Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Downloader-NewJuan/VM, Adware.Vundo Variant Infection! Please help!


  • This topic is locked This topic is locked
14 replies to this topic

#1 prepulemel

prepulemel

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 28 March 2009 - 12:30 AM

Over the last week, I have been getting pop-up after pop-up of shady anti-virus/anti-malware ads. At first, I thought they were just random bugs trying to get into my computer, so I would run Malwarebytes and SUPERAntiSpyware to check out what was trying to take over my computer. Imagine my surprise when I found that I had quite a few viruses and bugs roaming around on my computer. I successfully (or so I thought) wiped out some of the things with Malwarebytes, but when I would go to quarantine the bugs on my SUPERAntiSpyware, it would get a few seconds into wiping out the viruses, only to restart my computer completely.

Here's what came up on the SUPERAntiSpyware log, I wrote them down so that I could remember them:
Adware.Tracking Cookie
Adware.Vundo Variant
Rogue.Component/Trace
Trogan.Agent/Gen-MST123
Trojan.Downloader-NewJuan/VM

My apologies if I wrote the names down incorrectly. Anywho, every time the SUPERAntiSpyware gets close to the NewJuan component, it completely shuts down. It does this when I am scanning in BOTH normal and safe modes.

I have been trying to figure out what is wrong with my computer, but have not had any luck getting rid of these Vundo and NewJuan trojans. Every time something seems to disappear, it returns once again. So, could you please help me? I would hate to see my computer out of commission. =[


DDS (Ver_09-03-16.01) - NTFSx86
Run by Melinda at 23:11:24.71 on Fri 03/27/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.124 [GMT -4:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated)
FW: Windows Live OneCare Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aim toolbar\aimtbServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Melinda\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {b1e09d67-c3c5-c009-1544-5ed21934e732}: {237e4391-2de5-4451-900c-5c3c76d90e1b} - c:\windows\system32\dsczoq.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - No File
BHO: {cd22ad4f-bfa2-41e6-b1a2-a308805b10f2} - c:\windows\system32\hetuyevo.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [LaunchApp] Alaunch
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\bak\qttask.exe" -atboottime
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe"
mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe"
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [gigirejidi] Rundll32.exe "c:\windows\system32\pasugusa.dll",s
mRun: [5c3ec175] rundll32.exe "c:\windows\system32\jeruvote.dll",b
mRun: [CPM5f0df2e9] Rundll32.exe "c:\windows\system32\rogahefa.dll",a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerwl~1.lnk - c:\program files\acer wlan 11g usb dongle\ZDWlan.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://c:\program files\agatha christie\images\stg_drm.ocx
DPF: {15B782AF-55D8-11D1-B477-006097098764} - file://c:\program files\ph train & assess it\plugin\cab\awswaxf.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\family feud hollywood\images\armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: text/html - {0db92df0-74b6-48ec-bc91-2a2ba9b3e412} - c:\windows\system32\mst123.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\windows\system32\powanere.dll c:\windows\system32\pahekuve.dll dsczoq.dll c:\windows\system32\rogahefa.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Notification Packages = scecli c:\windows\system32\powanere.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-13 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-13 55024]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2008-9-8 99248]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2009-3-22 24936]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-18 1251720]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-29 24652]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-13 7408]
S1 DMusicc;DMusicc;c:\windows\system32\drivers\dmusicc.sys --> c:\windows\system32\drivers\DMusicc.sys [?]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-03-27 13:41 3,291,687 ---sh--- c:\windows\system32\enipojev.ini
2009-03-26 19:12 3,292,128 ---sh--- c:\windows\system32\etovurej.ini
2009-03-26 04:12 3,291,653 ---sh--- c:\windows\system32\ezofeluf.ini
2009-03-26 04:11 128,000 a--sh--- c:\windows\system32\dsczoq.dll
2009-03-26 02:36 <DIR> --d----- C:\VundoFix Backups
2009-03-26 01:51 18,836 a------- c:\windows\system32\OEMINFO.PNF
2009-03-26 01:28 91,328 a------- c:\windows\system32\drivers\msfwdrv.sys
2009-03-26 01:28 116,416 a------- c:\windows\system32\drivers\msfwhlpr.sys
2009-03-26 01:26 53,168 a------- c:\windows\system32\drivers\MpFilter.sys
2009-03-26 01:26 <DIR> --d----- c:\windows\system32\bits
2009-03-26 01:26 7,168 -c------ c:\windows\system32\dllcache\bitsprx4.dll
2009-03-26 01:26 7,168 -------- c:\windows\system32\bitsprx4.dll
2009-03-26 01:22 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-03-25 16:11 129,536 a--sh--- c:\windows\system32\miyqlr.dll
2009-03-23 11:47 45,966 a------- c:\windows\system32\mld
2009-03-15 05:51 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-03-11 22:05 <DIR> --d----- c:\program files\common files\Software Update Utility
2009-03-11 22:05 <DIR> --d----- c:\program files\AIM Toolbar
2009-03-11 22:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AIM Toolbar
2009-03-11 22:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2009-03-11 22:04 <DIR> --d----- c:\program files\common files\AOL
2009-03-11 22:03 <DIR> --d----- c:\program files\AIM6
2009-03-11 16:52 1 a------- c:\windows\system32\tb.dr
2009-03-11 16:52 1 a------- c:\windows\system32\cookie1.dat
2009-03-11 16:31 1 a------- c:\windows\system32\bb1.dat
2009-03-11 16:29 45,966 a------- c:\windows\system32\wh
2009-03-03 10:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BigFishGamesCache

==================== Find3M ====================

2009-03-27 13:41 94,208 a--sh--- c:\windows\system32\rogahefa.dll
2009-03-27 13:41 89,600 a--sh--- c:\windows\system32\vejopine.dll
2009-03-27 13:41 61,440 a--sh--- c:\windows\system32\hikebaga.exe
2009-03-26 19:12 95,232 a--sh--- c:\windows\system32\kenahapu.dll
2009-03-26 19:12 61,440 a--sh--- c:\windows\system32\vedofumu.exe
2009-03-26 19:12 90,112 -------- c:\windows\system32\jeruvote.dll
2009-03-26 04:11 128,000 a--sh--- c:\windows\system32\puwotawo.dll
2009-03-26 04:11 94,720 a--sh--- c:\windows\system32\peheliba.dll
2009-03-25 16:11 129,536 a--sh--- c:\windows\system32\mavasoze.dll
2009-03-25 16:11 94,720 a--sh--- c:\windows\system32\vufeguja.dll
2009-03-25 04:11 129,024 a--sh--- c:\windows\system32\wepozara.dll
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
0000-00-00 00:00 57,344 a--sh--- c:\windows\system32\powanere.dll

============= FINISH: 23:13:00.48 ===============

Other than Malwarebytes and SUPERAntiSpyware, I have Windows Live OneCare, HijackThis, VundoFix, FixVundo, and ATF-Cleaner on my computer from fighting earlier virus attacks.

Thanks!

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:52 PM

Posted 29 March 2009 - 03:29 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 prepulemel

prepulemel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 01 April 2009 - 12:49 AM

Here is the OTListIt log:

OTListIt logfile created on: 4/1/2009 1:40:00 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.8.0 Folder = C:\Documents and Settings\Melinda\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 158.74 Mb Available Physical Memory | 35.55% Memory free
1.03 Gb Paging File | 0.47 Gb Available in Paging File | 45.90% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.84 Gb Total Space | 55.32 Gb Free Space | 77.01% Space Free | Partition Type: NTFS
Drive D: | 72.31 Gb Total Space | 72.31 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-958D50011C
Current User Name: Melinda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/07/09 17:05:22 | 00,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
PRC - [2006/05/04 17:53:36 | 00,438,272 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
PRC - [2006/03/29 23:53:34 | 00,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2006/07/25 21:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2006/03/30 00:50:50 | 00,266,338 | ---- | M] () -- C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
PRC - [2006/03/30 00:50:20 | 01,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2007/03/12 21:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/05/25 05:41:53 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
PRC - [2007/05/25 05:41:37 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe
PRC - [2006/01/24 14:15:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009/03/22 10:59:34 | 00,024,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
PRC - [2008/03/12 09:54:18 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/11/10 13:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2006/03/30 00:50:52 | 00,114,784 | ---- | M] () -- C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
PRC - [2007/11/27 22:56:32 | 00,755,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
PRC - [2009/03/22 11:00:16 | 01,131,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe
PRC - [2004/08/04 01:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/03/22 10:59:56 | 00,063,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
PRC - [2005/06/06 22:40:48 | 00,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2007/03/12 21:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/11/10 13:23:40 | 00,157,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2007/04/30 04:19:53 | 00,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
PRC - [2009/03/26 19:55:46 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2006/05/11 16:00:24 | 00,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
PRC - [2005/11/16 23:25:14 | 00,745,472 | ---- | M] (X-Micro Technology Corp.) -- C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
PRC - [2008/12/19 01:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2008/10/07 15:09:18 | 00,140,584 | ---- | M] (AOL LLC.) -- c:\program files\aim toolbar\aimtbServer.exe
PRC - [2009/04/01 01:38:56 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Melinda\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/05/04 17:53:36 | 00,438,272 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer eConsole\MediaServerService.exe -- (Acer Media Server [Auto | Running])
SRV - [2006/03/29 23:53:34 | 00,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/07/25 21:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2006/03/30 00:50:50 | 00,266,338 | ---- | M] () -- C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe -- (CLCapSvc [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/03/30 00:50:52 | 00,114,784 | ---- | M] () -- C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe -- (CLSched [Auto | Running])
SRV - [2006/03/30 00:50:20 | 01,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service [Auto | Running])
SRV - [2008/07/02 08:22:02 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2004/08/04 01:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 06:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/08/03 20:56:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2006/07/25 21:03:42 | 02,119,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/03/12 21:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Running])
SRV - [2007/05/25 05:41:53 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe -- (lxddCATSCustConnectService [Auto | Running])
SRV - [2007/05/25 05:41:37 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe -- (lxdd_device [Auto | Running])
SRV - [2007/11/27 22:56:32 | 00,755,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe -- (msfwsvc [Auto | Running])
SRV - [2006/01/24 14:15:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2009/03/22 10:59:34 | 00,024,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon [Auto | Running])
SRV - [2008/07/09 17:05:22 | 00,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe -- (OneCareMP [Auto | Running])
SRV - [2006/04/14 14:04:54 | 00,087,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])
SRV - [2008/03/12 09:54:18 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2009/03/22 11:00:16 | 01,131,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe -- (winss [Auto | Running])
SRV - [2006/10/19 00:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/10 13:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum [Auto | Running])
SRV - [2008/11/10 13:23:50 | 05,117,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/10 13:23:42 | 00,243,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/02/23 17:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2005/09/22 12:34:00 | 03,727,680 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2005/03/09 18:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2006/11/15 05:00:00 | 00,387,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2005/01/13 17:46:16 | 00,069,632 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys [On_Demand | Stopped])
DRV - [2001/08/17 09:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\irsir.sys -- (irsir [On_Demand | Stopped])
DRV - [2001/08/17 16:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2008/05/15 16:15:16 | 00,053,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\MpFilter.sys -- (MpFilter [On_Demand | Running])
DRV - [2007/11/27 22:56:28 | 00,091,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\msfwdrv.sys -- (MSFWDrv [Auto | Running])
DRV - [2007/11/27 22:56:30 | 00,116,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys -- (MSFWHLPR [System | Running])
DRV - [2006/05/15 23:28:34 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
DRV - [2006/01/24 14:15:00 | 03,535,520 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2005/08/12 10:31:12 | 00,098,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
DRV - [2006/03/02 23:31:02 | 00,034,176 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2006/03/02 23:31:04 | 00,013,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2005/08/12 10:31:14 | 00,077,184 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid [Boot | Running])
DRV - [2004/08/04 01:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/02/13 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2009/03/26 19:55:46 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2008/05/13 12:44:00 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2008/05/13 12:43:56 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/06/06 22:43:04 | 00,925,192 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\system32\DRIVERS\smserial.sys -- (smserial [On_Demand | Running])
DRV - [2005/09/12 19:35:56 | 00,068,204 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\StMp3Rec.sys -- (StMp3Rec [On_Demand | Stopped])
DRV - [2006/08/18 20:27:29 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2004/12/17 20:14:44 | 00,013,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper [System | Running])
DRV - [2006/11/02 07:00:08 | 00,039,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\WinUSB.sys -- (WinUSB [On_Demand | Stopped])
DRV - [2005/10/28 14:38:18 | 00,402,432 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys -- (ZD1211BU(ZyDAS) [On_Demand | Stopped])
DRV - [2005/10/04 18:38:24 | 00,280,064 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\DRIVERS\zd1211u.sys -- (ZD1211U(ZyDAS) [On_Demand | Stopped])
DRV - [2004/10/25 16:40:58 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys -- (ZDPSp50 [On_Demand | Running])
DRV - [2008/09/12 18:32:04 | 00,040,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\zumbus.sys -- (zumbus [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-527405789-120324106-3661435863-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-527405789-120324106-3661435863-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-527405789-120324106-3661435863-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKU\S-1-5-21-527405789-120324106-3661435863-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-527405789-120324106-3661435863-1006\S-1-5-21-527405789-120324106-3661435863-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (1108 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
O1 - Hosts: 82.98.235.133 url.adtrgt.com
O1 - Hosts: 82.98.235.133 best-click-scanner.info
O1 - Hosts: 82.98.235.133 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.235.133 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.235.133 onlinenotifyq.net
O1 - Hosts: 82.98.235.133 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.browser-security-center.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {237e4391-2de5-4451-900c-5c3c76d90e1b} - C:\WINDOWS\system32\dsczoq.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {cd22ad4f-bfa2-41e6-b1a2-a308805b10f2} - C:\WINDOWS\system32\hetuyevo.dll File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-527405789-120324106-3661435863-1006\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-527405789-120324106-3661435863-1006\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-527405789-120324106-3661435863-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-527405789-120324106-3661435863-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [5c3ec175] rundll32.exe "C:\WINDOWS\system32\lehelojo.dll",b ()
O4 - HKLM..\Run: [CPM5f0df2e9] Rundll32.exe "c:\windows\system32\kozopura.dll",a ()
O4 - HKLM..\Run: [gigirejidi] Rundll32.exe "C:\WINDOWS\system32\pasugusa.dll",s File not found
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] Alaunch (Acer Inc.)
O4 - HKLM..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" ()
O4 - HKLM..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [SMSERIAL] sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" (Microsoft Corporation)
O4 - HKU\S-1-5-21-527405789-120324106-3661435863-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe (X-Micro Technology Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527405789-120324106-3661435863-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527405789-120324106-3661435863-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-527405789-120324106-3661435863-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error.
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\Agatha Christie\Images\stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} file://C:\Program Files\PH Train & Assess IT\plugin\cab\awswaxf.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\Family Feud Hollywood\Images\armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\powanere.dll) - C:\WINDOWS\system32\powanere.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\pahekuve.dll) - c:\windows\system32\pahekuve.dll File not found
O20 - AppInit_DLLs: (dsczoq.dll) - C:\WINDOWS\system32\dsczoq.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\kozopura.dll) - c:\windows\system32\kozopura.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\sejutedi.dll) - c:\windows\system32\sejutedi.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/15 23:29:06 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[2009/04/01 01:38:51 | 00,499,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Melinda\Desktop\OTListIt2.exe
[2009/03/31 12:33:02 | 01,403,738 | -HS- | C] () -- C:\WINDOWS\System32\ojolehel.ini
[2009/03/28 01:39:31 | 03,290,752 | -HS- | C] () -- C:\WINDOWS\System32\edenobod.ini
[2009/03/27 23:07:48 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Melinda\Desktop\dds.scr
[2009/03/27 13:41:22 | 03,291,687 | -HS- | C] () -- C:\WINDOWS\System32\enipojev.ini
[2009/03/26 19:49:42 | 46,824,2432 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/26 19:12:43 | 03,292,128 | -HS- | C] () -- C:\WINDOWS\System32\etovurej.ini
[2009/03/26 04:12:08 | 03,291,653 | -HS- | C] () -- C:\WINDOWS\System32\ezofeluf.ini
[2009/03/26 04:11:52 | 00,128,000 | -HS- | C] () -- C:\WINDOWS\System32\dsczoq.dll
[2009/03/26 02:36:50 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/03/26 02:31:42 | 00,096,978 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\Melinda\Desktop\VirtumundoBeGone.exe
[2009/03/26 01:51:49 | 00,018,836 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.PNF
[2009/03/26 01:33:57 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/03/26 01:28:04 | 00,091,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfwdrv.sys
[2009/03/26 01:28:02 | 00,116,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfwhlpr.sys
[2009/03/26 01:26:43 | 00,053,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MpFilter.sys
[2009/03/26 01:26:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/03/26 01:26:08 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx4.dll
[2009/03/26 01:26:08 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/03/26 01:22:57 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2009/03/26 00:16:03 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/03/25 21:25:54 | 00,173,456 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Melinda\Desktop\FixVundo.exe
[2009/03/25 21:19:23 | 00,069,512 | ---- | C] () -- C:\Documents and Settings\Melinda\My Documents\JavaRa.zip
[2009/03/25 17:34:50 | 20,098,288 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Melinda\My Documents\ie8-setup-full.exe
[2009/03/25 16:11:36 | 00,129,536 | -HS- | C] (Lextek International) -- C:\WINDOWS\System32\miyqlr.dll
[2009/03/23 11:47:43 | 00,045,966 | ---- | C] () -- C:\WINDOWS\System32\mld
[2009/03/15 05:51:34 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/03/12 00:04:25 | 25,685,128 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Melinda\My Documents\wordview_en-us.exe
[2009/03/11 22:06:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Melinda\Local Settings\Application Data\AIM Toolbar
[2009/03/11 22:06:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Melinda\Local Settings\Application Data\AOL
[2009/03/11 22:05:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2009/03/11 22:05:03 | 00,000,000 | ---D | C] -- C:\Program Files\AIM Toolbar
[2009/03/11 22:05:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2009/03/11 22:04:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/03/11 22:04:56 | 00,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
[2009/03/11 22:04:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2009/03/11 22:03:19 | 00,000,000 | ---D | C] -- C:\Program Files\AIM6
[2009/03/11 16:52:52 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\tb.dr
[2009/03/11 16:52:39 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\cookie1.dat
[2009/03/11 16:31:48 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\bb1.dat
[2009/03/11 16:29:58 | 00,045,966 | ---- | C] () -- C:\WINDOWS\System32\wh
[2009/03/03 10:00:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[2009/04/01 01:45:04 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\soyilepe
[2009/04/01 01:38:56 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Melinda\Desktop\OTListIt2.exe
[2009/03/31 12:54:43 | 01,403,738 | -HS- | M] () -- C:\WINDOWS\System32\ojolehel.ini
[2009/03/31 12:32:38 | 00,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/03/31 12:32:07 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/31 12:22:49 | 00,093,696 | -HS- | M] () -- C:\WINDOWS\System32\sejutedi.dll
[2009/03/31 12:22:49 | 00,090,112 | -HS- | M] () -- C:\WINDOWS\System32\lehelojo.dll
[2009/03/31 12:22:48 | 00,061,440 | -HS- | M] () -- C:\WINDOWS\System32\zakanilu.exe
[2009/03/31 08:17:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/31 08:17:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/31 08:17:18 | 46,824,2432 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/28 11:09:14 | 04,294,550 | -H-- | M] () -- C:\Documents and Settings\Melinda\Local Settings\Application Data\IconCache.db
[2009/03/28 02:00:52 | 03,290,752 | -HS- | M] () -- C:\WINDOWS\System32\edenobod.ini
[2009/03/28 01:39:17 | 00,093,184 | -HS- | M] () -- C:\WINDOWS\System32\kozopura.dll
[2009/03/28 01:39:16 | 00,089,600 | -HS- | M] (Simple Software Solutions, Inc.) -- C:\WINDOWS\System32\dobonede.dll
[2009/03/28 01:39:15 | 00,061,440 | -HS- | M] () -- C:\WINDOWS\System32\fusizota.exe
[2009/03/27 23:07:50 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Melinda\Desktop\dds.scr
[2009/03/27 13:47:46 | 03,292,128 | -HS- | M] () -- C:\WINDOWS\System32\etovurej.ini
[2009/03/27 13:41:39 | 03,291,687 | -HS- | M] () -- C:\WINDOWS\System32\enipojev.ini
[2009/03/27 13:41:06 | 00,061,440 | -HS- | M] () -- C:\WINDOWS\System32\hikebaga.exe
[2009/03/26 19:12:27 | 00,061,440 | -HS- | M] () -- C:\WINDOWS\System32\vedofumu.exe
[2009/03/26 19:11:21 | 03,291,653 | -HS- | M] () -- C:\WINDOWS\System32\ezofeluf.ini
[2009/03/26 04:25:44 | 00,000,556 | ---- | M] () -- C:\WINDOWS\roughdraft.INI
[2009/03/26 04:11:51 | 00,128,000 | -HS- | M] () -- C:\WINDOWS\System32\dsczoq.dll
[2009/03/26 02:31:42 | 00,096,978 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\Melinda\Desktop\VirtumundoBeGone.exe
[2009/03/26 01:51:49 | 00,018,836 | ---- | M] () -- C:\WINDOWS\System32\OEMINFO.PNF
[2009/03/26 01:26:05 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/25 21:25:55 | 00,173,456 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Melinda\Desktop\FixVundo.exe
[2009/03/25 21:19:24 | 00,069,512 | ---- | M] () -- C:\Documents and Settings\Melinda\My Documents\JavaRa.zip
[2009/03/25 17:34:52 | 20,098,288 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Melinda\My Documents\ie8-setup-full.exe
[2009/03/25 16:11:36 | 00,129,536 | -HS- | M] (Lextek International) -- C:\WINDOWS\System32\miyqlr.dll
[2009/03/25 16:11:36 | 00,129,536 | -HS- | M] (Lextek International) -- C:\WINDOWS\System32\mavasoze.dll
[2009/03/25 04:11:37 | 00,129,024 | -HS- | M] (Lextek International) -- C:\WINDOWS\System32\wepozara.dll
[2009/03/24 15:43:45 | 00,045,966 | ---- | M] () -- C:\WINDOWS\System32\mld
[2009/03/20 08:18:12 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\Melinda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/15 12:42:02 | 00,331,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/15 05:51:34 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/03/12 00:04:25 | 25,685,128 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Melinda\My Documents\wordview_en-us.exe
[2009/03/11 22:06:03 | 00,001,475 | -H-- | M] () -- C:\IPH.PH
[2009/03/11 22:04:56 | 00,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
[2009/03/11 16:52:52 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\tb.dr
[2009/03/11 16:52:46 | 00,045,966 | ---- | M] () -- C:\WINDOWS\System32\wh
[2009/03/11 16:52:39 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\cookie1.dat
[2009/03/11 16:31:48 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\bb1.dat
[2009/03/09 08:15:14 | 00,483,924 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/09 08:15:14 | 00,410,904 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/09 08:15:14 | 00,065,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
< End of report >



It also brought up an Extras log, so I'll post it too just in case:

OTListIt Extras logfile created on: 4/1/2009 1:40:00 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.8.0 Folder = C:\Documents and Settings\Melinda\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 158.74 Mb Available Physical Memory | 35.55% Memory free
1.03 Gb Paging File | 0.47 Gb Available in Paging File | 45.90% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.84 Gb Total Space | 55.32 Gb Free Space | 77.01% Space Free | Partition Type: NTFS
Drive D: | 72.31 Gb Total Space | 72.31 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-958D50011C
Current User Name: Melinda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/11/03 03:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
File not found -- C:\Program Files\Common Files\AOL\1155953627\ee\AOLServiceHost.exe:*:Enabled:AOL Services
File not found -- C:\Program Files\Lexmark 1300 Series\app4r.exe:*:Enabled:BorgListener
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/06/11 15:27:25 | 00,029,616 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2006/05/04 17:54:48 | 01,961,984 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer eConsole\eConsole.exe:LocalSubNet:Enabled:eConsole
[2006/05/04 17:53:36 | 00,438,272 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer eConsole\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server
[2006/03/30 00:50:24 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer TV-FM\PowerCinema.exe:*:Enabled:CyberLink PowerCinema
File not found -- C:\WINDOWS\system32\lxdccoms.exe:*:Enabled:Lexmark Communications System
File not found -- C:\Program Files\Lexmark 1300 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/05/25 05:41:37 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System
[2007/04/30 04:19:53 | 00,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Lexmark Device Monitor
[2007/06/11 15:27:25 | 00,029,616 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio
[2008/10/21 13:09:59 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2007/05/25 05:42:06 | 00,140,208 | ---- | M] (Copyright 2006-2007 Lexmark International, Inc. All rights reserved.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddwbgw.exe:*:Disabled:
[2007/05/25 05:42:03 | 00,082,864 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Disabled:
[2007/05/25 05:41:48 | 00,291,760 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Disabled:
[2007/05/25 05:41:50 | 00,398,256 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Disabled:
[2006/11/03 03:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader
File not found -- C:\Program Files\Common Files\AOL\1155953627\ee\AOLServiceHost.exe:*:Disabled:AOL Services
[2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Disabled:Explorer
[2006/03/29 23:53:34 | 00,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe:*:Disabled:MemCheck
[2007/06/11 15:27:23 | 00,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled:

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0CB98AC0-D691-4B21-AD3D-95982517021D}" = Acer WLAN 11g USB Dongle
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v2.5.2900.24 Idcrl Install
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{40C03514-89C3-41BA-0090-3B440256DB87}" = The Sims 2
"{5660022E-F3F2-4126-8CC5-9726C47150EB}" = Microsoft Windows Live OneCare Resources v2.5.2900.24
"{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine
"{65CDEC30-4BF4-48FB-8059-9FC480E4E94F}" = Acer eMode Management
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A6C087B-17F4-4A90-8542-85F0BFB58B16}" = SigmaTel MTPMSCN Audio Player
"{7057702F-6D71-4F30-8000-9E72BC771887}" = Acer ePerformance Management
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{85CFDC2D-710E-49D5-B799-F3743CA506BA}" = Microsoft Protection Service
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B8A6F713-D72D-47AD-A92D-B5C0E13F98C1}" = NTI HomeVideo-Maker
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D07A8E7E-D324-4945-BA8C-E532AD008FF3}" = Microsoft Windows OneCare Live v2.5.2900.24
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus
"{EC028E6B-F3F1-4192-B63E-A7C97302ED5A}" = Acer eConsole
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0CB98AC0-D691-4B21-AD3D-95982517021D}" = Acer WLAN 11g USB Dongle
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"Lexmark 2500 Series" = Lexmark 2500 Series
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OcaHistoryUpd" = OCA Client history tool install
"RoughDraft" = RoughDraft 3.0
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WinSS" = Windows Live OneCare
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-527405789-120324106-3661435863-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/26/2009 3:06:31 AM | Computer Name = ACER-958D50011C | Source = ESENT | ID = 473
Description = msfwsvc (2000) Database C:\Documents and Settings\All Users\Application
Data\Microsoft\Protection Service\mpssvc.mdb was partially detached. Error -1032
encountered updating database headers.

Error - 3/26/2009 3:21:15 AM | Computer Name = ACER-958D50011C | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 3/26/2009 3:30:40 AM | Computer Name = ACER-958D50011C | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 3/26/2009 3:44:41 PM | Computer Name = ACER-958D50011C | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 3/26/2009 4:28:02 PM | Computer Name = ACER-958D50011C | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 3/26/2009 7:50:39 PM | Computer Name = ACER-958D50011C | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 3/27/2009 1:44:23 PM | Computer Name = ACER-958D50011C | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/27/2009 1:44:23 PM | Computer Name = ACER-958D50011C | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/27/2009 10:40:01 PM | Computer Name = ACER-958D50011C | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/28/2009 10:59:03 AM | Computer Name = ACER-958D50011C | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ MSFWSVC Events ]
Error - 3/26/2009 6:27:01 PM | Computer Name = ACER-958D50011C | Source = MSFWSVC | ID = 1080
Description = OneCare Firewall failed while executing the following method: BuildAdaptersMap.
Error Code: 0x80070002, Error Message: The system cannot find the file specified.
.

Error - 3/26/2009 8:32:21 PM | Computer Name = ACER-958D50011C | Source = MSFWSVC | ID = 1080
Description = OneCare Firewall failed while executing the following method: BuildAdaptersMap.
Error Code: 0x80070002, Error Message: The system cannot find the file specified.
.

[ OSession Events ]
Error - 3/16/2007 5:48:11 PM | Computer Name = ACER-958D50011C | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 3/16/2007 7:28:58 PM | Computer Name = ACER-958D50011C | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

[ System Events ]
Error - 3/27/2009 1:45:37 PM | Computer Name = ACER-958D50011C | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/27/2009 1:45:43 PM | Computer Name = ACER-958D50011C | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/27/2009 2:24:51 PM | Computer Name = ACER-958D50011C | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/27/2009 2:24:52 PM | Computer Name = ACER-958D50011C | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/28/2009 10:41:12 AM | Computer Name = ACER-958D50011C | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Netman service.

Error - 3/31/2009 8:17:57 AM | Computer Name = ACER-958D50011C | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 3/31/2009 8:18:11 AM | Computer Name = ACER-958D50011C | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 3/31/2009 12:22:44 PM | Computer Name = ACER-958D50011C | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 3/31/2009 12:22:54 PM | Computer Name = ACER-958D50011C | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/31/2009 12:23:02 PM | Computer Name = ACER-958D50011C | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}


< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:52 PM

Posted 01 April 2009 - 10:56 AM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
    O1 - Hosts: 82.98.235.133 url.adtrgt.com
    O1 - Hosts: 82.98.235.133 best-click-scanner.info
    O1 - Hosts: 82.98.235.133 antivirus-xp-pro-2009.com
    O1 - Hosts: 82.98.235.133 microsoft.infosecuritycenter.com
    O1 - Hosts: 82.98.235.133 microsoft.softwaresecurityhelp.com
    O1 - Hosts: 82.98.235.133 onlinenotifyq.net
    O1 - Hosts: 82.98.235.133 antivirusxp-pro-2009.com
    O1 - Hosts: 82.98.235.133 microsoft.browser-security-center.com
    O2 - BHO: (no name) - {237e4391-2de5-4451-900c-5c3c76d90e1b} - C:\WINDOWS\system32\dsczoq.dll ()
    O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {cd22ad4f-bfa2-41e6-b1a2-a308805b10f2} - C:\WINDOWS\system32\hetuyevo.dll File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-527405789-120324106-3661435863-1006\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-527405789-120324106-3661435863-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-527405789-120324106-3661435863-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O4 - HKLM..\Run: [5c3ec175] rundll32.exe "C:\WINDOWS\system32\lehelojo.dll",b ()
    O4 - HKLM..\Run: [CPM5f0df2e9] Rundll32.exe "c:\windows\system32\kozopura.dll",a ()
    O4 - HKLM..\Run: [gigirejidi] Rundll32.exe "C:\WINDOWS\system32\pasugusa.dll",s File not found
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\powanere.dll) - C:\WINDOWS\system32\powanere.dll ()
    O20 - AppInit_DLLs: (c:\windows\system32\pahekuve.dll) - c:\windows\system32\pahekuve.dll File not found
    O20 - AppInit_DLLs: (dsczoq.dll) - C:\WINDOWS\system32\dsczoq.dll ()
    O20 - AppInit_DLLs: (c:\windows\system32\kozopura.dll) - c:\windows\system32\kozopura.dll ()
    O20 - AppInit_DLLs: (c:\windows\system32\sejutedi.dll) - c:\windows\system32\sejutedi.dll ()
    
    :Files
    C:\WINDOWS\System32\ojolehel.ini
    C:\WINDOWS\System32\edenobod.ini
    C:\WINDOWS\System32\enipojev.ini
    C:\WINDOWS\System32\etovurej.ini
    C:\WINDOWS\System32\ezofeluf.ini
    C:\WINDOWS\System32\dsczoq.dll
    C:\WINDOWS\System32\sejutedi.dll
    C:\WINDOWS\System32\lehelojo.dll
    C:\WINDOWS\System32\zakanilu.exe
    C:\WINDOWS\System32\edenobod.ini
    C:\WINDOWS\System32\kozopura.dll
    C:\WINDOWS\System32\fusizota.exe
    C:\WINDOWS\System32\hikebaga.exe
    C:\WINDOWS\System32\vedofumu.exe
    C:\WINDOWS\System32\dsczoq.dll
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

==================


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 prepulemel

prepulemel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 03 April 2009 - 12:34 AM

Here is the new OTListIt2 Log:

OTListIt logfile created on: 4/3/2009 1:12:14 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.8.0 Folder = C:\Documents and Settings\Melinda\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 162.35 Mb Available Physical Memory | 36.36% Memory free
1.03 Gb Paging File | 0.52 Gb Available in Paging File | 50.19% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.84 Gb Total Space | 54.92 Gb Free Space | 76.45% Space Free | Partition Type: NTFS
Drive D: | 72.31 Gb Total Space | 72.31 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-958D50011C
Current User Name: Melinda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/07/09 17:05:22 | 00,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
PRC - [2006/05/04 17:53:36 | 00,438,272 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
PRC - [2006/03/29 23:53:34 | 00,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2006/07/25 21:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2006/03/30 00:50:50 | 00,266,338 | ---- | M] () -- C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
PRC - [2006/03/30 00:50:20 | 01,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2007/03/12 21:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/05/25 05:41:53 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
PRC - [2007/05/25 05:41:37 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe
PRC - [2006/01/24 14:15:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009/03/22 10:59:34 | 00,024,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
PRC - [2008/03/12 09:54:18 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/11/10 13:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2006/03/30 00:50:52 | 00,114,784 | ---- | M] () -- C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
PRC - [2007/11/27 22:56:32 | 00,755,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
PRC - [2009/03/22 11:00:16 | 01,131,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe
PRC - [2004/08/04 01:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/03/22 10:59:56 | 00,063,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/09/22 12:42:00 | 00,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/06/06 22:40:48 | 00,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2006/12/05 19:44:40 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\bak\qttask.exe
PRC - [2007/03/12 21:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/11/10 13:23:40 | 00,157,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2007/06/11 15:27:23 | 00,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/04/30 04:19:53 | 00,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
PRC - [2009/03/26 19:55:46 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2006/05/11 16:00:24 | 00,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
PRC - [2005/11/16 23:25:14 | 00,745,472 | ---- | M] (X-Micro Technology Corp.) -- C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
PRC - [2008/12/19 01:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/10/07 15:09:18 | 00,140,584 | ---- | M] (AOL LLC.) -- c:\program files\aim toolbar\aimtbServer.exe
PRC - [2009/04/01 01:38:56 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Melinda\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/05/04 17:53:36 | 00,438,272 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer eConsole\MediaServerService.exe -- (Acer Media Server [Auto | Running])
SRV - [2006/03/29 23:53:34 | 00,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/07/25 21:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2006/03/30 00:50:50 | 00,266,338 | ---- | M] () -- C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe -- (CLCapSvc [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/03/30 00:50:52 | 00,114,784 | ---- | M] () -- C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe -- (CLSched [Auto | Running])
SRV - [2006/03/30 00:50:20 | 01,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service [Auto | Running])
SRV - [2008/07/02 08:22:02 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2004/08/04 01:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 06:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/08/03 20:56:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2006/07/25 21:03:42 | 02,119,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/03/12 21:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Running])
SRV - [2007/05/25 05:41:53 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe -- (lxddCATSCustConnectService [Auto | Running])
SRV - [2007/05/25 05:41:37 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe -- (lxdd_device [Auto | Running])
SRV - [2007/11/27 22:56:32 | 00,755,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe -- (msfwsvc [Auto | Running])
SRV - [2006/01/24 14:15:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2009/03/22 10:59:34 | 00,024,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon [Auto | Running])
SRV - [2008/07/09 17:05:22 | 00,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe -- (OneCareMP [Auto | Running])
SRV - [2006/04/14 14:04:54 | 00,087,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])
SRV - [2008/03/12 09:54:18 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2009/03/22 11:00:16 | 01,131,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe -- (winss [Auto | Running])
SRV - [2006/10/19 00:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/10 13:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum [Auto | Running])
SRV - [2008/11/10 13:23:50 | 05,117,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/10 13:23:42 | 00,243,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/02/23 17:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2005/09/22 12:34:00 | 03,727,680 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2005/03/09 18:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2006/11/15 05:00:00 | 00,387,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2005/01/13 17:46:16 | 00,069,632 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys [On_Demand | Stopped])
DRV - [2001/08/17 09:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\irsir.sys -- (irsir [On_Demand | Stopped])
DRV - [2001/08/17 16:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2008/05/15 16:15:16 | 00,053,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\MpFilter.sys -- (MpFilter [On_Demand | Running])
DRV - [2007/11/27 22:56:28 | 00,091,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\msfwdrv.sys -- (MSFWDrv [Auto | Running])
DRV - [2007/11/27 22:56:30 | 00,116,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys -- (MSFWHLPR [System | Running])
DRV - [2006/05/15 23:28:34 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
DRV - [2006/01/24 14:15:00 | 03,535,520 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2005/08/12 10:31:12 | 00,098,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
DRV - [2006/03/02 23:31:02 | 00,034,176 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2006/03/02 23:31:04 | 00,013,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2005/08/12 10:31:14 | 00,077,184 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid [Boot | Running])
DRV - [2004/08/04 01:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/02/13 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2009/03/26 19:55:46 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2008/05/13 12:44:00 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2008/05/13 12:43:56 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/06/06 22:43:04 | 00,925,192 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\system32\DRIVERS\smserial.sys -- (smserial [On_Demand | Running])
DRV - [2005/09/12 19:35:56 | 00,068,204 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\StMp3Rec.sys -- (StMp3Rec [On_Demand | Stopped])
DRV - [2006/08/18 20:27:29 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2004/12/17 20:14:44 | 00,013,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper [System | Running])
DRV - [2006/11/02 07:00:08 | 00,039,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\WinUSB.sys -- (WinUSB [On_Demand | Stopped])
DRV - [2005/10/28 14:38:18 | 00,402,432 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys -- (ZD1211BU(ZyDAS) [On_Demand | Stopped])
DRV - [2005/10/04 18:38:24 | 00,280,064 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\DRIVERS\zd1211u.sys -- (ZD1211U(ZyDAS) [On_Demand | Stopped])
DRV - [2004/10/25 16:40:58 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys -- (ZDPSp50 [On_Demand | Running])
DRV - [2008/09/12 18:32:04 | 00,040,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\zumbus.sys -- (zumbus [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-527405789-120324106-3661435863-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-527405789-120324106-3661435863-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-527405789-120324106-3661435863-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKU\S-1-5-21-527405789-120324106-3661435863-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-527405789-120324106-3661435863-1006\S-1-5-21-527405789-120324106-3661435863-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (252 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: ??????????????? browser-security.microsoft.com
O1 - Hosts: ??????????????? spyware-protector-2009.com
O1 - Hosts: ??????????????? www.spyware-protector-2009.com
O1 - Hosts: ??????????????? secure.spyware-protector-2009.com
O1 - Hosts: ??????????????? knocker
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-527405789-120324106-3661435863-1006\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] Alaunch (Acer Inc.)
O4 - HKLM..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" ()
O4 - HKLM..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [SMSERIAL] sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" (Microsoft Corporation)
O4 - HKU\S-1-5-21-527405789-120324106-3661435863-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [OTListIt] C:\Documents and Settings\Melinda\Desktop\OTListIt2.exe (OldTimer Tools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe (X-Micro Technology Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527405789-120324106-3661435863-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527405789-120324106-3661435863-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-527405789-120324106-3661435863-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error.
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\Agatha Christie\Images\stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} file://C:\Program Files\PH Train & Assess IT\plugin\cab\awswaxf.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\Family Feud Hollywood\Images\armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/15 23:29:06 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[2009/04/03 00:44:51 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/03 00:44:06 | 02,906,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Melinda\Desktop\mbam-setup.exe
[2009/04/02 22:39:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/04/01 23:02:01 | 46,824,2432 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/01 01:38:51 | 00,499,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Melinda\Desktop\OTListIt2.exe
[2009/03/27 23:07:48 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Melinda\Desktop\dds.scr
[2009/03/26 02:36:50 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/03/26 02:31:42 | 00,096,978 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\Melinda\Desktop\VirtumundoBeGone.exe
[2009/03/26 01:51:49 | 00,018,836 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.PNF
[2009/03/26 01:33:57 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/03/26 01:28:04 | 00,091,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfwdrv.sys
[2009/03/26 01:28:02 | 00,116,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfwhlpr.sys
[2009/03/26 01:26:43 | 00,053,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MpFilter.sys
[2009/03/26 01:26:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/03/26 01:26:08 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx4.dll
[2009/03/26 01:26:08 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/03/26 01:22:57 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2009/03/26 00:16:03 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/03/25 21:25:54 | 00,173,456 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Melinda\Desktop\FixVundo.exe
[2009/03/25 21:19:23 | 00,069,512 | ---- | C] () -- C:\Documents and Settings\Melinda\My Documents\JavaRa.zip
[2009/03/25 17:34:50 | 20,098,288 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Melinda\My Documents\ie8-setup-full.exe
[2009/03/23 11:47:43 | 00,045,966 | ---- | C] () -- C:\WINDOWS\System32\mld
[2009/03/15 05:51:34 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/03/12 00:04:25 | 25,685,128 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Melinda\My Documents\wordview_en-us.exe
[2009/03/11 22:06:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Melinda\Local Settings\Application Data\AIM Toolbar
[2009/03/11 22:06:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Melinda\Local Settings\Application Data\AOL
[2009/03/11 22:05:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2009/03/11 22:05:03 | 00,000,000 | ---D | C] -- C:\Program Files\AIM Toolbar
[2009/03/11 22:05:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2009/03/11 22:04:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/03/11 22:04:56 | 00,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
[2009/03/11 22:04:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2009/03/11 22:03:19 | 00,000,000 | ---D | C] -- C:\Program Files\AIM6
[2009/03/11 16:52:52 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\tb.dr
[2009/03/11 16:52:39 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\cookie1.dat
[2009/03/11 16:31:48 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\bb1.dat
[2009/03/11 16:29:58 | 00,045,966 | ---- | C] () -- C:\WINDOWS\System32\wh

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[2009/04/03 01:00:41 | 00,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/03 00:59:58 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/03 00:51:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/03 00:51:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/03 00:51:47 | 46,824,2432 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/03 00:50:43 | 04,293,746 | -H-- | M] () -- C:\Documents and Settings\Melinda\Local Settings\Application Data\IconCache.db
[2009/04/03 00:44:17 | 02,906,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Melinda\Desktop\mbam-setup.exe
[2009/04/01 23:39:31 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\soyilepe
[2009/04/01 07:13:25 | 00,000,556 | ---- | M] () -- C:\WINDOWS\roughdraft.INI
[2009/04/01 01:38:56 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Melinda\Desktop\OTListIt2.exe
[2009/03/27 23:07:50 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Melinda\Desktop\dds.scr
[2009/03/26 02:31:42 | 00,096,978 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\Melinda\Desktop\VirtumundoBeGone.exe
[2009/03/26 01:51:49 | 00,018,836 | ---- | M] () -- C:\WINDOWS\System32\OEMINFO.PNF
[2009/03/26 01:26:05 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/25 21:25:55 | 00,173,456 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Melinda\Desktop\FixVundo.exe
[2009/03/25 21:19:24 | 00,069,512 | ---- | M] () -- C:\Documents and Settings\Melinda\My Documents\JavaRa.zip
[2009/03/25 17:34:52 | 20,098,288 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Melinda\My Documents\ie8-setup-full.exe
[2009/03/24 15:43:45 | 00,045,966 | ---- | M] () -- C:\WINDOWS\System32\mld
[2009/03/20 08:18:12 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\Melinda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/15 12:42:02 | 00,331,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/15 05:51:34 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/03/12 00:04:25 | 25,685,128 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Melinda\My Documents\wordview_en-us.exe
[2009/03/11 22:06:03 | 00,001,475 | -H-- | M] () -- C:\IPH.PH
[2009/03/11 22:04:56 | 00,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
[2009/03/11 16:52:52 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\tb.dr
[2009/03/11 16:52:46 | 00,045,966 | ---- | M] () -- C:\WINDOWS\System32\wh
[2009/03/11 16:52:39 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\cookie1.dat
[2009/03/11 16:31:48 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\bb1.dat
[2009/03/09 08:15:14 | 00,483,924 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/09 08:15:14 | 00,410,904 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/09 08:15:14 | 00,065,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
< End of report >


And here is my MBAM report:

Malwarebytes' Anti-Malware 1.35
Database version: 1935
Windows 5.1.2600 Service Pack 2

4/3/2009 1:30:36 AM
mbam-log-2009-04-03 (01-30-36).txt

Scan type: Quick Scan
Objects scanned: 64703
Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\mst123.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{34cf6660-9bd3-431a-ba32-6b511d4126da} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0db92df0-74b6-48ec-bc91-2a2ba9b3e412} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcju1j0et4e (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Melinda\Application Data\NI.GSCNS (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Melinda\Application Data\NI.GSCNS\dl.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Melinda\Application Data\NI.GSCNS\settings.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bb1.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mst123.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Fonts\franšais.EXE (Worm.Archive) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.sig (Trojan.Agent) -> Quarantined and deleted successfully.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:52 PM

Posted 03 April 2009 - 02:55 PM

Download the HostsXpert 3.7 - Hosts File Manager.
  • Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 prepulemel

prepulemel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 06 April 2009 - 04:14 PM

Okay, I ran the HostsXpert thing and now my computer is acting pretty normal as compared to before. The pop-ups have diminished and Windows Live OneCare has been catching certain bugs before they get into my computer. I haven't tried SuperANTISpyware yet to see if it will let me run it without restarting the computer though. I wasn't sure if you wanted me to run it to see if it will work or not (before, when all these viruses hit, it would scan the computer and then restart itself while it was in the middle of wiping out a trojan). Other than that, the computer is working pretty fine, which is wonderful. I thought it was a goner for sure!

Thank you for all your help so far. I really, really, really appreciate it!
:thumbup2:

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:52 PM

Posted 06 April 2009 - 04:48 PM

I'd go ahead and run that scan with Superantispyware and see what happens. It will likely pick up some of the files that we have already quarantined, but hopefully nothing active.

Let me know how it goes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 prepulemel

prepulemel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 07 April 2009 - 09:05 AM

Okay, I ran SUPERAntiSpyware and it scanned and quarantined the following files without restarting itself (thank goodness):
Adware.Tracking Cookie
Adware.Vundo Variant
Rogue.Component/Trace
Trojan.Unclassified/Helper-DD
Trojan.Unknown Origin

Windows Live OneCare detected another trojan trying to get through while SAS was scanning my computer, but it cleaned it for me. Other than that, everything looks okay at the moment.

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:52 PM

Posted 07 April 2009 - 12:27 PM

Cookies are insignificant, but I'd like to know the locations of the other files that were detected. Then we can be sure that they're not active.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 prepulemel

prepulemel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 15 April 2009 - 05:58 PM

Here's the log from that scan on 4/7/09:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/07/2009 at 05:31 AM

Application Version : 4.26.1000

Core Rules Database Version : 3816
Trace Rules Database Version: 1770

Scan type : Complete Scan
Total Scan Time : 00:55:11

Memory items scanned : 529
Memory threats detected : 0
Registry items scanned : 4960
Registry threats detected : 7
File items scanned : 75909
File threats detected : 64

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32

Trojan.Unclassified/Helper-DD
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}

Adware.Tracking Cookie
C:\Documents and Settings\Melinda\Cookies\melinda@ads.imarketservices[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@www.burstnet[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@invitemedia[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@overture[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@2o7[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@media.adrevolver[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@questionmarket[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@statcounter[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@atdmt[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@adbrite[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@specificmedia[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@gaiainteractive.112.2o7[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@server.cpmstar[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@euroclick[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@yieldmanager[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@media.adrevolver[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@ads.ad4game[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@apmebf[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@mediaplex[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@specificclick[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@adrevolver[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@azjmp[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@tribalfusion[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@www.burstbeacon[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@trafficmp[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@media6degrees[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@adserver.adtechus[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@collective-media[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@websponsors[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@stats4.clicktracks[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@advertising[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@adlegend[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@ad.dragonstar.dmoglobal[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@realmedia[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@c7.zedo[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@ads.realtechnetwork[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@ads.clicksor[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@ads.pointroll[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@ad.yieldmanager[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@viacom.adbureau[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@ads.gamesbannernet[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@247realmedia[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@ads.lucidmedia[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@www.socialtrack[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@ads.bleepingcomputer[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@casalemedia[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@ehg-lexmark.hitbox[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@zedo[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@burstnet[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@richmedia.yahoo[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@a1.interclick[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@revsci[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@cgm.adbureau[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@interclick[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@fastclick[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@oasn04.247realmedia[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@myroitracking[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@doubleclick[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@serving-sys[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@bs.serving-sys[1].txt
C:\Documents and Settings\Melinda\Cookies\melinda@insightexpressai[2].txt
C:\Documents and Settings\Melinda\Cookies\melinda@go.globaladsales[2].txt
C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt

Rogue.Component/Trace
HKU\S-1-5-21-527405789-120324106-3661435863-1006\Software\Microsoft\FIAS4051
HKU\S-1-5-21-527405789-120324106-3661435863-1006\Software\Microsoft\FIAS4057

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\KILL1211.EXE

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:52 PM

Posted 16 April 2009 - 09:00 AM

Does it come up clean now, except for cookies?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 prepulemel

prepulemel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 24 April 2009 - 10:45 AM

Yes, it came up clean minus two tracking cookies.

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:52 PM

Posted 24 April 2009 - 10:49 AM

:thumbup2:

Let's clean up.
Run OtListIt and click on the CleanUp button.
Reboot when it asks you to.



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:) :step4:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:52 PM

Posted 14 May 2009 - 11:18 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users