433 bytes
->Temporary Internet Files folder emptied: 10685822 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 70656 bytes
->Flash cache emptied: 1999427 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 39912254 bytes
->Java cache emptied: 1095372 bytes
->Flash cache emptied: 42686 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 269607607 bytes
->Flash cache emptied: 52537 bytes

User: User1
->Temp folder emptied: 169124 bytes
->Temporary Internet Files folder emptied: 5195383 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 589 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2190207 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18763482 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 758594 bytes
RecycleBin emptied: 394482 bytes

Total Files Cleaned = 1,410.00 mb

Restore point Set: OTM Restore Point (61373261593706496)

OTM by OldTimer - Version 3.1.17.2 log created on 11102010_142531

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

I ran ComboFix twice. It locked up after rebooting once and would not do anything! I had to shut down in the middle of it. However, here is the log from the second, successful, run of ComboFix

ComboFix 10-11-18.03 - Kendra 11/18/2010 18:23:16.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.166 [GMT -6:00]
Running from: c:\documents and settings\Kendra\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Update\seupd.exe
c:\documents and settings\All Users\Documents\Server\admin.txt
c:\documents and settings\Kendra\Application Data\completescan
c:\documents and settings\Kendra\Application Data\dkfjasdfshd.bat
c:\documents and settings\Kendra\Application Data\install
c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

-- Previous Run --

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe

--------

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4

((((((((((((((((((((((((( Files Created from 2010-10-19 to 2010-11-19 )))))))))))))))))))))))))))))))
.

2010-11-18 18:40 . 2010-11-18 18:40 388096 ----a-r- c:\documents and settings\Kendra\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-18 18:40 . 2010-11-18 18:40 -------- d-----w- c:\program files\Trend Micro
2010-11-15 23:54 . 2010-11-15 23:54 -------- d-----w- c:\documents and settings\Kendra\Application Data\Windows Search
2010-11-15 22:09 . 2010-11-15 22:09 -------- d-----w- c:\documents and settings\User1\Local Settings\Application Data\Identities
2010-11-15 22:08 . 2010-11-15 22:08 -------- d-----w- c:\documents and settings\User1\Application Data\Windows Desktop Search
2010-11-15 17:57 . 2010-11-15 17:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2010-11-15 17:57 . 2010-11-15 17:57 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-11-12 21:55 . 2010-11-12 21:55 -------- d-----w- c:\program files\Common Files\Java
2010-11-12 21:49 . 2010-11-12 21:49 -------- d-----w- c:\program files\Microsoft
2010-11-12 21:49 . 2010-11-12 21:49 -------- d-----w- c:\program files\MSN Toolbar
2010-11-12 21:46 . 2010-11-12 21:49 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-11-12 21:44 . 2010-09-15 10:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 21:08 . 2010-11-12 21:28 -------- d-----w- C:\ccleaner
2010-11-10 21:52 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-11-10 21:51 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-11-10 21:51 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-11-10 21:51 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-11-10 21:51 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-11-10 21:51 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-11-10 21:51 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-11-10 21:51 . 2010-11-10 21:52 -------- d-----w- C:\65da8d16445ba9271017c21d797c
2010-11-10 21:51 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-11-10 21:51 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-11-10 21:40 . 2010-11-10 21:40 -------- d-----w- c:\documents and settings\Kendra\Application Data\Windows Desktop Search
2010-11-10 21:39 . 2010-11-10 21:39 -------- d-----w- c:\program files\Windows Desktop Search
2010-11-10 21:39 . 2010-11-10 21:39 -------- d-----w- c:\windows\system32\GroupPolicy
2010-11-10 21:37 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2010-11-10 21:37 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2010-11-10 21:37 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2010-11-10 21:36 . 2010-11-10 21:36 -------- d-----w- c:\program files\Windows Media Connect 2
2010-11-10 21:34 . 2010-11-12 21:14 -------- d-----w- c:\windows\system32\LogFiles
2010-11-10 21:34 . 2010-11-10 21:35 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-11-10 21:31 . 2010-11-10 21:32 -------- d-----w- c:\windows\system32\URTTemp
2010-11-10 20:25 . 2010-11-10 20:25 -------- d-----w- C:\_OTM
2010-11-10 15:46 . 2010-11-15 23:52 -------- d-----w- c:\program files\Defraggler
2010-11-10 15:44 . 2010-11-15 23:44 -------- d-----w- c:\program files\CCleaner
2010-11-09 22:15 . 2008-04-14 11:42 1033728 ----a-w- c:\windows\explorer.exe
2010-11-09 00:42 . 2010-11-09 00:42 -------- d-----w- c:\documents and settings\User1\Application Data\Yahoo!
2010-11-09 00:39 . 2010-11-09 00:39 -------- d-----w- c:\documents and settings\User1\Application Data\Malwarebytes
2010-11-08 18:06 . 2010-11-08 18:06 -------- d-----w- c:\documents and settings\Kendra\Application Data\Malwarebytes
2010-11-08 17:28 . 2010-11-08 17:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-11-08 17:28 . 2010-11-08 17:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2010-11-08 15:53 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-08 15:53 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-08 15:53 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-08 15:53 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-08 15:53 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-08 15:53 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-08 15:53 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-08 15:53 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-08 15:53 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-08 15:53 . 2010-11-08 15:53 -------- d-----w- c:\program files\Alwil Software
2010-11-08 15:53 . 2010-11-08 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-04 23:14 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-04 23:14 . 2010-11-04 23:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-04 23:14 . 2010-11-04 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-04 23:14 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-04 23:13 . 2010-11-04 23:14 -------- d-----w- c:\documents and settings\Administrator
2010-11-04 21:21 . 2010-11-18 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-11-04 21:21 . 2010-11-09 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\cEaGe02001

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 17:23 . 2007-07-27 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2007-07-27 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2007-07-27 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2007-07-27 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 08:29 . 2010-02-20 20:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2007-07-27 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2007-07-27 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2007-07-27 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2007-07-27 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2007-07-27 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2007-07-27 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-12-27 02:10 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2007-07-27 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
.

------- Sigcheck -------

[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2007-07-27 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

c:\windows\System32\spoolsv.exe ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2010-11-19_00.06.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-19 00:12 . 2010-11-19 00:12 16384 c:\windows\Temp\Perflib_Perfdata_7bc.dat
+ 2010-11-19 00:32 . 2010-11-19 00:32 16384 c:\windows\Temp\Perflib_Perfdata_7b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/8/2010 9:53 AM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/8/2010 9:53 AM 17744]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [12/15/2008 3:59 PM 92550]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-18 18:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3956)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\SearchProtocolHost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-11-18 18:39:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-19 00:39

Pre-Run: 20,767,629,312 bytes free
Post-Run: 20,705,251,328 bytes free

- - End Of File - - 0F96D75145E822029D64738F81709EC6

Thanks so much for all of your help!!

#4
help_virus

Posted 18 November 2010 - 06:50 PM

New Member

Topic Starter
Member
5 posts

Also, there have been no malicious url warnings from Avast since running ComboFix

#5
Rorschach112

Posted 18 November 2010 - 07:02 PM

Ralphie

Retired Staff
47,710 posts

update avast run a full scan post that log here

#6
help_virus

Posted 19 November 2010 - 11:32 AM

New Member

Topic Starter
Member
5 posts

I ran the scan. It looks like the viruses found were already in the chest, and in some restore points.

I tried copying and pasting it here, but the system is way slow and IExplorer freezes up when I try. I don't know why there is so much text. It's a 13.9MB .txt file

so it's too big to attach here.

The only thing I could think of was to take a screen shot and upload the .jpg of the infected files that Avast found. So, here's that pic:

Thanks again for everything!!

#7
Rorschach112

Posted 20 November 2010 - 11:49 AM

Ralphie

Retired Staff
47,710 posts

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

Registry::

MIA::
c:\windows\System32\spoolsv.exe

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

#8
help_virus

Posted 22 November 2010 - 10:52 AM

New Member

Topic Starter
Member
5 posts

As I dropped the script file onto the ComoFix icon, there was a pop-up that said something like, "Incomptible OS, ComboFix only works on XP and Windows 2000 machines."

It seemed to update and run fine, though, after that. So, I'm not sure if it really mean anything.

Anyway, here's the log:

Thanks!!!!

ComboFix 10-11-21.02 - Kendra 11/22/2010 10:35:11.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.117 [GMT -6:00]
Running from: c:\documents and settings\Kendra\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kendra\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\spoolsv.exe was missing
Restored copy from - c:\windows\system32\dllcache\spoolsv.exe

.
((((((((((((((((((((((((( Files Created from 2010-10-22 to 2010-11-22 )))))))))))))))))))))))))))))))
.

2010-11-22 16:41 . 2010-08-17 13:17 58880 -c--a-w- c:\windows\system32\dllcache\spoolsv.exe
2010-11-22 16:41 . 2010-08-17 13:17 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-11-22 16:19 . 2010-11-22 16:19 -------- d-----w- c:\windows\LastGood
2010-11-18 18:40 . 2010-11-18 18:40 388096 ----a-r- c:\documents and settings\Kendra\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-18 18:40 . 2010-11-18 18:40 -------- d-----w- c:\program files\Trend Micro
2010-11-15 23:54 . 2010-11-15 23:54 -------- d-----w- c:\documents and settings\Kendra\Application Data\Windows Search
2010-11-15 22:09 . 2010-11-15 22:09 -------- d-----w- c:\documents and settings\User1\Local Settings\Application Data\Identities
2010-11-15 22:08 . 2010-11-15 22:08 -------- d-----w- c:\documents and settings\User1\Application Data\Windows Desktop Search
2010-11-15 17:57 . 2010-11-15 17:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2010-11-15 17:57 . 2010-11-15 17:57 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-11-12 21:55 . 2010-11-12 21:55 -------- d-----w- c:\program files\Common Files\Java
2010-11-12 21:49 . 2010-11-12 21:49 -------- d-----w- c:\program files\Microsoft
2010-11-12 21:49 . 2010-11-12 21:49 -------- d-----w- c:\program files\MSN Toolbar
2010-11-12 21:46 . 2010-11-12 21:49 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-11-12 21:44 . 2010-09-15 10:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 21:08 . 2010-11-12 21:28 -------- d-----w- C:\ccleaner
2010-11-10 21:52 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-11-10 21:51 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-11-10 21:51 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-11-10 21:51 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-11-10 21:51 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-11-10 21:51 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-11-10 21:51 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-11-10 21:51 . 2010-11-10 21:52 -------- d-----w- C:\65da8d16445ba9271017c21d797c
2010-11-10 21:51 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-11-10 21:51 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-11-10 21:40 . 2010-11-10 21:40 -------- d-----w- c:\documents and settings\Kendra\Application Data\Windows Desktop Search
2010-11-10 21:39 . 2010-11-10 21:39 -------- d-----w- c:\program files\Windows Desktop Search
2010-11-10 21:39 . 2010-11-10 21:39 -------- d-----w- c:\windows\system32\GroupPolicy
2010-11-10 21:37 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2010-11-10 21:37 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2010-11-10 21:37 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2010-11-10 21:36 . 2010-11-10 21:36 -------- d-----w- c:\program files\Windows Media Connect 2
2010-11-10 21:34 . 2010-11-12 21:14 -------- d-----w- c:\windows\system32\LogFiles
2010-11-10 21:34 . 2010-11-10 21:35 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-11-10 21:31 . 2010-11-10 21:32 -------- d-----w- c:\windows\system32\URTTemp
2010-11-10 20:25 . 2010-11-10 20:25 -------- d-----w- C:\_OTM
2010-11-10 15:46 . 2010-11-15 23:52 -------- d-----w- c:\program files\Defraggler
2010-11-10 15:44 . 2010-11-15 23:44 -------- d-----w- c:\program files\CCleaner
2010-11-09 22:15 . 2008-04-14 11:42 1033728 ----a-w- c:\windows\explorer.exe
2010-11-09 00:42 . 2010-11-09 00:42 -------- d-----w- c:\documents and settings\User1\Application Data\Yahoo!
2010-11-09 00:39 . 2010-11-09 00:39 -------- d-----w- c:\documents and settings\User1\Application Data\Malwarebytes
2010-11-08 18:06 . 2010-11-08 18:06 -------- d-----w- c:\documents and settings\Kendra\Application Data\Malwarebytes
2010-11-08 17:28 . 2010-11-08 17:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-11-08 15:53 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-08 15:53 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-08 15:53 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-08 15:53 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-08 15:53 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-08 15:53 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-08 15:53 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-08 15:53 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-08 15:53 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-08 15:53 . 2010-11-08 15:53 -------- d-----w- c:\program files\Alwil Software
2010-11-08 15:53 . 2010-11-08 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-04 23:14 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-04 23:14 . 2010-11-04 23:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-04 23:14 . 2010-11-04 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-04 23:14 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-04 23:13 . 2010-11-04 23:14 -------- d-----w- c:\documents and settings\Administrator
2010-11-04 21:21 . 2010-11-18 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-11-04 21:21 . 2010-11-09 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\cEaGe02001

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 17:23 . 2007-07-27 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2007-07-27 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2007-07-27 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2007-07-27 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 08:29 . 2010-02-20 20:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2007-07-27 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2007-07-27 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2007-07-27 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2007-07-27 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2007-07-27 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2007-07-27 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-12-27 02:10 5120 ----a-w- c:\windows\system32\xpsp4res.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-11-19_00.06.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-19 13:54 . 2010-11-19 13:54 16384 c:\windows\Temp\Perflib_Perfdata_7b4.dat
+ 2010-11-10 21:37 . 2007-07-27 16:41 16760 c:\windows\system32\spmsg.dll
+ 2007-07-27 12:00 . 2010-11-22 16:29 71880 c:\windows\system32\perfc009.dat
- 2007-07-27 12:00 . 2010-11-10 21:54 71880 c:\windows\system32\perfc009.dat
+ 2010-11-22 16:25 . 2010-11-22 16:25 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-11-10 21:48 . 2010-11-10 21:48 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-11-22 16:27 . 2010-11-22 16:27 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-11-22 16:27 . 2010-11-22 16:27 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-11-22 16:26 . 2010-11-22 16:26 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-11-22 16:27 . 2010-11-22 16:27 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-11-22 16:26 . 2010-11-22 16:26 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-11-22 16:26 . 2010-11-22 16:26 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2006-10-19 03:47 . 2006-10-19 03:47 295936 c:\windows\system32\wmpeffects.dll
+ 2006-10-19 03:47 . 2008-06-25 00:12 295936 c:\windows\system32\wmpeffects.dll
- 2007-07-27 12:00 . 2010-11-10 21:54 429418 c:\windows\system32\perfh009.dat
+ 2007-07-27 12:00 . 2010-11-22 16:29 429418 c:\windows\system32\perfh009.dat
+ 2010-02-09 18:22 . 2010-02-09 18:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-07-25 17:17 . 2008-07-25 17:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-25 06:14 . 2010-02-25 06:14 543232 c:\windows\Installer\ff94303.msp
+ 2010-11-22 16:38 . 2010-11-22 16:38 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\6a74fbf28403feb768f2b0a323a4ac04\System.Security.ni.dll
+ 2010-11-22 16:38 . 2010-11-22 16:38 970752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8ecc7122ea648279a4af7247279b2d2b\System.Configuration.ni.dll
- 2010-11-10 21:48 . 2010-11-10 21:48 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-11-10 21:48 . 2010-11-10 21:48 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-11-22 16:26 . 2010-11-22 16:26 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-11-22 16:26 . 2010-11-22 16:26 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-11-22 16:26 . 2010-11-22 16:26 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-11-22 16:26 . 2010-11-22 16:26 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-11-22 16:27 . 2010-11-22 16:27 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-11-22 16:26 . 2010-11-22 16:26 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-11-22 16:27 . 2010-11-22 16:27 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-11-22 16:27 . 2010-11-22 16:27 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-11-22 16:27 . 2010-11-22 16:27 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-11-22 16:27 . 2010-11-22 16:27 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-11-22 16:27 . 2010-11-22 16:27 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-11-22 16:26 . 2010-11-22 16:26 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-11-10 21:48 . 2010-11-10 21:48 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-11-22 16:26 . 2010-11-22 16:26 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-11-22 16:26 . 2010-11-22 16:26 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-11-22 16:26 . 2010-11-22 16:26 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-11-22 16:27 . 2010-11-22 16:27 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-11-22 16:38 . 2010-11-22 16:38 1800704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f6c99ab69d318c8439598023a83767e3\System.Deployment.ni.dll
+ 2010-11-22 16:37 . 2010-11-22 16:37 1620480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\8b9ad7b7128a8101b1158a2e1acbeb63\Microsoft.Build.Tasks.ni.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-11-22 16:27 . 2010-11-22 16:27 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-11-22 16:28 . 2010-11-22 16:28 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-11-10 21:48 . 2010-11-10 21:48 5238784 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-11-22 16:25 . 2010-11-22 16:25 5238784 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-11-22 16:27 . 2010-11-22 16:27 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-11-22 16:27 . 2010-11-22 16:27 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-11-10 21:49 . 2010-11-10 21:49 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-11-22 16:33 . 2010-11-22 16:33 12428800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\418f50cb29904548eabc0e4f6e788516\System.Windows.Forms.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/8/2010 9:53 AM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/8/2010 9:53 AM 17744]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [12/15/2008 3:59 PM 92550]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-22 10:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1020)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-11-22 10:43:50
ComboFix-quarantined-files.txt 2010-11-22 16:43
ComboFix2.txt 2010-11-19 00:39

Pre-Run: 20,377,980,928 bytes free
Post-Run: 20,377,387,008 bytes free

- - End Of File - - 35659183637166C3AB1A6ECC314F8B16