Directdr Search engine redirect

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Want a New HP LaserJet MFP? Trade in your old printer and receive $1,000 in savings!
Trade in your old printer and receive up to $1,000 in saving on a new HP LaserJet Multifunction Printer. Click here for savings!

BleepingComputer.com > Security > Virus, Trojan, Spyware, and Malware Removal Logs

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

DO NOT RUN ComboFix unless requested to.

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

3 Pages

< 1 2 3 >

Directdr Search engine redirect, Need help with removal

Options

Jalene View Member Profile	Jan 16 2010, 05:37 PM Post #16
Member Group: Members Posts: 35 Joined: 6-January 10 Member No.: 430,357	Hi Myrti, I am running combofix now. I informed the owner that their financial information was compromised the day I got their computer. I know they reported this to their financial institutions at that time. Thank you for the information regarding long term security. Is the trojan on this machine called atapi.sys? If so, I found this ... http://www.bleepingcomputer.com/forums/topic279883.html I don't have a XP sp3 cd though I will post the logs when combofix finishes. Thank you

myrti View Member Profile	Jan 16 2010, 05:55 PM Post #17
bleepin' _temp_ Group: Malware Response Instructor Posts: 14,923 Joined: 25-January 08 From: At home Member No.: 186,120	Hi, I suspect the infection to be present yes. ComboFix should target it, as should a couple of different programs. You also, very probably, have a sane copy backed up on your system which we could use to restore the file, if all else fails. regards myrti -------------------- Help request via PM will be ignored, unless I am already helping you. Please use the forums! If I have helped you please consider to to help me continue the malware fight! Thank you!

Jalene View Member Profile	Jan 16 2010, 06:16 PM Post #18
Member Group: Members Posts: 35 Joined: 6-January 10 Member No.: 430,357	Here is the log... ComboFix 10-01-16.02 - ELZINGA'S 01/16/2010 17:35:34.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.165 [GMT -5:00] Running from: c:\documents and settings\ELZINGA'S\Desktop\ComboFix.exe AV: Norton AntiVirus On-access scanning disabled (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\NPROTECT c:\windows\EventSystem.log c:\windows\system32\15724.exe c:\windows\system32\18467.exe c:\windows\system32\19169.exe c:\windows\system32\26500.exe c:\windows\system32\6334.exe Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected Restored copy from - Kitty ate it . ((((((((((((((((((((((((( Files Created from 2009-12-16 to 2010-01-16 ))))))))))))))))))))))))))))))) . 2010-01-16 18:15 . 2010-01-16 18:15 77312 ----a-w- C:\mbr.exe 2010-01-08 18:24 . 2010-01-08 18:24 -------- d-----w- c:\program files\ESET 2010-01-08 14:41 . 2010-01-08 14:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-01-08 10:07 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-08 10:07 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-07 17:12 . 2010-01-07 17:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2010-01-07 17:04 . 2010-01-07 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-01-07 17:03 . 2010-01-07 17:04 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-01-07 17:03 . 2010-01-07 17:03 -------- d-----w- c:\documents and settings\ELZINGA'S\Application Data\SUPERAntiSpyware.com 2010-01-07 17:01 . 2010-01-07 17:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-01-07 10:02 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-01-07 09:49 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-01-07 02:25 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-01-07 02:17 . 2010-01-07 02:17 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} 2010-01-07 02:16 . 2010-01-07 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-01-06 21:16 . 2010-01-06 21:16 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-01-06 21:16 . 2005-02-01 23:18 17992 ----a-w- c:\windows\system32\bcm42rly.sys 2010-01-06 21:16 . 2003-10-13 20:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll 2010-01-06 21:16 . 2003-09-26 03:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys 2010-01-06 21:16 . 2005-01-19 16:01 1396831 ----a-w- c:\windows\system32\AegisE5.dll 2010-01-06 21:16 . 2003-11-21 03:03 651264 ----a-w- c:\windows\system32\libeay32.dll 2010-01-06 21:16 . 2003-11-21 03:03 147456 ----a-w- c:\windows\system32\ssleay32.dll 2010-01-06 21:16 . 2010-01-06 21:16 -------- d-----w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor 2010-01-04 11:27 . 2008-10-24 03:44 282624 ----a-r- c:\windows\system32\HPZc3212.dll 2010-01-03 22:01 . 2010-01-03 22:01 -------- d-----w- c:\documents and settings\ELZINGA'S\Application Data\Malwarebytes 2010-01-03 22:00 . 2010-01-03 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-03 22:00 . 2010-01-08 10:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-03 18:14 . 2010-01-03 18:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-01-02 22:04 . 2010-01-02 22:04 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-01-01 21:46 . 2010-01-01 21:46 70497 ----a-w- c:\program files\zebra.zip 2010-01-01 17:53 . 2010-01-01 17:53 178030 ----a-w- c:\program files\fancypens.zip 2009-12-31 18:17 . 2009-12-31 18:29 243098 ----a-w- c:\program files\popstar_autograph.zip 2009-12-31 15:35 . 2009-12-31 15:35 175717 ----a-w- c:\program files\jellyka_castles_queen.zip 2009-12-31 15:33 . 2009-12-31 15:33 652636 ----a-w- c:\program files\ginga.zip 2009-12-31 15:26 . 2009-12-31 15:26 79738 ----a-w- c:\program files\broken_ghost.zip 2009-12-31 15:25 . 2009-12-31 15:25 90604 ----a-w- c:\program files\the_maple_origins.zip 2009-12-31 15:24 . 2009-12-31 15:24 92040 ----a-w- c:\program files\_ank.zip 2009-12-31 15:24 . 2009-12-31 15:24 60328 ----a-w- c:\program files\birth_of_a_hero.zip 2009-12-31 15:21 . 2009-12-31 15:21 103638 ----a-w- c:\program files\neon_nvb.zip 2009-12-31 15:19 . 2009-12-31 15:19 86458 ----a-w- c:\program files\arista.zip 2009-12-31 15:18 . 2009-12-31 15:18 84474 ----a-w- c:\program files\alba.zip 2009-12-31 15:17 . 2009-12-31 15:17 8522 ----a-w- c:\program files\comic_andy.zip 2009-12-31 15:15 . 2009-12-31 15:15 11919 ----a-w- c:\program files\honey_i_stole_your_.zip 2009-12-31 15:07 . 2009-12-31 15:07 48152 ----a-w- c:\program files\kaileen.zip 2009-12-31 15:06 . 2009-12-31 15:06 24766 ----a-w- c:\program files\jellyka_estrya_s_handwriting.zip 2009-12-31 15:03 . 2009-12-31 15:03 103446 ----a-w- c:\program files\equestrian_by_darri.zip 2009-12-31 15:03 . 2009-12-31 15:03 21741 ----a-w- c:\program files\yeehaw.zip 2009-12-31 15:03 . 2009-12-31 15:03 74185 ----a-w- c:\program files\sakabe_animal_03.zip 2009-12-31 15:02 . 2009-12-31 15:02 51182 ----a-w- c:\program files\dj_horses_1.zip 2009-12-31 14:59 . 2009-12-31 14:59 19893 ----a-w- c:\program files\greenbeans.zip 2009-12-31 14:57 . 2009-12-31 14:57 275652 ----a-w- c:\program files\flim_flam.zip 2009-12-31 14:56 . 2009-12-31 14:56 50308 ----a-w- c:\program files\jabjai.zip 2009-12-31 14:56 . 2009-12-31 14:56 21724 ----a-w- c:\program files\action_jackson.zip 2009-12-31 14:56 . 2009-12-31 14:56 284771 ----a-w- c:\program files\green_piloww.zip 2009-12-31 14:56 . 2009-12-31 14:56 58474 ----a-w- c:\program files\cheri.zip 2009-12-31 14:53 . 2009-12-31 14:53 24399 ----a-w- c:\program files\vanilla_whale.zip 2009-12-31 14:52 . 2009-12-31 14:52 89935 ----a-w- c:\program files\bleeding_cowboys.zip 2009-12-31 14:48 . 2009-12-31 14:48 70468 ----a-w- c:\program files\Mostly_Mono.zip 2009-12-25 16:45 . 2009-12-25 16:45 -------- d-----w- c:\program files\MSXML 4.0 2009-12-25 00:17 . 2009-12-25 00:17 -------- d-----w- c:\documents and settings\ELZINGA'S\Local Settings\Application Data\HP 2009-12-24 18:52 . 2010-01-16 21:05 -------- d-----w- c:\documents and settings\ELZINGA'S\Application Data\HPAppData 2009-12-24 18:51 . 2009-12-24 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG 2009-12-24 18:14 . 2009-12-25 00:17 -------- d-----w- c:\documents and settings\ELZINGA'S\Application Data\HP 2009-12-24 18:13 . 2008-10-28 10:31 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys 2009-12-24 18:12 . 2008-10-28 10:31 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys 2009-12-24 18:12 . 2008-10-06 20:37 315392 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp083.dll 2009-12-24 18:12 . 2008-10-06 20:38 121344 ----a-w- c:\windows\system32\hpf3l083.dll 2009-12-24 18:12 . 2008-10-29 18:56 271704 ----a-r- c:\windows\system32\hpzids01.dll 2009-12-24 18:12 . 2008-10-28 10:31 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys 2009-12-24 18:11 . 2008-10-28 10:31 372736 ----a-r- c:\windows\system32\hppldcoi.dll 2009-12-24 18:11 . 2008-10-28 10:31 309760 ----a-r- c:\windows\system32\difxapi.dll 2009-12-24 18:11 . 2008-10-29 18:57 974848 ----a-r- c:\windows\system32\hpost_p02b.dll 2009-12-24 18:11 . 2008-10-29 18:57 737280 ----a-r- c:\windows\system32\hposwia_p02b.dll 2009-12-24 18:11 . 2008-10-29 18:57 307200 ----a-r- c:\windows\system32\hposc_p02a.dll 2009-12-24 18:10 . 2009-12-24 18:10 -------- d-----w- c:\documents and settings\ELZINGA'S\Application Data\Yahoo! 2009-12-24 18:03 . 2009-12-24 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant 2009-12-24 18:01 . 2009-12-24 18:01 -------- d-----w- c:\program files\Common Files\HP 2009-12-24 17:59 . 2009-12-24 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2009-12-24 17:59 . 2009-12-24 17:59 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2009-12-24 17:57 . 2010-01-07 02:25 -------- dc----w- c:\windows\system32\DRVSTORE 2009-12-24 17:57 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2009-12-24 17:57 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-12-24 17:57 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2009-12-24 17:57 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-12-24 17:53 . 2009-12-24 18:08 -------- d-----w- c:\program files\HP 2009-12-24 17:48 . 2009-12-24 18:51 164059 ----a-w- c:\windows\hpoins36.dat 2009-12-24 17:48 . 2009-06-24 09:40 652 ------w- c:\windows\hpomdl36.dat 2009-12-20 17:53 . 1994-09-21 03:00 92208 ------w- c:\windows\system32\Wing.dll 2009-12-20 17:53 . 1994-09-21 03:00 6736 ------w- c:\windows\system32\Wingdib.drv 2009-12-20 17:53 . 1994-09-21 03:00 12800 ------w- c:\windows\system32\Wing32.dll 2009-12-20 17:53 . 1994-08-24 03:00 188960 ------w- c:\windows\system32\Wingde.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-16 13:54 . 2007-09-17 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-01-07 03:10 . 2004-07-29 19:49 -------- d-----w- c:\program files\Washer 2010-01-07 02:16 . 2004-07-29 19:49 -------- d-----w- c:\program files\Lavasoft 2010-01-06 23:02 . 2005-07-22 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-01-06 21:48 . 2005-07-22 00:08 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-01-06 21:41 . 2009-09-20 16:12 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy) 2010-01-06 21:16 . 2004-07-29 19:55 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-04 11:54 . 2005-10-09 18:50 -------- d-----w- c:\program files\MyUltimateMap 2010-01-03 21:42 . 2004-07-29 21:53 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-01-03 19:48 . 2007-08-09 23:07 -------- d-----w- c:\program files\Yahoo! 2010-01-02 16:19 . 2004-07-29 22:02 43384 ----a-w- c:\documents and settings\ELZINGA'S\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-01 22:48 . 2008-05-14 20:37 -------- d-----w- c:\documents and settings\ELZINGA'S\Application Data\gtk-2.0 2009-12-20 17:53 . 2004-09-12 22:41 974 ----a-w- c:\windows\EReg077.dat 2009-12-20 01:25 . 2008-05-23 00:18 -------- d-----w- c:\documents and settings\ELZINGA'S\Application Data\Move Networks 2009-12-19 15:17 . 2004-08-20 22:44 -------- d-----w- c:\program files\Barbie™ 2009-12-09 04:53 . 2009-12-31 15:33 257960 ----a-w- c:\program files\Ginga.ttf 2009-11-28 20:21 . 2009-12-31 14:52 148896 ----a-w- c:\program files\Bleeding_Cowboys.ttf 2009-10-29 07:45 . 2004-08-24 01:32 916480 ------w- c:\windows\system32\wininet.dll 2009-10-23 10:08 . 2009-12-31 14:49 151304 ------w- c:\program files\MostlyMono.ttf 2009-10-21 05:38 . 2004-08-04 07:56 75776 ------w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2004-08-04 07:56 25088 ------w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys 2009-09-28 04:25 . 2009-12-31 18:29 57068 ----a-w- c:\program files\popstarAutograph.otf 2009-09-27 12:14 . 2009-12-31 18:29 178091 ----a-w- c:\program files\popstar.jpg 2009-09-27 11:47 . 2009-12-31 18:29 38944 ----a-w- c:\program files\popstarAutograph.ttf 2009-09-15 18:38 . 2009-12-31 18:29 381 ----a-w- c:\program files\USAGE.txt 2009-09-04 10:06 . 2009-12-31 14:49 82 ------w- c:\program files\._.DS_Store 2009-09-04 10:06 . 2009-12-31 14:49 6148 ------w- c:\program files\.DS_Store 2009-09-03 19:46 . 2010-01-01 17:53 2712 ----a-w- c:\program files\JOEBOB graphics free trial font users license.txt 2009-06-23 17:40 . 2009-12-31 15:00 34352 ----a-w- c:\program files\Greenbeans.ttf 2009-06-11 01:11 . 2009-12-31 15:06 86912 ----a-w- c:\program files\DJ_horses_1.ttf 2009-05-08 22:40 . 2009-12-31 15:21 33596 ----a-w- c:\program files\Neon.ttf 2009-04-30 00:06 . 2009-04-30 00:06 63049904 ----a-w- c:\program files\avg_free_stf_en_85_285a1462 2009-04-01 20:41 . 2009-12-31 15:17 16680 ----a-w- c:\program files\Comic_Andy.ttf 2009-02-27 19:26 . 2009-12-31 15:00 177254 ----a-w- c:\program files\Flim-Flam.gif 2009-02-27 19:07 . 2009-12-31 15:00 140576 ----a-w- c:\program files\Flim-Flam.ttf 2008-10-26 19:03 . 2010-01-01 17:53 147604 ----a-w- c:\program files\FPENSTRIAL.ttf 2008-10-26 19:03 . 2010-01-01 17:53 104352 ----a-w- c:\program files\FPENSTRIAL.otf 2008-08-02 05:15 . 2009-12-31 15:06 35636 ----a-w- c:\program files\Jellyka_Estrya_Handwriting.ttf 2008-05-17 04:29 . 2009-12-31 15:35 323352 ----a-w- c:\program files\Jellyka_Castle _s_Queen.ttf 2008-03-06 15:36 . 2009-12-31 14:59 124079 ----a-w- c:\program files\BILLY-ARGEL-GREEN-PILOWW-3.jpg 2008-03-06 14:52 . 2009-12-31 14:59 525436 ----a-w- c:\program files\GREENPIL.TTF 2007-10-10 13:46 . 2009-12-31 15:20 59720 ----a-w- c:\program files\[z] Arista light.ttf 2007-10-10 13:46 . 2009-12-31 15:20 57860 ----a-w- c:\program files\[z] Arista ExtraFilled.ttf 2007-09-24 20:59 . 2009-12-31 15:20 57612 ----a-w- c:\program files\[z] Arista.ttf 2007-09-03 20:01 . 2009-12-31 15:24 118920 ----a-w- c:\program files\BIRTH_OF_A_HERO.ttf 2007-07-20 22:28 . 2010-01-01 21:47 108244 ----a-w- c:\program files\ZEBRAIRR.TTF 2007-07-19 13:53 . 2009-12-31 15:25 118044 ----a-w- c:\program files\THE MAPLE ORIGINS.ttf 2006-12-27 02:50 . 2009-12-31 15:24 147068 ----a-w- c:\program files\ank.ttf 2006-11-18 15:40 . 2009-12-31 15:26 133344 ----a-w- c:\program files\BROKEN_GHOST.ttf 2005-06-04 01:28 . 2009-12-31 15:00 59792 ------w- c:\program files\jabjai_light.TTF 2005-06-03 21:29 . 2009-12-31 15:00 42276 ------w- c:\program files\jabjai_heavy.TTF 2005-03-12 21:21 . 2009-12-31 14:59 9152 ----a-w- c:\program files\CHERI___.TTF 2005-03-12 21:21 . 2009-12-31 14:59 15844 ----a-w- c:\program files\CHERL___.TTF 2004-09-19 05:31 . 2009-12-31 15:18 35724 ----a-w- c:\program files\ALBAS___.TTF 2004-09-19 05:31 . 2009-12-31 15:18 24548 ----a-w- c:\program files\ALBAM___.TTF 2004-09-19 05:31 . 2009-12-31 15:18 25232 ----a-w- c:\program files\ALBA____.TTF 2004-05-04 04:17 . 2009-12-31 15:08 78356 ----a-w- c:\program files\kaileenw.ttf 2004-02-22 22:44 . 2009-12-31 14:53 46780 ----a-w- c:\program files\VANILLA.TTF 2001-10-25 19:11 . 2009-12-31 15:00 34944 ----a-w- c:\program files\actionj.ttf 2001-10-08 15:35 . 2009-12-31 15:04 115328 ------w- c:\program files\Sakabe-Animal03.ttf 1999-07-14 22:18 . 2009-12-31 15:04 188500 ----a-w- c:\program files\Equestrian by Darrian.ttf 1998-11-26 04:39 . 2009-12-31 15:15 14388 ----a-w- c:\program files\HONEY.TTF 1998-10-28 20:38 . 2009-12-31 15:04 32012 ----a-w- c:\program files\YEEHAW.TTF . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-17 68856] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-08-06 26112] "WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2001-10-06 24576] "Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830] "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738] "MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-07-17 143360] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2002-07-17 90112] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-13 54472] c:\documents and settings\ELZINGA'S\Start Menu\Programs\Startup\ Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-26 385024] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral] 2004-07-29 22:53 319488 ----a-w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc] 2004-07-29 22:53 868352 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility] 2004-07-29 22:53 65536 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/6/2010 9:25 PM 64288] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1007020.00B\SymEFA.sys [9/13/2009 7:27 PM 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1007020.00B\BHDrvx86.sys [9/13/2009 7:27 PM 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1007020.00B\cchpx86.sys [9/13/2009 7:26 PM 482432] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\IDSXpx86.sys [1/16/2010 1:45 PM 329592] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/3/2010 12:53 PM 102448] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408] S3 dati1pdx;dati1pdx;\??\c:\docume~1\ELZING~1\LOCALS~1\Temp\dati1pdx.sys --> c:\docume~1\ELZING~1\LOCALS~1\Temp\dati1pdx.sys [?] S3 dvolsnap;dvolsnap;\??\c:\docume~1\ELZING~1\LOCALS~1\Temp\dvolsnap.sys --> c:\docume~1\ELZING~1\LOCALS~1\Temp\dvolsnap.sys [?] S3 grio8drv;grio8drv;\??\c:\docume~1\ELZING~1\LOCALS~1\Temp\grio8drv.sys --> c:\docume~1\ELZING~1\LOCALS~1\Temp\grio8drv.sys [?] S3 husbd;husbd;\??\c:\docume~1\ELZING~1\LOCALS~1\Temp\husbd.sys --> c:\docume~1\ELZING~1\LOCALS~1\Temp\husbd.sys [?] S3 iacpiec;iacpiec;\??\c:\docume~1\ELZING~1\LOCALS~1\Temp\iacpiec.sys --> c:\docume~1\ELZING~1\LOCALS~1\Temp\iacpiec.sys [?] S3 iAimFP8;iAimFP8;c:\windows\system32\drivers\wADV11NT.sys [8/4/2004 12:29 AM 11935] S3 jrdpdr;jrdpdr;\??\c:\docume~1\ELZING~1\LOCALS~1\Temp\jrdpdr.sys --> c:\docume~1\ELZING~1\LOCALS~1\Temp\jrdpdr.sys [?] S3 lmup;lmup;\??\c:\docume~1\ELZING~1\LOCALS~1\Temp\lmup.sys --> c:\docume~1\ELZING~1\LOCALS~1\Temp\lmup.sys [?] S3 onwlnknb;onwlnknb;\??\c:\docume~1\ELZING~1\LOCALS~1\Temp\onwlnknb.sys --> c:\docume~1\ELZING~1\LOCALS~1\Temp\onwlnknb.sys [?] S3 ssymtdi;ssymtdi;\??\c:\docume~1\ELZING~1\LOCALS~1\Temp\ssymtdi.sys --> c:\docume~1\ELZING~1\LOCALS~1\Temp\ssymtdi.sys [?] S3 ximapi;ximapi;\??\c:\docume~1\ELZING~1\LOCALS~1\Temp\ximapi.sys --> c:\docume~1\ELZING~1\LOCALS~1\Temp\ximapi.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 02:23] 2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 02:23] 2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 02:23] 2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 02:23] 2010-01-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 02:23] 2010-01-16 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-17 01:59] 2010-01-16 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-29 22:38] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search - ?p=ZKman000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . - - - - ORPHANS REMOVED - - - - HKCU-RunServicesOnce-washindex - c:\program files\Washer\washidx.exe HKLM-Run-GhostStartTrayApp - c:\program files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe HKLM-Run-AcctMgr - c:\program files\Norton SystemWorks\Password Manager\AcctMgr.exe MSConfigStartUp-DriverCure - c:\program files\ParetoLogic\DriverCure\DriverCure.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-16 17:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton AntiVirus] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.7.2.11\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1757981266-1035525444-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] "??"=hex:77,2e,55,6a,99,6f,2a,02,6a,48,9c,e4,ad,62,39,3b,11,7f,54,69,38,ba,69, 1e,87,4d,4c,34,08,d9,26,ed,f3,ea,bc,ab,e7,11,ca,4a,57,5d,1e,22,28,d8,b6,da,\ "??"=hex:03,69,c5,fe,9b,5e,f6,76,4b,3f,b7,41,ff,1f,63,9c . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1072) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(444) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\AAWService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe c:\windows\System32\MsPMSPSv.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************* . Completion time: 2010-01-16 18:11:46 - machine was rebooted ComboFix-quarantined-files.txt 2010-01-16 23:11 Pre-Run: 49,167,736,832 bytes free Post-Run: 49,265,799,168 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - E3FD6BF73FACC53485E9FCF3A09349F1

myrti View Member Profile	Jan 16 2010, 06:33 PM Post #19
bleepin' _temp_ Group: Malware Response Instructor Posts: 14,923 Joined: 25-January 08 From: At home Member No.: 186,120	Hi, this looks good. How is your PC doing? There are a couple of leftovers that we need to remove, but the rootkit should be gone. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: QUOTE File:: c:\docume~1\ELZING~1\LOCALS~1\Temp\dati1pdx.sys c:\docume~1\ELZING~1\LOCALS~1\Temp\dvolsnap.sys c:\docume~1\ELZING~1\LOCALS~1\Temp\grio8drv.sys c:\docume~1\ELZING~1\LOCALS~1\Temp\husbd.sys c:\docume~1\ELZING~1\LOCALS~1\Temp\iacpiec.sys c:\docume~1\ELZING~1\LOCALS~1\Temp\jrdpdr.sys c:\docume~1\ELZING~1\LOCALS~1\Temp\lmup.sys c:\docume~1\ELZING~1\LOCALS~1\Temp\onwlnknb.sys c:\docume~1\ELZING~1\LOCALS~1\Temp\ssymtdi.sys c:\docume~1\ELZING~1\LOCALS~1\Temp\ximapi.sys Driver:: dati1pdx dvolsnap grio8drv husbd iacpiec jrdpdr lmup onwlnknb ssymtdi ximapi Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. regards myrti -------------------- Help request via PM will be ignored, unless I am already helping you. Please use the forums! If I have helped you please consider to to help me continue the malware fight! Thank you!

myrti View Member Profile	Jan 16 2010, 07:05 PM Post #21
bleepin' _temp_ Group: Malware Response Instructor Posts: 14,923 Joined: 25-January 08 From: At home Member No.: 186,120	Hi, it seems it did not work. Please drag the saved notepad document onto ComboFix as shown in the animation, this should execute ComboFix. regards myrti -------------------- Help request via PM will be ignored, unless I am already helping you. Please use the forums! If I have helped you please consider to to help me continue the malware fight! Thank you!

myrti View Member Profile	Jan 16 2010, 07:54 PM Post #23
bleepin' _temp_ Group: Malware Response Instructor Posts: 14,923 Joined: 25-January 08 From: At home Member No.: 186,120	Hi, your ComboFix log is looking clean now. Could you please reboot and check if you still get redirected? Please also provide new logs from mbr and OTL (for OTL only one file will be created this time) regards myrti -------------------- Help request via PM will be ignored, unless I am already helping you. Please use the forums! If I have helped you please consider to to help me continue the malware fight! Thank you!

Jalene View Member Profile	Jan 16 2010, 08:35 PM Post #24
Member Group: Members Posts: 35 Joined: 6-January 10 Member No.: 430,357	Hi, Sorry to be so slow, although the search I did was not redirected, this computer is very very slow, including the text appearing in the search box when I type. The hard drive is not overloaded. Hopefully this can be cleaned up. Will post logs soon Thank you

myrti View Member Profile	Jan 16 2010, 08:38 PM Post #25
bleepin' _temp_ Group: Malware Response Instructor Posts: 14,923 Joined: 25-January 08 From: At home Member No.: 186,120	Hi, please run a scan with Malwarebytes: Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2 If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy. Make sure you are connected to the Internet. Double-click on mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine. On the Scanner tab: Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen: Click on the Show Results button to see a list of any malware that was found. Make sure that *everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad. The log is automatically saved and can be viewed by clicking the Logs* tab in MBAM. Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes. Please also provide a new log from OTL (only one file will be created) regards myrti -------------------- Help request via PM will be ignored, unless I am already helping you. Please use the forums! If I have helped you please consider to to help me continue the malware fight! Thank you!

Jalene View Member Profile	Jan 16 2010, 09:48 PM Post #26
Member Group: Members Posts: 35 Joined: 6-January 10 Member No.: 430,357	Hi, I uninstalled and reinstalled Malwarebytes, uninstalled AdAware and Spybots, deleted all the old logs from the desktop and rebooted the computer. The new Malwarebytes scan came up clean. I am going to reboot one more time and see how the computer runs. Please let me know what you see in this OTL log... OTL logfile created on: 1/16/2010 9:28:18 PM - Run 2 OTL by OldTimer - Version 3.1.25.1 Folder = C:\Documents and Settings\ELZINGA'S\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 511.00 Mb Total Physical Memory \| 187.00 Mb Available Physical Memory \| 37.00% Memory free 1.00 Gb Paging File \| 1.00 Gb Available in Paging File \| 69.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 74.52 Gb Total Space \| 46.16 Gb Free Space \| 61.94% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded Drive E: \| 38.70 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HP Current User Name: ELZINGA'S Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/01/16 09:32:52 \| 00,547,328 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\ELZINGA'S\Desktop\OTL.exe PRC - [2010/01/05 07:56:02 \| 02,002,160 \| ---- \| M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2009/08/22 01:32:54 \| 00,117,640 \| R--- \| M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe PRC - [2009/05/25 08:54:12 \| 00,152,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/05/25 08:54:12 \| 00,148,888 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/05/21 22:13:36 \| 00,275,768 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe PRC - [2009/05/21 21:54:18 \| 00,116,280 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe PRC - [2009/05/21 21:46:36 \| 00,559,104 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe PRC - [2009/05/21 21:46:36 \| 00,168,960 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe PRC - [2009/05/21 18:57:00 \| 00,362,496 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe PRC - [2009/03/08 13:09:26 \| 00,638,816 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2008/04/13 19:12:19 \| 01,033,728 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/09/17 18:59:22 \| 00,068,856 \| ---- \| M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2007/05/08 16:24:20 \| 00,054,840 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe PRC - [2005/02/17 06:15:20 \| 00,081,920 \| ---- \| M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe PRC - [2002/07/17 07:45:02 \| 00,090,112 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe PRC - [2001/08/16 23:41:58 \| 00,028,738 \| ---- \| M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe PRC - [2001/08/07 18:06:54 \| 00,024,633 \| ---- \| M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe PRC - [2001/05/01 16:06:22 \| 00,053,248 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe ========== Modules (SafeList) ========== MOD - [2010/01/16 09:32:52 \| 00,547,328 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\ELZINGA'S\Desktop\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2009/08/22 01:32:54 \| 00,117,640 \| R--- \| M] (Symantec Corporation) [Auto \| Running] -- C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe -- (Norton AntiVirus) SRV - [2009/05/25 08:54:12 \| 00,152,984 \| ---- \| M] (Sun Microsystems, Inc.) [Auto \| Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009/05/21 22:13:36 \| 00,248,832 \| ---- \| M] (Hewlett-Packard Co.) [On_Demand \| Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08) SRV - [2009/05/21 22:03:06 \| 00,133,120 \| ---- \| M] (Hewlett-Packard Co.) [Auto \| Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc) SRV - [2009/03/26 20:59:53 \| 00,183,280 \| ---- \| M] (Google) [Auto \| Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2008/12/03 20:05:42 \| 00,053,760 \| ---- \| M] (Hewlett-Packard) [Auto \| Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12) SRV - [2008/12/03 20:05:32 \| 00,044,544 \| ---- \| M] (Hewlett-Packard) [Auto \| Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12) SRV - [2004/07/15 01:49:26 \| 00,032,768 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state) SRV - [2001/05/01 16:06:22 \| 00,053,248 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service) ========== Driver Services (SafeList) ========== DRV - [2010/01/06 16:16:33 \| 00,017,801 \| ---- \| M] (Meetinghouse Data Communications) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x) DRV - [2010/01/05 07:56:06 \| 00,007,408 \| R--- \| M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel \| On_Demand \| Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2010/01/05 07:56:04 \| 00,009,968 \| ---- \| M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel \| System \| Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2010/01/05 07:56:02 \| 00,074,480 \| ---- \| M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel \| System \| Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2009/10/28 17:37:22 \| 00,329,592 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\IDSXpx86.sys -- (IDSxpx86) DRV - [2009/09/13 19:27:16 \| 00,124,976 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009/09/13 19:26:35 \| 00,482,432 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\ccHPx86.sys -- (ccHP) DRV - [2009/09/13 03:00:00 \| 01,323,568 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100116.021\NAVEX15.SYS -- (NAVEX15) DRV - [2009/09/13 03:00:00 \| 00,371,248 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009/09/13 03:00:00 \| 00,102,448 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009/09/13 03:00:00 \| 00,084,912 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100116.021\NAVENG.SYS -- (NAVENG) DRV - [2009/08/22 01:32:55 \| 00,310,320 \| ---- \| M] (Symantec Corporation) [File_System \| Boot \| Running] -- C:\WINDOWS\system32\drivers\NAV\1007020.00B\SYMEFA.SYS -- (SymEFA) DRV - [2009/08/22 01:32:55 \| 00,308,272 \| ---- \| M] (Symantec Corporation) [File_System \| System \| Running] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SRTSP.SYS -- (SRTSP) DRV - [2009/08/22 01:32:55 \| 00,259,632 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\BHDrvx86.sys -- (BHDrvx86) DRV - [2009/08/22 01:32:55 \| 00,217,136 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMTDI.SYS -- (SYMTDI) DRV - [2009/08/22 01:32:55 \| 00,089,904 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMFW.SYS -- (SYMFW) DRV - [2009/08/22 01:32:55 \| 00,043,696 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\NAV\1007020.00B\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2009/08/22 01:32:55 \| 00,036,400 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMNDIS.SYS -- (SYMNDIS) DRV - [2009/08/22 01:32:55 \| 00,033,072 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMIDS.SYS -- (SYMIDS) DRV - [2009/08/22 01:32:45 \| 00,036,400 \| R--- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP) DRV - [2009/08/22 01:32:45 \| 00,036,400 \| R--- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM) DRV - [2008/10/28 05:31:52 \| 00,049,920 \| R--- \| M] (HP) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412) DRV - [2008/10/28 05:31:52 \| 00,021,568 \| R--- \| M] (HP) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12) DRV - [2008/10/28 05:31:52 \| 00,016,496 \| R--- \| M] (HP) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12) DRV - [2008/04/13 13:56:49 \| 00,012,800 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2008/04/13 13:45:29 \| 00,010,624 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2007/11/13 05:25:53 \| 00,020,480 \| ---- \| M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2006/11/02 16:57:04 \| 00,036,624 \| ---- \| M] (Sonic Solutions) [Kernel \| Boot \| Running] -- C:\WINDOWS\system32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2006/08/28 21:48:26 \| 00,002,560 \| ---- \| M] (Sonic Solutions) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k) DRV - [2006/08/28 21:48:26 \| 00,002,432 \| ---- \| M] (Sonic Solutions) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV - [2006/01/18 13:41:58 \| 00,080,512 \| R--- \| M] (Realtek Semiconductor Corporation ) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2004/08/06 15:16:08 \| 00,008,552 \| ---- \| M] (Windows ® 2000 DDK provider) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM) DRV - [2004/08/04 00:31:32 \| 00,020,992 \| ---- \| M] (Realtek Semiconductor Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C) DRV - [2004/07/29 17:53:33 \| 00,260,224 \| ---- \| M] (Roxio) [File_System \| System \| Running] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp) DRV - [2004/07/29 17:53:33 \| 00,213,120 \| ---- \| M] (Roxio) [File_System \| System \| Running] -- C:\WINDOWS\system32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp) DRV - [2004/07/29 17:53:33 \| 00,118,409 \| ---- \| M] (Roxio) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\pwd_2K.sys -- (pwd_2k) DRV - [2004/07/29 17:53:33 \| 00,022,777 \| ---- \| M] (Roxio) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\Mmc_2k.sys -- (mmc_2K) DRV - [2004/07/29 17:53:33 \| 00,021,993 \| ---- \| M] (Roxio) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\Dvd_2k.sys -- (dvd_2K) DRV - [2003/05/28 17:53:46 \| 00,017,005 \| ---- \| M] (Adaptec) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32) DRV - [2003/03/31 13:29:00 \| 00,625,537 \| ---- \| M] (LT) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5) DRV - [2003/03/31 07:00:00 \| 00,017,792 \| ---- \| M] (Parallel Technologies, Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2002/07/23 09:01:38 \| 00,161,020 \| ---- \| M] (Intel® Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x) DRV - [2002/07/23 09:01:34 \| 00,011,935 \| ---- \| M] (Intel® Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wADV11NT.sys -- (iAimFP8) DRV - [2002/07/23 09:01:32 \| 00,011,871 \| ---- \| M] (Intel® Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7) DRV - [2002/07/23 09:01:32 \| 00,011,807 \| ---- \| M] (Intel® Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5) DRV - [2002/07/23 09:01:32 \| 00,011,295 \| ---- \| M] (Intel® Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6) DRV - [2002/07/23 09:01:30 \| 00,012,127 \| ---- \| M] (Intel® Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1) DRV - [2002/07/23 09:01:30 \| 00,011,775 \| ---- \| M] (Intel® Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2) DRV - [2002/07/23 09:01:28 \| 00,019,455 \| ---- \| M] (Intel® Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4) DRV - [2002/07/23 09:01:28 \| 00,012,415 \| ---- \| M] (Intel® Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0) DRV - [2002/07/23 09:01:28 \| 00,012,063 \| ---- \| M] (Intel® Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3) DRV - [2002/07/23 09:01:26 \| 00,025,471 \| ---- \| M] (Intel® Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5) DRV - [2002/07/23 09:01:26 \| 00,022,271 \| ---- \| M] (Intel® Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6) DRV - [2002/07/23 09:01:24 \| 00,033,599 \| ---- \| M] (Intel® Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3) DRV - [2002/07/23 09:01:22 \| 00,029,311 \| ---- \| M] (Intel® Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0) DRV - [2002/07/23 09:01:22 \| 00,019,551 \| ---- \| M] (Intel® Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1) DRV - [2002/07/23 09:01:20 \| 00,023,615 \| ---- \| M] (Intel® Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4) DRV - [2001/08/17 09:00:04 \| 00,002,944 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2001/08/17 07:20:04 \| 00,096,256 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/24 13:09:41 \| 00,000,000 \| ---D \| M] O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation) O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation) O4 - HKLM..\Run: [MoneyStartUp10.0] C:\Program Files\Microsoft Money\System\Activation.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1233358764046 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8197.5300115741 (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O24 - Desktop BackupWallPaper: C:\Documents and Settings\ELZINGA'S\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/07/29 14:07:24 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005/06/01 02:09:00 \| 00,000,051 \| R--- \| M] () - E:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk ) - File not found O35 - comfile [open] -- "%1" % O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/01/16 21:08:40 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/01/16 21:08:35 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/01/16 21:08:34 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/01/16 21:07:42 \| 05,115,824 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\ELZINGA'S\Desktop\mbam-setup.exe [2010/01/16 20:04:08 \| 00,000,000 \| -HSD \| C] -- C:\RECYCLER [2010/01/16 17:27:59 \| 00,000,000 \| RHSD \| C] -- C:\cmdcons [2010/01/16 17:24:11 \| 00,031,232 \| ---- \| C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/01/16 17:24:10 \| 00,212,480 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/01/16 17:24:10 \| 00,161,792 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/01/16 17:24:10 \| 00,136,704 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/01/16 17:23:45 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2010/01/16 17:22:46 \| 00,000,000 \| ---D \| C] -- C:\Qoobox [2010/01/16 09:32:45 \| 00,547,328 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\ELZINGA'S\Desktop\OTL.exe [2010/01/09 13:23:53 \| 00,472,064 \| ---- \| C] ( ) -- C:\Documents and Settings\ELZINGA'S\Desktop\RootRepeal.exe [2010/01/08 13:24:03 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ESET [2010/01/07 19:36:08 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\ELZINGA'S\My Documents\My Downloads [2010/01/07 12:04:53 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2010/01/07 12:03:50 \| 00,000,000 \| ---D \| C] -- C:\Program Files\SUPERAntiSpyware [2010/01/07 12:03:49 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\ELZINGA'S\Application Data\SUPERAntiSpyware.com [2010/01/07 12:01:14 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Wise Installation Wizard [2010/01/07 11:58:03 \| 00,050,688 \| ---- \| C] (Atribune.org) -- C:\Documents and Settings\ELZINGA'S\Desktop\ATF-Cleaner.exe [2010/01/07 05:02:28 \| 00,471,552 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2010/01/06 21:16:02 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2010/01/06 16:16:33 \| 00,017,801 \| ---- \| C] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\drivers\AegisP.sys [2010/01/06 16:16:28 \| 00,017,992 \| ---- \| C] (Broadcom Corporation) -- C:\WINDOWS\System32\bcm42rly.sys [2010/01/06 16:16:28 \| 00,015,872 \| ---- \| C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\GTNDIS5.sys [2010/01/06 16:16:24 \| 01,396,831 \| ---- \| C] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\AegisE5.dll [2010/01/06 16:16:09 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor [2010/01/04 06:27:53 \| 00,282,624 \| R--- \| C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPZc3212.dll [2010/01/03 17:01:08 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\ELZINGA'S\Application Data\Malwarebytes [2010/01/03 17:00:41 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/12/25 11:45:06 \| 00,000,000 \| ---D \| C] -- C:\Program Files\MSXML 4.0 [2009/12/24 19:17:43 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\ELZINGA'S\Local Settings\Application Data\HP [2009/12/24 13:52:48 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\ELZINGA'S\Application Data\HPAppData [2009/12/24 13:51:58 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\WEBREG [2009/12/24 13:14:44 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\ELZINGA'S\Application Data\HP [2009/12/24 13:13:07 \| 00,016,496 \| R--- \| C] (HP) -- C:\WINDOWS\System32\drivers\HPZipr12.sys [2009/12/24 13:12:58 \| 00,049,920 \| R--- \| C] (HP) -- C:\WINDOWS\System32\drivers\HPZid412.sys [2009/12/24 13:12:33 \| 00,121,344 \| ---- \| C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpf3l083.dll [2009/12/24 13:12:30 \| 00,271,704 \| R--- \| C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll [2009/12/24 13:12:08 \| 00,021,568 \| R--- \| C] (HP) -- C:\WINDOWS\System32\drivers\HPZius12.sys [2009/12/24 13:11:27 \| 00,372,736 \| R--- \| C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll [2009/12/24 13:11:27 \| 00,309,760 \| R--- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll [2009/12/24 13:11:26 \| 00,974,848 \| R--- \| C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpost_p02b.dll [2009/12/24 13:11:26 \| 00,737,280 \| R--- \| C] (Hewlett-Packard) -- C:\WINDOWS\System32\hposwia_p02b.dll [2009/12/24 13:11:26 \| 00,307,200 \| R--- \| C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hposc_p02a.dll [2009/12/24 13:10:30 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\ELZINGA'S\Application Data\Yahoo! [2009/12/24 13:03:59 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant [2009/12/24 13:01:28 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\HP [2009/12/24 12:59:57 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\HP [2009/12/24 12:59:34 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Hewlett-Packard [2009/12/24 12:57:54 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\System32\DRVSTORE [2009/12/24 12:57:17 \| 00,015,104 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys [2009/12/24 12:57:02 \| 00,032,128 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys [2009/12/24 12:56:21 \| 00,000,000 \| ---D \| C] -- C:\Config.Msi [2009/12/24 12:53:19 \| 00,000,000 \| ---D \| C] -- C:\Program Files\HP [2009/12/20 12:53:17 \| 00,188,960 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\Wingde.dll [2009/12/20 12:53:17 \| 00,092,208 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\Wing.dll [2009/12/20 12:53:17 \| 00,012,800 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\Wing32.dll [2009/12/20 12:53:17 \| 00,006,736 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\Wingdib.drv [2009/12/20 12:53:17 \| 00,005,024 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\Wingpal.wnd [2009/07/22 13:46:12 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2009/05/30 18:25:40 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2009/04/29 20:05:52 \| 00,000,000 \| --SD \| M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2009/04/29 20:05:52 \| 00,000,000 \| --SD \| M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2009/04/29 19:06:18 \| 63,049,904 \| ---- \| C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_85_285a1462 [2008/11/08 08:47:24 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2008/11/08 08:47:23 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2005/09/04 11:43:17 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec [6 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ] [4 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/01/16 21:25:00 \| 00,000,472 \| ---- \| M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/01/16 21:25:00 \| 00,000,472 \| ---- \| M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010/01/16 21:08:44 \| 00,000,702 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/01/16 21:07:42 \| 05,115,824 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Documents and Settings\ELZINGA'S\Desktop\mbam-setup.exe [2010/01/16 21:03:05 \| 00,000,414 \| ---- \| M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job [2010/01/16 21:02:25 \| 00,000,868 \| ---- \| M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010/01/16 21:02:06 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2010/01/16 21:01:57 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2010/01/16 21:01:55 \| 53,537,9968 \| -HS- \| M] () -- C:\hiberfil.sys [2010/01/16 21:00:47 \| 00,000,178 \| -HS- \| M] () -- C:\Documents and Settings\ELZINGA'S\ntuser.ini [2010/01/16 21:00:45 \| 06,029,312 \| ---- \| M] () -- C:\Documents and Settings\ELZINGA'S\ntuser.dat [2010/01/16 21:00:15 \| 00,000,684 \| ---- \| M] () -- C:\WINDOWS\win.ini [2010/01/16 21:00:15 \| 00,000,281 \| RHS- \| M] () -- C:\boot.ini [2010/01/16 21:00:15 \| 00,000,243 \| ---- \| M] () -- C:\WINDOWS\system.ini [2010/01/16 20:49:48 \| 00,000,124 \| ---- \| M] () -- C:\Documents and Settings\ELZINGA'S\Desktop\When should I re-format How should I reinstall Security - dslreports.com.url [2010/01/16 20:46:07 \| 00,000,472 \| ---- \| M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010/01/16 20:46:07 \| 00,000,472 \| ---- \| M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010/01/16 20:46:06 \| 00,000,472 \| ---- \| M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010/01/16 20:42:12 \| 00,013,646 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2010/01/16 19:25:32 \| 00,000,027 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/01/16 17:18:00 \| 03,827,053 \| R--- \| M] () -- C:\Documents and Settings\ELZINGA'S\Desktop\ComboFix.exe [2010/01/16 15:25:54 \| 00,000,211 \| ---- \| M] () -- C:\Boot.bak [2010/01/16 13:15:21 \| 00,077,312 \| ---- \| M] () -- C:\mbr.exe [2010/01/16 11:01:13 \| 00,293,376 \| ---- \| M] () -- C:\Documents and Settings\ELZINGA'S\Desktop\dytijb3q.exe [2010/01/16 09:32:52 \| 00,547,328 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\ELZINGA'S\Desktop\OTL.exe [2010/01/09 13:32:48 \| 00,000,000 \| ---- \| M] () -- C:\Documents and Settings\ELZINGA'S\Desktop\settings.dat [2010/01/09 13:23:57 \| 00,472,064 \| ---- \| M] ( ) -- C:\Documents and Settings\ELZINGA'S\Desktop\RootRepeal.exe [2010/01/09 13:17:25 \| 00,524,288 \| ---- \| M] () -- C:\Documents and Settings\ELZINGA'S\Desktop\dds.scr [2010/01/07 16:07:14 \| 00,038,224 \| ---- \| M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/01/07 16:07:04 \| 00,019,160 \| ---- \| M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/01/07 12:04:19 \| 00,000,786 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010/01/07 12:00:18 \| 07,520,288 \| ---- \| M] () -- C:\Documents and Settings\ELZINGA'S\Desktop\SUPERAntiSpyware.exe [2010/01/07 11:58:04 \| 00,050,688 \| ---- \| M] (Atribune.org) -- C:\Documents and Settings\ELZINGA'S\Desktop\ATF-Cleaner.exe [2010/01/07 05:30:33 \| 00,000,189 \| ---- \| M] () -- C:\Documents and Settings\ELZINGA'S\Desktop\ATT.NET - Email, News, Sports, Entertainment and Games.url [2010/01/06 18:00:05 \| 00,001,048 \| R--- \| M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100106-180005.backup [2010/01/06 18:00:03 \| 00,001,291 \| R--- \| M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100106-180003.backup [2010/01/06 18:00:03 \| 00,001,257 \| R--- \| M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100106-180004.backup [2010/01/06 16:16:33 \| 00,017,801 \| ---- \| M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\drivers\AegisP.sys [2010/01/06 16:02:03 \| 00,001,383 \| ---- \| M] () -- C:\WINDOWS\System32\WLAN.INI [2010/01/06 12:53:51 \| 05,866,902 \| -H-- \| M] () -- C:\Documents and Settings\ELZINGA'S\Local Settings\Application Data\IconCache.db [2010/01/03 13:10:41 \| 00,380,350 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2010/01/03 13:10:41 \| 00,052,764 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2010/01/03 13:10:40 \| 00,439,552 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/01/02 11:19:41 \| 00,043,384 \| ---- \| M] () -- C:\Documents and Settings\ELZINGA'S\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/01/02 09:58:05 \| 00,163,528 \| ---- \| M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/01/01 17:48:55 \| 00,736,123 \| ---- \| M] () -- C:\Documents and Settings\ELZINGA'S\.recently-used.xbel [2010/01/01 16:46:50 \| 00,070,497 \| ---- \| M] () -- C:\Program Files\zebra.zip [2010/01/01 12:53:12 \| 00,178,030 \| ---- \| M] () -- C:\Program Files\fancypens.zip [2009/12/31 13:29:16 \| 00,243,098 \| ---- \| M] () -- C:\Program Files\popstar_autograph.zip [2009/12/31 10:35:10 \| 00,175,717 \| ---- \| M] () -- C:\Program Files\jellyka_castles_queen.zip [2009/12/31 10:33:14 \| 00,652,636 \| ---- \| M] () -- C:\Program Files\ginga.zip [2009/12/31 10:26:48 \| 00,079,738 \| ---- \| M] () -- C:\Program Files\broken_ghost.zip [2009/12/31 10:25:19 \| 00,090,604 \| ---- \| M] () -- C:\Program Files\the_maple_origins.zip [2009/12/31 10:24:47 \| 00,092,040 \| ---- \| M] () -- C:\Program Files\_ank.zip [2009/12/31 10:24:08 \| 00,060,328 \| ---- \| M] () -- C:\Program Files\birth_of_a_hero.zip [2009/12/31 10:21:19 \| 00,103,638 \| ---- \| M] () -- C:\Program Files\neon_nvb.zip [2009/12/31 10:19:58 \| 00,086,458 \| ---- \| M] () -- C:\Program Files\arista.zip [2009/12/31 10:18:31 \| 00,084,474 \| ---- \| M] () -- C:\Program Files\alba.zip [2009/12/31 10:17:04 \| 00,008,522 \| ---- \| M] () -- C:\Program Files\comic_andy.zip [2009/12/31 10:15:14 \| 00,011,919 \| ---- \| M] () -- C:\Program Files\honey_i_stole_your_.zip [2009/12/31 10:07:58 \| 00,048,152 \| ---- \| M] () -- C:\Program Files\kaileen.zip [2009/12/31 10:06:28 \| 00,024,766 \| ---- \| M] () -- C:\Program Files\jellyka_estrya_s_handwriting.zip [2009/12/31 10:03:42 \| 00,103,446 \| ---- \| M] () -- C:\Program Files\equestrian_by_darri.zip [2009/12/31 10:03:22 \| 00,021,741 \| ---- \| M] () -- C:\Program Files\yeehaw.zip [2009/12/31 10:03:15 \| 00,074,185 \| ---- \| M] () -- C:\Program Files\sakabe_animal_03.zip [2009/12/31 10:02:55 \| 00,051,182 \| ---- \| M] () -- C:\Program Files\dj_horses_1.zip [2009/12/31 09:59:10 \| 00,019,893 \| ---- \| M] () -- C:\Program Files\greenbeans.zip [2009/12/31 09:57:11 \| 00,275,652 \| ---- \| M] () -- C:\Program Files\flim_flam.zip [2009/12/31 09:56:55 \| 00,050,308 \| ---- \| M] () -- C:\Program Files\jabjai.zip [2009/12/31 09:56:31 \| 00,021,724 \| ---- \| M] () -- C:\Program Files\action_jackson.zip [2009/12/31 09:56:22 \| 00,284,771 \| ---- \| M] () -- C:\Program Files\green_piloww.zip [2009/12/31 09:56:14 \| 00,058,474 \| ---- \| M] () -- C:\Program Files\cheri.zip [2009/12/31 09:53:23 \| 00,024,399 \| ---- \| M] () -- C:\Program Files\vanilla_whale.zip [2009/12/31 09:52:09 \| 00,089,935 \| ---- \| M] () -- C:\Program Files\bleeding_cowboys.zip [2009/12/31 09:48:55 \| 00,070,468 \| ---- \| M] () -- C:\Program Files\Mostly_Mono.zip [2009/12/24 13:51:45 \| 00,164,059 \| ---- \| M] () -- C:\WINDOWS\hpoins36.dat [2009/12/24 13:04:47 \| 00,000,892 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk [2009/12/24 13:03:46 \| 00,001,024 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk [2009/12/24 13:02:21 \| 00,001,814 \| ---- \| M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2009/12/24 13:01:04 \| 00,001,991 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Photo Gallery.lnk [2009/12/21 23:09:36 \| 00,035,328 \| ---- \| M] () -- C:\Documents and Settings\ELZINGA'S\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/12/20 12:53:40 \| 00,000,974 \| ---- \| M] () -- C:\WINDOWS\EReg077.dat [2009/12/20 12:53:25 \| 00,000,249 \| ---- \| M] () -- C:\WINDOWS\TLCAPPS.INI [2009/12/20 11:57:10 \| 00,017,920 \| ---- \| M] () -- C:\Documents and Settings\ELZINGA'S\My Documents\July.wps [2009/12/20 11:47:36 \| 00,152,064 \| ---- \| M] () -- C:\Documents and Settings\ELZINGA'S\My Documents\January.wps [2009/12/19 10:22:05 \| 00,000,305 \| ---- \| M] () -- C:\WINDOWS\ka.ini [6 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ] [4 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ] ========== Files Created - No Company Name ========== [2010/01/16 21:08:44 \| 00,000,702 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/01/16 20:49:48 \| 00,000,124 \| ---- \| C] () -- C:\Documents and Settings\ELZINGA'S\Desktop\When should I re-format How should I reinstall Security - dslreports.com.url [2010/01/16 17:28:09 \| 00,000,211 \| ---- \| C] () -- C:\Boot.bak [2010/01/16 17:28:02 \| 00,260,272 \| ---- \| C] () -- C:\cmldr [2010/01/16 17:24:11 \| 00,261,632 \| ---- \| C] () -- C:\WINDOWS\PEV.exe [2010/01/16 17:24:11 \| 00,077,312 \| ---- \| C] () -- C:\WINDOWS\MBR.exe [2010/01/16 17:24:10 \| 00,098,816 \| ---- \| C] () -- C:\WINDOWS\sed.exe [2010/01/16 17:24:10 \| 00,080,412 \| ---- \| C] () -- C:\WINDOWS\grep.exe [2010/01/16 17:24:10 \| 00,068,096 \| ---- \| C] () -- C:\WINDOWS\zip.exe [2010/01/16 17:17:51 \| 03,827,053 \| R--- \| C] () -- C:\Documents and Settings\ELZINGA'S\Desktop\ComboFix.exe [2010/01/16 13:15:20 \| 00,077,312 \| ---- \| C] () -- C:\mbr.exe [2010/01/16 11:18:58 \| 53,537,9968 \| -HS- \| C] () -- C:\hiberfil.sys [2010/01/16 11:01:10 \| 00,293,376 \| ---- \| C] () -- C:\Documents and Settings\ELZINGA'S\Desktop\dytijb3q.exe [2010/01/16 09:16:57 \| 00,000,472 \| ---- \| C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/01/09 13:32:48 \| 00,000,000 \| ---- \| C] () -- C:\Documents and Settings\ELZINGA'S\Desktop\settings.dat [2010/01/09 13:13:52 \| 00,524,288 \| ---- \| C] () -- C:\Documents and Settings\ELZINGA'S\Desktop\dds.scr [2010/01/07 12:04:19 \| 00,000,786 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010/01/07 12:00:17 \| 07,520,288 \| ---- \| C] () -- C:\Documents and Settings\ELZINGA'S\Desktop\SUPERAntiSpyware.exe [2010/01/06 21:27:15 \| 00,000,472 \| ---- \| C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010/01/06 21:27:15 \| 00,000,472 \| ---- \| C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010/01/06 21:27:15 \| 00,000,472 \| ---- \| C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010/01/06 21:27:15 \| 00,000,472 \| ---- \| C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010/01/06 16:16:28 \| 00,094,208 \| ---- \| C] () -- C:\WINDOWS\System32\GTW32N50.dll [2010/01/06 16:16:28 \| 00,007,423 \| ---- \| C] () -- C:\WINDOWS\System32\WUSB54GSv2.cat [2010/01/06 16:16:28 \| 00,007,419 \| ---- \| C] () -- C:\WINDOWS\System32\WUSB54GS.cat [2010/01/06 16:16:27 \| 00,031,930 \| ---- \| C] () -- C:\WINDOWS\System32\GTNDIS3.VXD [2010/01/06 16:16:24 \| 00,651,264 \| ---- \| C] () -- C:\WINDOWS\System32\libeay32.dll [2010/01/06 16:16:24 \| 00,147,456 \| ---- \| C] () -- C:\WINDOWS\System32\ssleay32.dll [2010/01/06 09:44:48 \| 00,000,189 \| ---- \| C] () -- C:\Documents and Settings\ELZINGA'S\Desktop\ATT.NET - Email, News, Sports, Entertainment and Games.url [2010/01/03 13:06:37 \| 00,001,383 \| ---- \| C] () -- C:\WINDOWS\System32\WLAN.INI [2010/01/01 17:48:54 \| 00,736,123 \| ---- \| C] () -- C:\Documents and Settings\ELZINGA'S\.recently-used.xbel [2010/01/01 16:47:39 \| 00,108,244 \| ---- \| C] () -- C:\Program Files\ZEBRAIRR.TTF [2010/01/01 16:46:49 \| 00,070,497 \| ---- \| C] () -- C:\Program Files\zebra.zip [2010/01/01 12:53:30 \| 00,147,604 \| ---- \| C] () -- C:\Program Files\FPENSTRIAL.ttf [2010/01/01 12:53:30 \| 00,002,712 \| ---- \| C] () -- C:\Program Files\JOEBOB graphics free trial font users license.txt [2010/01/01 12:53:29 \| 00,104,352 \| ---- \| C] () -- C:\Program Files\FPENSTRIAL.otf [2010/01/01 12:53:10 \| 00,178,030 \| ---- \| C] () -- C:\Program Files\fancypens.zip [2009/12/31 13:29:38 \| 00,000,381 \| ---- \| C] () -- C:\Program Files\USAGE.txt [2009/12/31 13:29:37 \| 00,057,068 \| ---- \| C] () -- C:\Program Files\popstarAutograph.otf [2009/12/31 13:29:37 \| 00,038,944 \| ---- \| C] () -- C:\Program Files\popstarAutograph.ttf [2009/12/31 13:29:36 \| 00,178,091 \| ---- \| C] () -- C:\Program Files\popstar.jpg [2009/12/31 13:17:38 \| 00,243,098 \| ---- \| C] () -- C:\Program Files\popstar_autograph.zip [2009/12/31 10:35:21 \| 00,323,352 \| ---- \| C] () -- C:\Program Files\Jellyka_Castle _s_Queen.ttf [2009/12/31 10:35:09 \| 00,175,717 \| ---- \| C] () -- C:\Program Files\jellyka_castles_queen.zip [2009/12/31 10:33:27 \| 00,257,960 \| ---- \| C] () -- C:\Program Files\Ginga.ttf [2009/12/31 10:33:01 \| 00,652,636 \| ---- \| C] () -- C:\Program Files\ginga.zip [2009/12/31 10:26:59 \| 00,133,344 \| ---- \| C] () -- C:\Program Files\BROKEN_GHOST.ttf [2009/12/31 10:26:48 \| 00,079,738 \| ---- \| C] () -- C:\Program Files\broken_ghost.zip [2009/12/31 10:25:31 \| 00,118,044 \| ---- \| C] () -- C:\Program Files\THE MAPLE ORIGINS.ttf [2009/12/31 10:25:19 \| 00,090,604 \| ---- \| C] () -- C:\Program Files\the_maple_origins.zip [2009/12/31 10:24:58 \| 00,147,068 \| ---- \| C] () -- C:\Program Files\ank.ttf [2009/12/31 10:24:47 \| 00,092,040 \| ---- \| C] () -- C:\Program Files\_ank.zip [2009/12/31 10:24:22 \| 00,118,920 \| ---- \| C] () -- C:\Program Files\BIRTH_OF_A_HERO.ttf [2009/12/31 10:24:08 \| 00,060,328 \| ---- \| C] () -- C:\Program Files\birth_of_a_hero.zip [2009/12/31 10:21:34 \| 00,033,596 \| ---- \| C] () -- C:\Program Files\Neon.ttf [2009/12/31 10:21:18 \| 00,103,638 \| ---- \| C] () -- C:\Program Files\neon_nvb.zip [2009/12/31 10:20:12 \| 00,059,720 \| ---- \| C] () -- C:\Program Files\[z] Arista light.ttf [2009/12/31 10:20:12 \| 00,057,860 \| ---- \| C] () -- C:\Program Files\[z] Arista ExtraFilled.ttf [2009/12/31 10:20:12 \| 00,057,612 \| ---- \| C] () -- C:\Program Files\[z] Arista.ttf [2009/12/31 10:19:58 \| 00,086,458 \| ---- \| C] () -- C:\Program Files\arista.zip [2009/12/31 10:18:48 \| 00,035,724 \| ---- \| C] () -- C:\Program Files\ALBAS___.TTF [2009/12/31 10:18:48 \| 00,024,548 \| ---- \| C] () -- C:\Program Files\ALBAM___.TTF [2009/12/31 10:18:47 \| 00,025,232 \| ---- \| C] () -- C:\Program Files\ALBA____.TTF [2009/12/31 10:18:31 \| 00,084,474 \| ---- \| C] () -- C:\Program Files\alba.zip [2009/12/31 10:17:24 \| 00,016,680 \| ---- \| C] () -- C:\Program Files\Comic_Andy.ttf [2009/12/31 10:17:04 \| 00,008,522 \| ---- \| C] () -- C:\Program Files\comic_andy.zip [2009/12/31 10:15:28 \| 00,014,388 \| ---- \| C] () -- C:\Program Files\HONEY.TTF [2009/12/31 10:15:14 \| 00,011,919 \| ---- \| C] () -- C:\Program Files\honey_i_stole_your_.zip [2009/12/31 10:08:10 \| 00,078,356 \| ---- \| C] () -- C:\Program Files\kaileenw.ttf [2009/12/31 10:07:58 \| 00,048,152 \| ---- \| C] () -- C:\Program Files\kaileen.zip [2009/12/31 10:06:59 \| 00,035,636 \| ---- \| C] () -- C:\Program Files\Jellyka_Estrya_Handwriting.ttf [2009/12/31 10:06:44 \| 00,086,912 \| ---- \| C] () -- C:\Program Files\DJ_horses_1.ttf [2009/12/31 10:06:28 \| 00,024,766 \| ---- \| C] () -- C:\Program Files\jellyka_estrya_s_handwriting.zip [2009/12/31 10:04:40 \| 00,115,328 \| ---- \| C] () -- C:\Program Files\Sakabe-Animal03.ttf [2009/12/31 10:04:28 \| 00,188,500 \| ---- \| C] () -- C:\Program Files\Equestrian by Darrian.ttf [2009/12/31 10:04:05 \| 00,032,012 \| ---- \| C] () -- C:\Program Files\YEEHAW.TTF [2009/12/31 10:03:42 \| 00,103,446 \| ---- \| C] () -- C:\Program Files\equestrian_by_darri.zip [2009/12/31 10:03:21 \| 00,021,741 \| ---- \| C] () -- C:\Program Files\yeehaw.zip [2009/12/31 10:03:15 \| 00,074,185 \| ---- \| C] () -- C:\Program Files\sakabe_animal_03.zip [2009/12/31 10:02:54 \| 00,051,182 \| ---- \| C] () -- C:\Program Files\dj_horses_1.zip [2009/12/31 10:00:39 \| 00,034,352 \| ---- \| C] () -- C:\Program Files\Greenbeans.ttf [2009/12/31 10:00:26 \| 00,177,254 \| ---- \| C] () -- C:\Program Files\Flim-Flam.gif [2009/12/31 10:00:26 \| 00,140,576 \| ---- \| C] () -- C:\Program Files\Flim-Flam.ttf [2009/12/31 10:00:14 \| 00,059,792 \| ---- \| C] () -- C:\Program Files\jabjai_light.TTF [2009/12/31 10:00:14 \| 00,042,276 \| ---- \| C] () -- C:\Program Files\jabjai_heavy.TTF [2009/12/31 10:00:04 \| 00,034,944 \| ---- \| C] () -- C:\Program Files\actionj.ttf [2009/12/31 09:59:47 \| 00,525,436 \| ---- \| C] () -- C:\Program Files\GREENPIL.TTF [2009/12/31 09:59:46 \| 00,124,079 \| ---- \| C] () -- C:\Program Files\BILLY-ARGEL-GREEN-PILOWW-3.jpg [2009/12/31 09:59:26 \| 00,015,844 \| ---- \| C] () -- C:\Program Files\CHERL___.TTF [2009/12/31 09:59:26 \| 00,009,152 \| ---- \| C] () -- C:\Program Files\CHERI___.TTF [2009/12/31 09:59:10 \| 00,019,893 \| ---- \| C] () -- C:\Program Files\greenbeans.zip [2009/12/31 09:57:08 \| 00,275,652 \| ---- \| C] () -- C:\Program Files\flim_flam.zip [2009/12/31 09:56:55 \| 00,050,308 \| ---- \| C] () -- C:\Program Files\jabjai.zip [2009/12/31 09:56:31 \| 00,021,724 \| ---- \| C] () -- C:\Program Files\action_jackson.zip [2009/12/31 09:56:18 \| 00,284,771 \| ---- \| C] () -- C:\Program Files\green_piloww.zip [2009/12/31 09:56:14 \| 00,058,474 \| ---- \| C] () -- C:\Program Files\cheri.zip [2009/12/31 09:53:37 \| 00,046,780 \| ---- \| C] () -- C:\Program Files\VANILLA.TTF [2009/12/31 09:53:23 \| 00,024,399 \| ---- \| C] () -- C:\Program Files\vanilla_whale.zip [2009/12/31 09:52:24 \| 00,148,896 \| ---- \| C] () -- C:\Program Files\Bleeding_Cowboys.ttf [2009/12/31 09:52:09 \| 00,089,935 \| ---- \| C] () -- C:\Program Files\bleeding_cowboys.zip [2009/12/31 09:49:12 \| 00,151,304 \| ---- \| C] () -- C:\Program Files\MostlyMono.ttf [2009/12/31 09:49:11 \| 00,006,148 \| ---- \| C] () -- C:\Program Files\.DS_Store [2009/12/31 09:49:11 \| 00,000,082 \| ---- \| C] () -- C:\Program Files\._.DS_Store [2009/12/31 09:48:55 \| 00,070,468 \| ---- \| C] () -- C:\Program Files\Mostly_Mono.zip [2009/12/24 13:04:47 \| 00,000,892 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk [2009/12/24 13:03:46 \| 00,001,024 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk [2009/12/24 13:02:21 \| 00,001,814 \| ---- \| C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2009/12/24 13:01:04 \| 00,001,991 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Photo Gallery.lnk [2009/12/24 12:48:24 \| 00,001,143 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2009/12/24 12:48:22 \| 00,164,059 \| ---- \| C] () -- C:\WINDOWS\hpoins36.dat [2009/12/24 12:48:22 \| 00,000,652 \| ---- \| C] () -- C:\WINDOWS\hpomdl36.dat [2009/12/20 11:52:33 \| 00,017,920 \| ---- \| C] () -- C:\Documents and Settings\ELZINGA'S\My Documents\July.wps [2009/12/20 11:47:36 \| 00,152,064 \| ---- \| C] () -- C:\Documents and Settings\ELZINGA'S\My Documents\January.wps [2009/10/09 20:13:01 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\MSDraw.ini [2009/03/14 13:44:28 \| 00,000,272 \| ---- \| C] () -- C:\WINDOWS\_delis32.ini [2008/07/16 09:51:46 \| 00,000,043 \| ---- \| C] () -- C:\WINDOWS\spookydisplay.ini [2007/08/11 08:42:06 \| 00,000,002 \| ---- \| C] () -- C:\WINDOWS\msoffice.ini [2007/01/09 12:12:13 \| 00,000,039 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2007/01/09 12:07:25 \| 00,043,520 \| ---- \| C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2006/12/14 07:07:09 \| 00,258,048 \| ---- \| C] () -- C:\WINDOWS\System32\shpshftr.dll [2006/12/14 07:06:46 \| 00,028,672 \| ---- \| C] () -- C:\WINDOWS\System32\igfxdgps.dll [2006/12/14 07:06:44 \| 00,012,351 \| ---- \| C] () -- C:\WINDOWS\System32\i81xcoin.dll [2006/09/25 00:20:50 \| 00,000,899 \| ---- \| C] () -- C:\WINDOWS\MYSTERY.INI [2006/09/24 23:54:10 \| 00,000,157 \| ---- \| C] () -- C:\WINDOWS\XmasSlot.ini [2006/09/24 23:43:58 \| 00,000,200 \| ---- \| C] () -- C:\WINDOWS\WBKENO.INI [2006/09/02 22:34:50 \| 00,000,125 \| ---- \| C] () -- C:\WINDOWS\disney.ini [2006/09/02 22:34:32 \| 00,000,170 \| ---- \| C] () -- C:\WINDOWS\disneysy.ini [2006/06/20 20:48:38 \| 00,035,328 \| ---- \| C] () -- C:\Documents and Settings\ELZINGA'S\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/06/19 21:53:55 \| 00,000,754 \| ---- \| C] () -- C:\WINDOWS\WORDPAD.INI [2006/06/19 20:37:36 \| 00,000,404 \| ---- \| C] () -- C:\WINDOWS\2XStars.ini [2006/06/19 20:36:36 \| 00,000,436 \| ---- \| C] () -- C:\WINDOWS\Win95dll.ini [2006/06/16 18:28:00 \| 00,000,340 \| ---- \| C] () -- C:\WINDOWS\mswgidll.ini [2006/06/15 20:49:35 \| 00,000,027 \| ---- \| C] () -- C:\WINDOWS\Arcade.ini [2006/06/15 20:39:19 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\Totrecal.INI [2006/06/15 20:14:14 \| 00,000,892 \| ---- \| C] () -- C:\WINDOWS\8BALL.INI [2006/06/14 22:23:03 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\Solcon.INI [2006/06/14 17:54:00 \| 00,001,168 \| ---- \| C] () -- C:\WINDOWS\msvxdll.ini [2006/06/14 16:23:03 \| 00,000,027 \| ---- \| C] () -- C:\WINDOWS\Botz.ini [2006/06/14 16:19:44 \| 00,000,371 \| ---- \| C] () -- C:\WINDOWS\cncscore.ini [2006/06/14 16:19:04 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\Gamchest.INI [2006/06/14 16:17:00 \| 00,000,099 \| ---- \| C] () -- C:\WINDOWS\Ultisoft.ini [2006/06/14 16:17:00 \| 00,000,009 \| ---- \| C] () -- C:\WINDOWS\Collida.ini [2006/06/14 16:17:00 \| 00,000,009 \| ---- \| C] () -- C:\WINDOWS\Brick.ini [2005/08/26 10:23:59 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\bbcauto.INI [2005/05/29 08:18:57 \| 00,000,035 \| ---- \| C] () -- C:\WINDOWS\LAAnimal.ini [2005/03/22 19:44:32 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\iPlayer.INI [2004/12/27 07:04:25 \| 00,000,050 \| ---- \| C] () -- C:\WINDOWS\upst.ini [2004/11/05 17:02:35 \| 00,000,382 \| ---- \| C] () -- C:\WINDOWS\QTW.INI [2004/09/26 07:32:54 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\SETUP32.INI [2004/09/26 07:32:28 \| 00,000,085 \| ---- \| C] () -- C:\WINDOWS\encore_launcher.ini [2004/09/12 16:56:24 \| 00,000,249 \| ---- \| C] () -- C:\WINDOWS\TLCAPPS.INI [2004/09/06 15:18:01 \| 00,000,298 \| ---- \| C] () -- C:\WINDOWS\Chutes.ini [2004/08/28 10:20:32 \| 00,002,326 \| ---- \| C] () -- C:\WINDOWS\hegames.ini [2004/08/23 19:51:07 \| 00,001,408 \| ---- \| C] () -- C:\WINDOWS\wmuncher.ini [2004/08/20 17:53:27 \| 00,000,305 \| ---- \| C] () -- C:\WINDOWS\ka.ini [2004/08/20 11:50:48 \| 00,056,832 \| ---- \| C] () -- C:\WINDOWS\System32\Iyvu9_32.dll [2004/08/20 11:47:15 \| 00,010,240 \| ---- \| C] () -- C:\WINDOWS\System32\vidx16.dll [2004/08/06 15:42:25 \| 00,000,027 \| ---- \| C] () -- C:\WINDOWS\upth.ini [2004/08/06 15:42:25 \| 00,000,024 \| ---- \| C] () -- C:\WINDOWS\atid.ini [2004/07/29 14:40:38 \| 00,363,520 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll < End of report > This post has been edited by Jalene: Jan 16 2010, 09:48 PM

Jalene View Member Profile	Jan 16 2010, 09:53 PM Post #27
Member Group: Members Posts: 35 Joined: 6-January 10 Member No.: 430,357	PS. Do you think I should run defragment or reg repair on the computer or did Combofix do all that too? Also, is the windows system restore clean so that if someone were to back the computer up to an earlier date that the virus etc cannot be restored?

myrti View Member Profile	Jan 16 2010, 10:06 PM Post #28
bleepin' _temp_ Group: Malware Response Instructor Posts: 14,923 Joined: 25-January 08 From: At home Member No.: 186,120	Hi, ComboFix does not defragment your disk, it removes a couple of obsolete startup entries, but does not, in a general way, do a registry cleaning. I don't personally recommend the use of ANY registry cleaners. Here is an excerpt from a discussion on regcleaners QUOTE Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference If it doesn't work properly you may end up with an expensive doorstop. http://miekiemoes.blogspot.com/2008/02/reg...weaking_13.html http://forums.whatthetech.com/Regcleaner_t42862.html System restore does still contain the infected files and if someone were to restore to a time where the infection was active, this would probably reactivate it. However I ask that you do not disable and reenable system restore now, as an infected system restore point is more helpful than no system restore point in case something go wrong. Once we uninstall ComboFix this will automatically clean system restore. The OTL log looks clean. Just to be safe I would like you to run the following online scan: Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the button. Accept any security warnings from your browser. Check Push the Start button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Push the button. Push regards myrti -------------------- Help request via PM will be ignored, unless I am already helping you. Please use the forums! If I have helped you please consider to to help me continue the malware fight! Thank you!

Jalene View Member Profile	Jan 16 2010, 11:02 PM Post #29
Member Group: Members Posts: 35 Joined: 6-January 10 Member No.: 430,357	Hi Myrti, Eset is running, I will post the log in the morning. Thank you for all of your help so far, Jalene

Jalene View Member Profile	Jan 17 2010, 09:12 AM Post #30
Member Group: Members Posts: 35 Joined: 6-January 10 Member No.: 430,357	Good morning Myrti, ESET came up clean. But, when I got up there was a Norton pop-up on the screen that said a reboot was required to complete removal of something that happened during the night. I finished ESET and allowed Norton to reboot, then went to Norton's history. There was one red flag, medium severity, Unauthorized access logged (Access Process Data) at 3am. I'm not quite sure why a reboot was required for a medium severity object. Please advise. I am not completely sure I trust this computer for security yet, due to all that was found. Are there other scans I should do to confirm all traces of this mess are gone? Details of the Norton history are: Actor c:\windows\system32\mrt.exe Target: C:\Program Files\Norton Antivirus\Engine\16.7.2.11\ccSvcHst.exe Target PID: 556 Action: Access Precess Data Reaction: Unauthorized access logged Recommended Action: No Action Required

« Next Oldest · Virus, Trojan, Spyware, and Malware Removal Logs · Next Newest »

3 Pages

< 1 2 3 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 6th September 2010 - 03:37 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides