Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with PC Antivirus 2010 (aka Antispyware 2010)


  • This topic is locked This topic is locked
35 replies to this topic

#1 Lareinab

Lareinab

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 17 August 2009 - 10:37 PM

Hello, my computer is infected with this virus. I downloaded and ran the malware removal software and although it seems like the virus is gone, I still see traces of it in my registry. Any help would be much appreciated..below is the log from hikackthis..thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:28 PM, on 8/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\jdlott.HEATHER\Desktop\HiJackThis.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [StatusClient 2.5] C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [msword98] C:\WINDOWS\system32\msword98.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msword98] C:\Documents and Settings\jdlott.HEATHER\msword98.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [braviax] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_4.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...81/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183263021796
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,19/mcgdmgr.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sureharvest.local
O17 - HKLM\Software\..\Telephony: DomainName = sureharvest.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sureharvest.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = sureharvest.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 9055 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:39 AM

Posted 18 August 2009 - 01:05 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Lareinab

Lareinab
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 18 August 2009 - 07:16 PM

Hello Sam! Thanks in advance for your help.

Here is the log report from Mawarebytes

Malwarebytes' Anti-Malware 1.40
Database version: 2651
Windows 5.1.2600 Service Pack 3

8/18/2009 6:01:19 PM
mbam-log-2009-08-18 (18-01-19).txt

Scan type: Quick Scan
Objects scanned: 129018
Time elapsed: 6 minute(s), 47 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 4
Files Infected: 32

Memory Processes Infected:
C:\Documents and Settings\jdlott.HEATHER\msword98.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\SYSTEM32\msword98.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msword98 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msword98 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\data (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Start Menu\Programs\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\jdlott.HEATHER\msword98.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\msword98.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wisdstr.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN25.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BND.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\jdlott.HEATHER\Local Settings\Temp\BN10.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\jdlott.HEATHER\Local Settings\Temp\BN2D8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\jdlott.HEATHER\Local Settings\Temp\BN2D9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\jdlott.HEATHER\Local Settings\Temp\BNA.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\jdlott.HEATHER\Local Settings\Temporary Internet Files\Content.IE5\HUK2WRX3\Install[1].exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\WINDOWS\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.cfg (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\wscui.cpl (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\data\daily.cvd (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Start Menu\Programs\PC_Antispyware2010\PC_Antispyware2010.lnk (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Start Menu\Programs\PC_Antispyware2010\Uninstall.lnk (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\braviax.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\DLLCACHE\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DLLCACHE\figaro.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\jdlott.HEATHER\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\jdlott.HEATHER\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
C:\WINDOWS\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


Here is the log from OTL

OTL logfile created on: 8/18/2009 6:05:05 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\jdlott.HEATHER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

637.98 Mb Total Physical Memory | 87.86 Mb Available Physical Memory | 13.77% Memory free
1.21 Gb Paging File | 0.18 Gb Available in Paging File | 15.19% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 29.95 Gb Free Space | 40.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 14.94 Gb Total Space | 1.16 Gb Free Space | 7.77% Space Free | Partition Type: NTFS
Drive F: | 59.59 Gb Total Space | 57.59 Gb Free Space | 96.64% Space Free | Partition Type: NTFS
Drive G: | 226.62 Gb Total Space | 173.46 Gb Free Space | 76.54% Space Free | Partition Type: NTFS
Drive H: | 6.26 Gb Total Space | 0.89 Gb Free Space | 14.16% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: HEATHER
Current User Name: jdlott
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/04/18 03:30:42 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2007/05/25 03:41:37 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\System32\lxddcoms.exe
PRC - [2004/09/22 22:00:00 | 00,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
PRC - [2008/06/10 02:21:01 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
PRC - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2009/03/17 14:24:06 | 00,161,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2008/04/09 00:15:12 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003/08/26 18:47:34 | 00,204,800 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2004/03/15 00:04:00 | 00,122,933 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2003/03/07 19:03:10 | 00,036,864 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
PRC - [2005/03/02 02:10:00 | 00,139,320 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
PRC - [2004/09/22 22:00:00 | 00,094,208 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
PRC - [2008/06/10 05:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2005/09/20 10:32:24 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/09/20 10:36:20 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2007/06/11 13:27:23 | 00,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/04/30 02:19:53 | 00,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
PRC - [2004/09/14 11:39:51 | 00,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
PRC - [2009/03/17 14:24:06 | 00,721,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2008/05/01 05:38:00 | 00,131,072 | ---- | M] (Linksys LLC - A Division of Cisco Systems) -- C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
PRC - [2008/04/09 00:15:10 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2007/03/15 12:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2009/04/16 13:36:36 | 24,264,488 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2004/06/09 16:16:08 | 00,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe
PRC - [2008/05/26 23:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2009/08/03 13:36:10 | 01,295,632 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2008/06/10 05:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
PRC - [2009/08/16 22:41:58 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/18 18:04:40 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/04/02 12:47:04 | 00,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade [Auto | Stopped])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/03/07 16:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/04/18 03:30:42 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater [Auto | Running])
SRV - [2007/05/25 03:41:53 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe -- (lxddCATSCustConnectService [Auto | Stopped])
SRV - [2007/05/25 03:41:37 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device [Auto | Running])
SRV - [2005/03/02 02:10:00 | 00,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Stopped])
SRV - [2004/09/22 22:00:00 | 00,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe -- (McShield [Auto | Stopped])
SRV - [2004/09/22 22:00:00 | 00,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -- (McTaskManager [Auto | Running])
SRV - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2009/03/17 14:24:06 | 00,161,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc [Auto | Running])
SRV - [2003/03/03 12:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/04/09 00:15:12 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/05/14 13:45:04 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2009/07/22 22:44:48 | 01,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2002/04/01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2005/02/08 11:27:00 | 00,005,185 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2004/02/13 02:21:00 | 00,086,160 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2004/02/27 01:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2006/10/05 17:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
DRV - [2007/02/25 13:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2005/06/13 13:58:04 | 00,162,816 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2004/09/22 22:00:00 | 00,008,320 | ---- | M] (Network Associates, Inc) -- C:\WINDOWS\System32\drivers\EntDrv51.sys -- (EntDrv51 [On_Demand | Stopped])
DRV - [2005/09/20 11:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2004/03/05 21:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys -- (IntelC51 [On_Demand | Running])
DRV - [2004/03/05 21:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys -- (IntelC52 [On_Demand | Running])
DRV - [2004/03/05 21:13:52 | 00,060,949 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys -- (IntelC53 [On_Demand | Running])
DRV - [2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2004/03/05 21:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys -- (mohfilt [On_Demand | Running])
DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2004/09/22 22:00:00 | 00,108,256 | ---- | M] (Network Associates, Inc.) -- C:\WINDOWS\System32\drivers\naiavf5x.sys -- (NaiAvFilter1 [On_Demand | Stopped])
DRV - [2004/09/22 22:00:00 | 00,058,048 | ---- | M] (Network Associates, Inc.) -- C:\WINDOWS\System32\drivers\mvstdi5x.sys -- (NaiAvTdi1 [System | Running])
DRV - [2009/08/15 07:44:10 | 00,619,584 | ---- | M] () -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs [Disabled | Running])
DRV - [2009/05/09 01:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NuidFltr.sys -- (NuidFltr [On_Demand | Stopped])
DRV - [2002/11/08 12:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2006/02/28 15:25:35 | 00,016,694 | ---- | M] (PalmSource, Inc.) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2009/04/03 10:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2008/04/09 00:14:04 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\System32\DRIVERS\pnarp.sys -- (pnarp [Auto | Running])
DRV - [2004/03/19 16:41:54 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/04/09 00:14:00 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\System32\DRIVERS\purendis.sys -- (purendis [Auto | Running])
DRV - [2004/03/03 01:02:00 | 00,020,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2004/03/19 16:42:10 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2003/05/06 08:14:34 | 00,580,992 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2006/12/18 14:54:18 | 00,513,152 | ---- | M] (Windows ® 2000/XP) -- C:\WINDOWS\System32\drivers\SndTDriverV32.sys -- (SndTDriverV32 [On_Demand | Stopped])
DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2004/01/14 18:18:16 | 00,005,621 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2004/01/14 18:18:04 | 00,023,219 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2004/03/15 00:04:00 | 00,025,685 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2004/03/15 00:04:00 | 00,034,837 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2004/03/15 00:04:00 | 00,004,117 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2004/03/15 00:04:00 | 00,002,233 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2004/03/15 00:04:00 | 00,085,972 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2004/03/15 00:04:00 | 00,014,229 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2004/03/15 00:04:00 | 00,006,357 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2004/03/15 00:04:00 | 00,098,580 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2004/03/15 00:04:00 | 00,100,597 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/04/13 12:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2009/03/17 14:24:08 | 01,964,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\VX1000.sys -- (VX1000 [On_Demand | Stopped])
DRV - [2003/02/22 15:03:28 | 00,031,273 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
DRV - [2003/04/15 09:40:54 | 00,113,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
DRV - [2003/04/15 09:40:46 | 00,078,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])
DRV - [2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3007714419-1336913052-406872289-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3007714419-1336913052-406872289-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3007714419-1336913052-406872289-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3007714419-1336913052-406872289-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3007714419-1336913052-406872289-1009\S-1-5-21-3007714419-1336913052-406872289-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.27
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.13966
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2007/06/30 22:57:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/04/05 16:07:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/16 22:42:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/16 22:42:25 | 00,000,000 | ---D | M]

[2009/04/05 21:39:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jdlott.HEATHER\Application Data\mozilla\Extensions
[2009/04/05 21:39:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jdlott.HEATHER\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/17 20:58:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jdlott.HEATHER\Application Data\mozilla\Firefox\Profiles\7q131snu.default\extensions
[2009/04/09 00:17:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jdlott.HEATHER\Application Data\mozilla\Firefox\Profiles\7q131snu.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/08/15 07:38:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jdlott.HEATHER\Application Data\mozilla\Firefox\Profiles\7q131snu.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/08/16 14:19:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/16 22:42:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/08/28 22:14:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/12/13 01:53:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/07/18 20:00:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/08/18 18:00:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\browserhighlighter@ebay.com
[2008/04/25 23:20:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\temp
[2009/08/16 22:41:56 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/16 22:41:56 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/30 17:29:22 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2007/03/02 07:17:24 | 00,095,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPAPIX.dll
[2007/01/17 05:18:04 | 00,095,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPFluxBrowserHelper.dll
[2007/07/02 09:42:20 | 00,103,064 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPMPDRM.dll
[2009/08/16 22:42:02 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 20:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008/02/04 23:42:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/02/04 23:42:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/02/04 23:42:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/02/04 23:42:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/02/04 23:42:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/02/04 23:42:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/02/04 23:42:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2005/09/01 13:34:42 | 01,312,392 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2009/03/26 12:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 12:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 12:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 12:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 12:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 12:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/26 12:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE (Network Associates, Inc.)
O4 - HKLM..\Run: [StatusClient 2.5] C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [braviax] File not found
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [braviax] File not found
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3007714419-1336913052-406872289-1009..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-3007714419-1336913052-406872289-1009..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-3007714419-1336913052-406872289-1009..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\stuladhar\Start Menu\Programs\Startup\palmOne Registration.lnk = C:\Program Files\Palm\register.exe (palmOne/Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3007714419-1336913052-406872289-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3007714419-1336913052-406872289-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3007714419-1336913052-406872289-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3007714419-1336913052-406872289-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3007714419-1336913052-406872289-1009_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_4.cab (FixController Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://bin.mcafee.com/molbin/shared/mcinsc...81/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1183263021796 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://bin.mcafee.com/molbin/shared/mcgdmg...,19/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sureharvest.local
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/20 11:58:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/07/03 21:41:30 | 00,000,047 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/16 08:35:55 | 00,000,074 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/08/18 18:04:36 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\OTL.exe
[2009/08/18 18:02:38 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\izvpcc.sys
[2009/08/18 17:39:59 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/18 17:39:55 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/18 17:39:51 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/18 17:39:50 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/18 05:57:07 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\braviax.exe
[2009/08/17 21:14:33 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\HiJackThis.exe
[2009/08/17 20:55:29 | 08,798,656 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\windows-kb890830-v2.13.exe
[2009/08/17 20:53:56 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/08/17 20:53:52 | 00,059,277 | ---- | C] () -- C:\Documents and Settings\jdlott.HEATHER\Desktop\Remove Antivirus 2010.exe
[2009/08/17 20:49:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/08/17 20:23:38 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/08/17 20:23:37 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF32473.exe
[2009/08/17 19:30:20 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/08/17 19:30:20 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/08/17 19:30:20 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll
[2009/08/17 19:30:20 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll
[2009/08/17 19:30:20 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll
[2009/08/17 19:30:20 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll
[2009/08/17 19:30:20 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/08/17 19:30:20 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys
[2009/08/17 19:30:20 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe
[2009/08/17 19:30:19 | 03,597,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll
[2009/08/17 19:30:19 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/08/17 19:30:19 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/08/17 19:30:19 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/08/17 19:30:19 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/08/17 19:30:19 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/08/17 19:30:19 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/08/17 19:30:19 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/08/17 19:30:19 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/08/17 19:30:19 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/08/17 19:30:19 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009/08/17 19:30:19 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/08/17 19:30:19 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/08/17 19:30:19 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/08/17 19:30:19 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/08/17 19:30:19 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/08/17 19:30:19 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/08/17 19:30:19 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/08/17 19:30:19 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/08/17 19:30:19 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/08/17 19:30:19 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/08/17 19:30:19 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/08/17 19:30:19 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/08/17 19:30:19 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/08/17 19:30:19 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ACPIEC.SYS
[2009/08/17 19:30:19 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/08/17 19:30:19 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\NULL.SYS
[2009/08/17 19:30:18 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/08/17 19:30:18 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/08/17 19:30:18 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/08/17 19:30:18 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/08/17 19:30:18 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/08/17 19:30:18 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/08/17 19:30:18 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/08/17 19:30:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/17 19:24:51 | 00,019,627 | ---- | C] () -- C:\Documents and Settings\jdlott.HEATHER\Application Data\saguqaz._sy
[2009/08/17 19:24:51 | 00,015,798 | ---- | C] () -- C:\WINDOWS\System32\oqugenajag.sys
[2009/08/17 19:24:51 | 00,014,492 | ---- | C] () -- C:\WINDOWS\ohobu.lib
[2009/08/17 19:24:51 | 00,011,025 | ---- | C] () -- C:\Program Files\Common Files\fapasegyj.com
[2009/08/17 19:24:50 | 00,019,865 | ---- | C] () -- C:\WINDOWS\qynozu.scr
[2009/08/17 19:24:50 | 00,019,701 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gomof.bat
[2009/08/17 19:24:50 | 00,019,606 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ehuqunov.dat
[2009/08/17 19:24:50 | 00,018,837 | ---- | C] () -- C:\WINDOWS\paxomyn.dll
[2009/08/17 19:24:50 | 00,014,281 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\wena.scr
[2009/08/17 19:24:50 | 00,013,593 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\baqodaqake.exe
[2009/08/17 19:24:50 | 00,013,517 | ---- | C] () -- C:\WINDOWS\rigyvo.lib
[2009/08/17 19:24:50 | 00,011,795 | ---- | C] () -- C:\WINDOWS\oxexiza.sys
[2009/08/17 19:24:50 | 00,011,640 | ---- | C] () -- C:\WINDOWS\cocari.db
[2009/08/17 19:24:50 | 00,010,751 | ---- | C] () -- C:\WINDOWS\xekivuvara.dll
[2009/08/17 19:24:49 | 00,017,427 | ---- | C] () -- C:\WINDOWS\inify._sy
[2009/08/17 19:24:49 | 00,015,801 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ytelo.exe
[2009/08/17 19:24:49 | 00,015,115 | ---- | C] () -- C:\WINDOWS\kafetew.lib
[2009/08/17 19:04:31 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/08/17 19:04:25 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/08/17 19:04:24 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/08/17 18:49:02 | 00,000,000 | ---D | C] -- C:\quarantine
[2009/08/17 18:20:04 | 00,216,064 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/17 18:20:04 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/08/17 18:20:04 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/08/17 18:20:04 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/08/17 18:20:04 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/08/17 18:20:04 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/08/17 18:20:04 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/17 18:20:04 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/08/17 18:19:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/17 18:19:41 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/16 17:28:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jdlott.HEATHER\Application Data\Malwarebytes
[2009/08/16 17:28:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/16 17:26:33 | 03,942,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\mbam-setup.exe
[2009/08/16 14:35:20 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/08/16 14:35:11 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/08/16 14:35:11 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/08/16 14:35:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/16 14:35:01 | 00,001,644 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/08/16 14:34:56 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/08/16 14:34:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/08/16 14:34:46 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/08/16 14:34:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jdlott.HEATHER\Application Data\PC Tools
[2009/08/16 14:34:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/08/16 14:23:48 | 05,154,304 | ---- | C] () -- C:\Documents and Settings\jdlott.HEATHER\Desktop\WindowsDefender.msi
[2009/08/16 14:21:28 | 26,171,928 | ---- | C] (PC Tools ) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\sdsetup.exe
[2009/08/16 14:07:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jdlott.HEATHER\Application Data\Windows Search
[2009/08/16 10:21:24 | 00,016,773 | ---- | C] () -- C:\WINDOWS\nyhesymoke._sy
[2009/08/16 10:21:24 | 00,014,372 | ---- | C] () -- C:\WINDOWS\bevutaxicu._sy
[2009/08/16 10:21:23 | 00,019,269 | ---- | C] () -- C:\WINDOWS\System32\iwawudepe.com
[2009/08/16 10:21:23 | 00,018,218 | ---- | C] () -- C:\WINDOWS\xiqigety.dll
[2009/08/16 10:21:23 | 00,017,698 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xoho.lib
[2009/08/16 10:21:23 | 00,017,461 | ---- | C] () -- C:\Program Files\Common Files\vajo.dl
[2009/08/16 10:21:23 | 00,014,604 | ---- | C] () -- C:\WINDOWS\System32\yfiwy._sy
[2009/08/16 10:21:23 | 00,014,076 | ---- | C] () -- C:\WINDOWS\System32\itysa.reg
[2009/08/16 10:21:23 | 00,013,684 | ---- | C] () -- C:\WINDOWS\eqofaraky.dl
[2009/08/16 10:21:23 | 00,011,635 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\nyjiqeni.sys
[2009/08/16 10:21:23 | 00,010,778 | ---- | C] () -- C:\WINDOWS\ogecigobe.pif
[2009/08/15 23:29:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jdlott.HEATHER\Application Data\vlc
[2009/08/15 23:28:19 | 00,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/08/15 23:27:48 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/08/15 23:22:46 | 00,001,620 | ---- | C] () -- C:\Documents and Settings\jdlott.HEATHER\Desktop\Free Dolphins Screensaver.lnk
[2009/08/15 23:22:46 | 00,001,618 | ---- | C] () -- C:\Documents and Settings\jdlott.HEATHER\Desktop\Free Whales ScreenSaver.lnk
[2009/08/15 23:22:45 | 00,001,616 | ---- | C] () -- C:\Documents and Settings\jdlott.HEATHER\Desktop\Free Animated Desktop Wallpaper.lnk
[2009/08/15 23:22:45 | 00,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2009/08/15 23:21:49 | 04,196,968 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\VLCfree_8676.exe
[2009/08/15 23:20:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jdlott.HEATHER\Application Data\Apple Computer
[2009/08/15 23:17:32 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/08/15 23:17:32 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/08/15 13:11:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jdlott.HEATHER\My Documents\Downloads
[2009/08/15 07:56:54 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/15 07:51:59 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/15 07:44:10 | 00,619,584 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntfs.sys
[2009/08/15 07:38:37 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/08/15 07:35:38 | 00,288,048 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\utorrent.exe
[2009/08/05 03:01:48 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/07/26 17:21:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jdlott.HEATHER\Application Data\CyberLink
[2009/07/25 09:14:57 | 00,019,705 | ---- | C] () -- C:\Documents and Settings\jdlott.HEATHER\Desktop\mamwama.jpg
[2009/07/19 20:41:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jdlott.HEATHER\Local Settings\Application Data\Help
[2009/07/19 20:41:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jdlott.HEATHER\Application Data\Help
[2009/05/17 08:15:24 | 00,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2009/04/06 17:42:29 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2009/04/06 17:42:25 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2009/04/06 17:41:32 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2009/04/06 17:41:32 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2009/04/06 17:41:32 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2009/04/06 17:41:02 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2009/04/06 17:41:02 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2009/04/06 17:40:41 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2009/04/06 17:40:41 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2009/04/06 17:38:36 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2009/04/06 17:36:33 | 00,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2009/04/06 17:36:33 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2009/04/06 17:36:32 | 01,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2009/04/06 17:36:32 | 00,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2009/04/06 17:36:32 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2009/04/06 17:36:32 | 00,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2009/04/06 17:36:31 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2009/04/06 17:36:31 | 00,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2009/04/06 17:36:31 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2009/04/06 17:36:31 | 00,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2009/04/06 17:36:30 | 00,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2009/04/06 17:36:29 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2009/04/06 17:36:26 | 00,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2009/04/06 17:36:26 | 00,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2007/09/27 11:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/10 22:49:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/10/15 21:54:00 | 00,003,649 | ---- | C] () -- C:\WINDOWS\hpdj6122.ini
[2006/10/08 14:21:03 | 00,172,056 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/02/28 15:48:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/08/26 13:53:21 | 00,000,126 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005/08/26 13:10:10 | 00,000,367 | ---- | C] () -- C:\WINDOWS\SWDEPEND.INI
[2005/08/26 13:10:09 | 00,000,247 | ---- | C] () -- C:\WINDOWS\SP70DATA.INI
[2005/03/23 17:35:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2005/02/09 11:56:53 | 00,001,591 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/09/14 11:40:23 | 00,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2004/09/14 11:40:23 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2004/09/14 11:35:20 | 00,018,277 | ---- | C] () -- C:\WINDOWS\hpclj3500.ini
[2004/09/14 11:34:37 | 00,000,312 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/09/14 11:34:35 | 00,001,045 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2004/09/14 11:34:16 | 00,196,608 | R--- | C] () -- C:\WINDOWS\System32\hpbvnstp.dll
[2004/08/27 18:17:39 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\irisscan.dll
[2004/08/27 18:17:22 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\IRSCANA8.dll
[2004/07/14 11:47:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2004/07/14 11:47:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/06/16 16:20:08 | 00,100,352 | ---- | C] () -- C:\WINDOWS\System32\PG32CONV.DLL
[2004/06/16 16:20:08 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2004/06/16 09:49:49 | 00,002,734 | ---- | C] () -- C:\WINDOWS\pviewm.ini
[2004/06/16 09:49:43 | 00,001,353 | ---- | C] () -- C:\WINDOWS\sview.ini
[2004/06/07 06:04:26 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/07 05:54:48 | 00,000,893 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/06/07 05:49:10 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/06/07 05:32:48 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/07 05:21:42 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/26 15:59:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/20 12:21:34 | 00,000,799 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/03/20 11:58:32 | 00,000,649 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/03/20 11:50:44 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/03/19 16:40:50 | 00,619,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntfs.sys
[2004/03/19 16:37:28 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/31 04:17:12 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2000/04/14 17:50:02 | 00,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1998/06/11 15:08:06 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[13 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/08/18 18:04:40 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\OTL.exe
[2009/08/18 18:02:38 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\izvpcc.sys
[2009/08/18 17:39:59 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/18 17:38:50 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/08/18 17:38:20 | 03,739,412 | -H-- | M] () -- C:\Documents and Settings\jdlott.HEATHER\Local Settings\Application Data\IconCache.db
[2009/08/18 05:57:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/18 05:57:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/08/18 05:57:07 | 00,011,264 | ---- | M] () -- C:\WINDOWS\System32\braviax.exe
[2009/08/18 03:02:18 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/17 21:14:43 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\HiJackThis.exe
[2009/08/17 20:58:20 | 08,798,656 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\windows-kb890830-v2.13.exe
[2009/08/17 20:53:53 | 00,059,277 | ---- | M] () -- C:\Documents and Settings\jdlott.HEATHER\Desktop\Remove Antivirus 2010.exe
[2009/08/17 20:39:11 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/17 20:38:44 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2009/08/17 20:23:27 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF32473.exe
[2009/08/17 19:24:51 | 00,019,627 | ---- | M] () -- C:\Documents and Settings\jdlott.HEATHER\Application Data\saguqaz._sy
[2009/08/17 19:24:51 | 00,015,798 | ---- | M] () -- C:\WINDOWS\System32\oqugenajag.sys
[2009/08/17 19:24:51 | 00,014,492 | ---- | M] () -- C:\WINDOWS\ohobu.lib
[2009/08/17 19:24:51 | 00,011,025 | ---- | M] () -- C:\Program Files\Common Files\fapasegyj.com
[2009/08/17 19:24:50 | 00,019,865 | ---- | M] () -- C:\WINDOWS\qynozu.scr
[2009/08/17 19:24:50 | 00,019,701 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\gomof.bat
[2009/08/17 19:24:50 | 00,019,606 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ehuqunov.dat
[2009/08/17 19:24:50 | 00,018,837 | ---- | M] () -- C:\WINDOWS\paxomyn.dll
[2009/08/17 19:24:50 | 00,014,281 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\wena.scr
[2009/08/17 19:24:50 | 00,013,593 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\baqodaqake.exe
[2009/08/17 19:24:50 | 00,013,517 | ---- | M] () -- C:\WINDOWS\rigyvo.lib
[2009/08/17 19:24:50 | 00,011,795 | ---- | M] () -- C:\WINDOWS\oxexiza.sys
[2009/08/17 19:24:50 | 00,011,640 | ---- | M] () -- C:\WINDOWS\cocari.db
[2009/08/17 19:24:50 | 00,010,751 | ---- | M] () -- C:\WINDOWS\xekivuvara.dll
[2009/08/17 19:24:49 | 00,017,427 | ---- | M] () -- C:\WINDOWS\inify._sy
[2009/08/17 19:24:49 | 00,015,801 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ytelo.exe
[2009/08/17 19:24:49 | 00,015,115 | ---- | M] () -- C:\WINDOWS\kafetew.lib
[2009/08/17 19:04:31 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI
[2009/08/16 17:27:43 | 03,942,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\mbam-setup.exe
[2009/08/16 14:35:02 | 00,001,644 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/08/16 14:31:46 | 26,171,928 | ---- | M] (PC Tools ) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\sdsetup.exe
[2009/08/16 14:27:25 | 05,154,304 | ---- | M] () -- C:\Documents and Settings\jdlott.HEATHER\Desktop\WindowsDefender.msi
[2009/08/16 10:21:24 | 00,016,773 | ---- | M] () -- C:\WINDOWS\nyhesymoke._sy
[2009/08/16 10:21:24 | 00,014,372 | ---- | M] () -- C:\WINDOWS\bevutaxicu._sy
[2009/08/16 10:21:24 | 00,013,684 | ---- | M] () -- C:\WINDOWS\eqofaraky.dl
[2009/08/16 10:21:23 | 00,019,269 | ---- | M] () -- C:\WINDOWS\System32\iwawudepe.com
[2009/08/16 10:21:23 | 00,018,218 | ---- | M] () -- C:\WINDOWS\xiqigety.dll
[2009/08/16 10:21:23 | 00,017,698 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\xoho.lib
[2009/08/16 10:21:23 | 00,017,461 | ---- | M] () -- C:\Program Files\Common Files\vajo.dl
[2009/08/16 10:21:23 | 00,014,604 | ---- | M] () -- C:\WINDOWS\System32\yfiwy._sy
[2009/08/16 10:21:23 | 00,014,076 | ---- | M] () -- C:\WINDOWS\System32\itysa.reg
[2009/08/16 10:21:23 | 00,011,635 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\nyjiqeni.sys
[2009/08/16 10:21:23 | 00,010,778 | ---- | M] () -- C:\WINDOWS\ogecigobe.pif
[2009/08/15 23:28:19 | 00,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/08/15 23:22:46 | 00,001,620 | ---- | M] () -- C:\Documents and Settings\jdlott.HEATHER\Desktop\Free Dolphins Screensaver.lnk
[2009/08/15 23:22:46 | 00,001,618 | ---- | M] () -- C:\Documents and Settings\jdlott.HEATHER\Desktop\Free Whales ScreenSaver.lnk
[2009/08/15 23:22:45 | 00,001,616 | ---- | M] () -- C:\Documents and Settings\jdlott.HEATHER\Desktop\Free Animated Desktop Wallpaper.lnk
[2009/08/15 23:21:54 | 04,196,968 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\VLCfree_8676.exe
[2009/08/15 23:17:32 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/08/15 23:17:32 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/08/15 23:16:56 | 00,007,168 | ---- | M] () -- C:\Documents and Settings\jdlott.HEATHER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/15 07:44:11 | 00,619,584 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntfs.sys
[2009/08/15 07:44:10 | 00,619,584 | ---- | M] () -- C:\WINDOWS\System32\drivers\ntfs.sys
[2009/08/15 07:35:59 | 00,288,048 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\utorrent.exe
[2009/08/08 12:10:14 | 00,216,064 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/08/05 03:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 03:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/30 14:38:18 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/07/29 17:49:16 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/27 16:27:12 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/07/25 09:14:57 | 00,019,705 | ---- | M] () -- C:\Documents and Settings\jdlott.HEATHER\Desktop\mamwama.jpg

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:39 AM

Posted 19 August 2009 - 11:56 AM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://bin.mcafee.com/molbin/shared/mcgdmg...,19/mcgdmgr.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2)
    O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
    O4 - HKU\.DEFAULT..\Run: [braviax] File not found
    O4 - HKU\S-1-5-18..\Run: [braviax] File not found
    O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    :Files
    C:\*.tmp 
    C:\WINDOWS\System32\*.tmp 
    C:\WINDOWS\*.tmp
    C:\Program Files\Free Offers from Freeze.com
    C:\WINDOWS\nyhesymoke._sy
    C:\WINDOWS\bevutaxicu._sy
    C:\WINDOWS\System32\iwawudepe.com
    C:\WINDOWS\xiqigety.dll
    C:\Documents and Settings\All Users\Application Data\xoho.lib
    C:\Program Files\Common Files\vajo.dl
    C:\WINDOWS\System32\yfiwy._sy
    C:\WINDOWS\System32\itysa.reg
    C:\WINDOWS\eqofaraky.dl
    C:\Documents and Settings\All Users\Application Data\nyjiqeni.sys
    C:\WINDOWS\ogecigobe.pif
    C:\Documents and Settings\jdlott.HEATHER\Application Data\saguqaz._sy
    C:\WINDOWS\System32\oqugenajag.sys
    C:\WINDOWS\ohobu.lib
    C:\Program Files\Common Files\fapasegyj.com
    C:\WINDOWS\qynozu.scr
    C:\Documents and Settings\All Users\Application Data\gomof.bat
    C:\Documents and Settings\All Users\Application Data\ehuqunov.dat
    C:\WINDOWS\paxomyn.dll
    C:\Documents and Settings\All Users\Application Data\wena.scr
    C:\Documents and Settings\All Users\Application Data\baqodaqake.exe
    C:\WINDOWS\rigyvo.lib
    C:\WINDOWS\oxexiza.sys
    C:\WINDOWS\cocari.db
    C:\WINDOWS\xekivuvara.dll
    C:\WINDOWS\inify._sy
    C:\Documents and Settings\All Users\Application Data\ytelo.exe
    C:\WINDOWS\kafetew.lib
    C:\Documents and Settings\jdlott.HEATHER\Desktop\Remove Antivirus 2010.exe
    C:\WINDOWS\System32\braviax.exe
    
    
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Lareinab

Lareinab
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 19 August 2009 - 05:59 PM

Here it is.. thanks

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Starting removal of ActiveX control {233C1507-6A77-46A4-9443-F871F945D258}
C:\WINDOWS\Downloaded Program Files\setup.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{233C1507-6A77-46A4-9443-F871F945D258}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
C:\WINDOWS\Downloaded Program Files\McGDMgr.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\braviax deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\braviax not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
========== FILES ==========
C:\~QTWTMP.TMP moved successfully.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\SET1C9.tmp moved successfully.
C:\WINDOWS\System32\SET1CA.tmp moved successfully.
C:\WINDOWS\System32\SET1CB.tmp moved successfully.
C:\WINDOWS\System32\SET1CC.tmp moved successfully.
C:\WINDOWS\System32\SET1CD.tmp moved successfully.
C:\WINDOWS\System32\SET1E5.tmp moved successfully.
C:\WINDOWS\System32\SET7B.tmp moved successfully.
C:\WINDOWS\System32\SET87.tmp moved successfully.
C:\WINDOWS\System32\SET90.tmp moved successfully.
C:\WINDOWS\System32\SET91.tmp moved successfully.
C:\WINDOWS\System32\SET92.tmp moved successfully.
C:\WINDOWS\System32\SET95.tmp moved successfully.
C:\WINDOWS\002437_.tmp moved successfully.
C:\WINDOWS\005982_.tmp moved successfully.
C:\WINDOWS\msdownld.tmp moved successfully.
C:\Program Files\Free Offers from Freeze.com moved successfully.
C:\WINDOWS\nyhesymoke._sy moved successfully.
C:\WINDOWS\bevutaxicu._sy moved successfully.
C:\WINDOWS\System32\iwawudepe.com moved successfully.
LoadLibrary failed for C:\WINDOWS\xiqigety.dll
C:\WINDOWS\xiqigety.dll NOT unregistered.
C:\WINDOWS\xiqigety.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\xoho.lib moved successfully.
C:\Program Files\Common Files\vajo.dl moved successfully.
C:\WINDOWS\System32\yfiwy._sy moved successfully.
C:\WINDOWS\System32\itysa.reg moved successfully.
C:\WINDOWS\eqofaraky.dl moved successfully.
C:\Documents and Settings\All Users\Application Data\nyjiqeni.sys moved successfully.
C:\WINDOWS\ogecigobe.pif moved successfully.
C:\Documents and Settings\jdlott.HEATHER\Application Data\saguqaz._sy moved successfully.
C:\WINDOWS\System32\oqugenajag.sys moved successfully.
C:\WINDOWS\ohobu.lib moved successfully.
C:\Program Files\Common Files\fapasegyj.com moved successfully.
C:\WINDOWS\qynozu.scr moved successfully.
C:\Documents and Settings\All Users\Application Data\gomof.bat moved successfully.
C:\Documents and Settings\All Users\Application Data\ehuqunov.dat moved successfully.
LoadLibrary failed for C:\WINDOWS\paxomyn.dll
C:\WINDOWS\paxomyn.dll NOT unregistered.
C:\WINDOWS\paxomyn.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\wena.scr moved successfully.
C:\Documents and Settings\All Users\Application Data\baqodaqake.exe moved successfully.
C:\WINDOWS\rigyvo.lib moved successfully.
C:\WINDOWS\oxexiza.sys moved successfully.
C:\WINDOWS\cocari.db moved successfully.
LoadLibrary failed for C:\WINDOWS\xekivuvara.dll
C:\WINDOWS\xekivuvara.dll NOT unregistered.
C:\WINDOWS\xekivuvara.dll moved successfully.
C:\WINDOWS\inify._sy moved successfully.
C:\Documents and Settings\All Users\Application Data\ytelo.exe moved successfully.
C:\WINDOWS\kafetew.lib moved successfully.
C:\Documents and Settings\jdlott.HEATHER\Desktop\Remove Antivirus 2010.exe moved successfully.
File\Folder C:\WINDOWS\System32\braviax.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 791655 bytes
->Java cache emptied: 427886 bytes
->Google Chrome cache emptied: 9715376 bytes

User: Administrator.SUREHARVEST
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: jdlott
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: jdlott.HEATHER
File delete failed. C:\Documents and Settings\jdlott.HEATHER\Local Settings\Temp\NODF269.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\jdlott.HEATHER\Local Settings\Temp\NODF50B.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 840854 bytes
->Temporary Internet Files folder emptied: 18058256 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49367230 bytes

User: Jeff
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 3663902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 49286 bytes

User: stuladhar
->Temp folder emptied: 0 bytes
->Java cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
RecycleBin emptied: 3124187 bytes

Total Files Cleaned = 82.10 mb


OTL by OldTimer - Version 3.0.10.7 log created on 08192009_174005

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\jdlott.HEATHER\Local Settings\Temp\NODF269.tmp not found!
File\Folder C:\Documents and Settings\jdlott.HEATHER\Local Settings\Temp\NODF50B.tmp not found!

Registry entries deleted on Reboot...

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:39 AM

Posted 20 August 2009 - 08:51 AM

Please post a new log from OTL.
How is your computer behaving? Any problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Lareinab

Lareinab
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 20 August 2009 - 06:18 PM

Here's the OTL log..each time the computer restarts, it seems like the virus is gone but then it starts installing again and shows up in my processes.

OTL logfile created on: 8/20/2009 5:56:15 PM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\jdlott.HEATHER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

637.98 Mb Total Physical Memory | 208.33 Mb Available Physical Memory | 32.65% Memory free
986.45 Mb Paging File | 366.24 Mb Available in Paging File | 37.13% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 30.09 Gb Free Space | 40.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 14.94 Gb Total Space | 1.16 Gb Free Space | 7.78% Space Free | Partition Type: NTFS
Drive F: | 59.59 Gb Total Space | 57.59 Gb Free Space | 96.64% Space Free | Partition Type: NTFS
Drive G: | 226.62 Gb Total Space | 173.46 Gb Free Space | 76.54% Space Free | Partition Type: NTFS
Drive H: | 6.26 Gb Total Space | 0.89 Gb Free Space | 14.16% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: HEATHER
Current User Name: jdlott
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/04/18 03:30:42 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2007/05/25 03:41:37 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\System32\lxddcoms.exe
PRC - [2004/09/22 22:00:00 | 00,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
PRC - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2008/06/10 02:21:01 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
PRC - [2009/03/17 14:24:06 | 00,161,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2008/04/09 00:15:12 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003/08/26 18:47:34 | 00,204,800 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2004/03/15 00:04:00 | 00,122,933 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2003/03/07 19:03:10 | 00,036,864 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
PRC - [2005/03/02 02:10:00 | 00,139,320 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
PRC - [2004/09/22 22:00:00 | 00,094,208 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
PRC - [2008/06/10 05:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2005/09/20 10:32:24 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/09/20 10:36:20 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2007/06/11 13:27:23 | 00,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/04/30 02:19:53 | 00,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
PRC - [2009/03/17 14:24:06 | 00,721,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2008/05/01 05:38:00 | 00,131,072 | ---- | M] (Linksys LLC - A Division of Cisco Systems) -- C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
PRC - [2004/09/14 11:39:51 | 00,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
PRC - [2008/04/09 00:15:10 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2007/03/15 12:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2009/04/16 13:36:36 | 24,264,488 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2004/06/09 16:16:08 | 00,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe
PRC - [2008/05/26 23:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2009/08/16 22:41:58 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/06/29 02:35:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/06/10 05:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
PRC - [2009/04/21 22:34:24 | 12,314,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/08/18 18:04:40 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/04/02 12:47:04 | 00,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade [Auto | Stopped])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/03/07 16:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/04/18 03:30:42 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater [Auto | Running])
SRV - [2007/05/25 03:41:53 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe -- (lxddCATSCustConnectService [Auto | Stopped])
SRV - [2007/05/25 03:41:37 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device [Auto | Running])
SRV - [2005/03/02 02:10:00 | 00,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Stopped])
SRV - [2004/09/22 22:00:00 | 00,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe -- (McShield [Auto | Stopped])
SRV - [2004/09/22 22:00:00 | 00,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -- (McTaskManager [Auto | Running])
SRV - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2009/03/17 14:24:06 | 00,161,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc [Auto | Running])
SRV - [2003/03/03 12:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/04/09 00:15:12 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/05/14 13:45:04 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2009/07/22 22:44:48 | 01,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2002/04/01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2009/08/19 17:50:33 | 00,029,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep [System | Running])
DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2005/02/08 11:27:00 | 00,005,185 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2004/02/13 02:21:00 | 00,086,160 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2004/02/27 01:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2006/10/05 17:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
DRV - [2007/02/25 13:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2005/06/13 13:58:04 | 00,162,816 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2004/09/22 22:00:00 | 00,008,320 | ---- | M] (Network Associates, Inc) -- C:\WINDOWS\System32\drivers\EntDrv51.sys -- (EntDrv51 [On_Demand | Stopped])
DRV - [2005/09/20 11:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2004/03/05 21:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys -- (IntelC51 [On_Demand | Running])
DRV - [2004/03/05 21:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys -- (IntelC52 [On_Demand | Running])
DRV - [2004/03/05 21:13:52 | 00,060,949 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys -- (IntelC53 [On_Demand | Running])
DRV - [2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2004/03/05 21:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys -- (mohfilt [On_Demand | Running])
DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2004/09/22 22:00:00 | 00,108,256 | ---- | M] (Network Associates, Inc.) -- C:\WINDOWS\System32\drivers\naiavf5x.sys -- (NaiAvFilter1 [On_Demand | Stopped])
DRV - [2004/09/22 22:00:00 | 00,058,048 | ---- | M] (Network Associates, Inc.) -- C:\WINDOWS\System32\drivers\mvstdi5x.sys -- (NaiAvTdi1 [System | Running])
DRV - [2009/08/15 07:44:10 | 00,619,584 | ---- | M] () -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs [Disabled | Running])
DRV - [2009/05/09 01:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NuidFltr.sys -- (NuidFltr [On_Demand | Stopped])
DRV - [2002/11/08 12:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2006/02/28 15:25:35 | 00,016,694 | ---- | M] (PalmSource, Inc.) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2009/04/03 10:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2008/04/09 00:14:04 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\System32\DRIVERS\pnarp.sys -- (pnarp [Auto | Running])
DRV - [2004/03/19 16:41:54 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/04/09 00:14:00 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\System32\DRIVERS\purendis.sys -- (purendis [Auto | Running])
DRV - [2004/03/03 01:02:00 | 00,020,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2004/03/19 16:42:10 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2003/05/06 08:14:34 | 00,580,992 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2006/12/18 14:54:18 | 00,513,152 | ---- | M] (Windows ® 2000/XP) -- C:\WINDOWS\System32\drivers\SndTDriverV32.sys -- (SndTDriverV32 [On_Demand | Stopped])
DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2004/01/14 18:18:16 | 00,005,621 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2004/01/14 18:18:04 | 00,023,219 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2004/03/15 00:04:00 | 00,025,685 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2004/03/15 00:04:00 | 00,034,837 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2004/03/15 00:04:00 | 00,004,117 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2004/03/15 00:04:00 | 00,002,233 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2004/03/15 00:04:00 | 00,085,972 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2004/03/15 00:04:00 | 00,014,229 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2004/03/15 00:04:00 | 00,006,357 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2004/03/15 00:04:00 | 00,098,580 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2004/03/15 00:04:00 | 00,100,597 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/04/13 12:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2009/03/17 14:24:08 | 01,964,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\VX1000.sys -- (VX1000 [On_Demand | Stopped])
DRV - [2003/02/22 15:03:28 | 00,031,273 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
DRV - [2003/04/15 09:40:54 | 00,113,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
DRV - [2003/04/15 09:40:46 | 00,078,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1545508948-2400148293-1440026266-1136\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-1545508948-2400148293-1440026266-1136\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1545508948-2400148293-1440026266-1136\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1545508948-2400148293-1440026266-1136\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1545508948-2400148293-1440026266-1136\S-1-5-21-1545508948-2400148293-1440026266-1136\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1545508948-2400148293-1440026266-1178\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-1545508948-2400148293-1440026266-1178\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1545508948-2400148293-1440026266-1178\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1545508948-2400148293-1440026266-1178\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.com/
IE - HKU\S-1-5-21-1545508948-2400148293-1440026266-1178\S-1-5-21-1545508948-2400148293-1440026266-1178\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1545508948-2400148293-1440026266-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKU\S-1-5-21-1545508948-2400148293-1440026266-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKU\S-1-5-21-1545508948-2400148293-1440026266-500\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/internetexplorer/welcome.php
IE - HKU\S-1-5-21-1545508948-2400148293-1440026266-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1545508948-2400148293-1440026266-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1545508948-2400148293-1440026266-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1545508948-2400148293-1440026266-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKU\S-1-5-21-1545508948-2400148293-1440026266-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-1545508948-2400148293-1440026266-500\S-1-5-21-1545508948-2400148293-1440026266-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3007714419-1336913052-406872289-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3007714419-1336913052-406872289-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3007714419-1336913052-406872289-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3007714419-1336913052-406872289-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3007714419-1336913052-406872289-1009\S-1-5-21-3007714419-1336913052-406872289-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.27
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.13966
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2007/06/30 22:57:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/04/05 16:07:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/16 22:42:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/16 22:42:25 | 00,000,000 | ---D | M]

[2009/04/05 21:39:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jdlott.HEATHER\Application Data\mozilla\Extensions
[2009/04/05 21:39:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jdlott.HEATHER\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/19 18:05:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jdlott.HEATHER\Application Data\mozilla\Firefox\Profiles\7q131snu.default\extensions
[2009/04/09 00:17:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jdlott.HEATHER\Application Data\mozilla\Firefox\Profiles\7q131snu.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/08/15 07:38:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jdlott.HEATHER\Application Data\mozilla\Firefox\Profiles\7q131snu.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/08/16 14:19:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/16 22:42:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/08/28 22:14:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/12/13 01:53:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/07/18 20:00:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/08/19 17:56:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\browserhighlighter@ebay.com
[2008/04/25 23:20:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\temp
[2009/08/16 22:41:56 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/16 22:41:56 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/30 17:29:22 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2007/03/02 07:17:24 | 00,095,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPAPIX.dll
[2007/01/17 05:18:04 | 00,095,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPFluxBrowserHelper.dll
[2007/07/02 09:42:20 | 00,103,064 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPMPDRM.dll
[2009/08/16 22:42:02 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 20:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008/02/04 23:42:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/02/04 23:42:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/02/04 23:42:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/02/04 23:42:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/02/04 23:42:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/02/04 23:42:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/02/04 23:42:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2005/09/01 13:34:42 | 01,312,392 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2009/03/26 12:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 12:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 12:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 12:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 12:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 12:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/26 12:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-1545508948-2400148293-1440026266-1136\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1545508948-2400148293-1440026266-1178\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [PC Antispyware 2010] C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE (Network Associates, Inc.)
O4 - HKLM..\Run: [StatusClient 2.5] C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [braviax] File not found
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [braviax] File not found
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1545508948-2400148293-1440026266-1136..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1545508948-2400148293-1440026266-1136..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1545508948-2400148293-1440026266-1136..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe File not found
O4 - HKU\S-1-5-21-1545508948-2400148293-1440026266-1178..\Run: [DBISQL9] C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe File not found
O4 - HKU\S-1-5-21-1545508948-2400148293-1440026266-1178..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE File not found
O4 - HKU\S-1-5-21-1545508948-2400148293-1440026266-1178..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1545508948-2400148293-1440026266-1178..\Run: [SybaseCentral43] C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe File not found
O4 - HKU\S-1-5-21-1545508948-2400148293-1440026266-500..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3007714419-1336913052-406872289-1009..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-3007714419-1336913052-406872289-1009..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-3007714419-1336913052-406872289-1009..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\stuladhar\Start Menu\Programs\Startup\palmOne Registration.lnk = C:\Program Files\Palm\register.exe (palmOne/Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1545508948-2400148293-1440026266-1136\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1545508948-2400148293-1440026266-1136\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1545508948-2400148293-1440026266-1178\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1545508948-2400148293-1440026266-1178\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1545508948-2400148293-1440026266-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1545508948-2400148293-1440026266-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3007714419-1336913052-406872289-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3007714419-1336913052-406872289-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3007714419-1336913052-406872289-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3007714419-1336913052-406872289-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3007714419-1336913052-406872289-1009_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_4.cab (FixController Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://bin.mcafee.com/molbin/shared/mcinsc...81/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1183263021796 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sureharvest.local
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/20 11:58:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/07/03 21:41:30 | 00,000,047 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/16 08:35:55 | 00,000,074 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/08/19 17:50:33 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\figaro.sys
[2009/08/19 17:50:33 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\beep.sys
[2009/08/19 17:47:46 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\braviax.exe
[2009/08/19 17:47:46 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\cru629.dat
[2009/08/19 17:47:46 | 00,006,144 | ---- | C] () -- C:\WINDOWS\cru629.dat
[2009/08/19 17:47:41 | 00,011,264 | ---- | C] () -- C:\WINDOWS\braviax.exe
[2009/08/19 17:40:05 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/18 18:19:49 | 00,019,910 | ---- | C] () -- C:\WINDOWS\System32\civowi.sys
[2009/08/18 18:19:49 | 00,018,908 | ---- | C] () -- C:\WINDOWS\ihimi.exe
[2009/08/18 18:19:49 | 00,018,638 | ---- | C] () -- C:\WINDOWS\jaku.exe
[2009/08/18 18:19:49 | 00,017,249 | ---- | C] () -- C:\Program Files\Common Files\jibuwatah.com
[2009/08/18 18:19:49 | 00,017,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\exenere.db
[2009/08/18 18:19:49 | 00,015,488 | ---- | C] () -- C:\WINDOWS\bonofib.dll
[2009/08/18 18:19:49 | 00,014,602 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\syqi.bat
[2009/08/18 18:19:49 | 00,014,288 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\finohe.scr
[2009/08/18 18:19:49 | 00,014,184 | ---- | C] () -- C:\WINDOWS\System32\sujidi._sy
[2009/08/18 18:19:49 | 00,014,109 | ---- | C] () -- C:\Program Files\Common Files\teqojaleqi.ban
[2009/08/18 18:19:49 | 00,011,873 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qehyguwa.bin
[2009/08/18 18:19:49 | 00,011,775 | ---- | C] () -- C:\WINDOWS\numadimil.reg
[2009/08/18 18:19:49 | 00,010,799 | ---- | C] () -- C:\WINDOWS\onucehewo.vbs
[2009/08/18 18:19:49 | 00,010,465 | ---- | C] () -- C:\WINDOWS\ulodeno.reg
[2009/08/18 18:19:04 | 00,000,000 | ---D | C] -- C:\Program Files\PC_Antispyware2010
[2009/08/18 18:13:02 | 00,190,539 | ---- | C] () -- C:\WINDOWS\System32\wisdstr.exe
[2009/08/18 18:12:51 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\beep.sys
[2009/08/18 18:04:36 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\OTL.exe
[2009/08/18 17:39:59 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/18 17:39:55 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/18 17:39:51 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/18 17:39:50 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/17 21:14:33 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\HiJackThis.exe
[2009/08/17 20:55:29 | 08,798,656 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\windows-kb890830-v2.13.exe
[2009/08/17 20:53:56 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/08/17 20:23:38 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/08/17 20:23:37 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF32473.exe
[2009/08/17 19:30:20 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/08/17 19:30:20 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/08/17 19:30:20 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll
[2009/08/17 19:30:20 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll
[2009/08/17 19:30:20 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll
[2009/08/17 19:30:20 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll
[2009/08/17 19:30:20 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/08/17 19:30:20 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys
[2009/08/17 19:30:20 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe
[2009/08/17 19:30:19 | 03,597,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll
[2009/08/17 19:30:19 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/08/17 19:30:19 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/08/17 19:30:19 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/08/17 19:30:19 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/08/17 19:30:19 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/08/17 19:30:19 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/08/17 19:30:19 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/08/17 19:30:19 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/08/17 19:30:19 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/08/17 19:30:19 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009/08/17 19:30:19 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/08/17 19:30:19 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/08/17 19:30:19 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/08/17 19:30:19 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/08/17 19:30:19 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/08/17 19:30:19 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/08/17 19:30:19 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/08/17 19:30:19 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/08/17 19:30:19 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/08/17 19:30:19 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/08/17 19:30:19 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/08/17 19:30:19 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/08/17 19:30:19 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/08/17 19:30:19 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ACPIEC.SYS
[2009/08/17 19:30:19 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/08/17 19:30:19 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\NULL.SYS
[2009/08/17 19:30:18 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/08/17 19:30:18 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/08/17 19:30:18 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/08/17 19:30:18 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/08/17 19:30:18 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/08/17 19:30:18 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/08/17 19:30:18 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/08/17 19:30:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/17 19:04:31 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/08/17 19:04:25 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/08/17 19:04:24 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/08/17 18:49:02 | 00,000,000 | ---D | C] -- C:\quarantine
[2009/08/17 18:20:04 | 00,216,064 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/17 18:20:04 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/08/17 18:20:04 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/08/17 18:20:04 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/08/17 18:20:04 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/08/17 18:20:04 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/08/17 18:20:04 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/17 18:20:04 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/08/17 18:19:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/17 18:19:41 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/16 17:28:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jdlott.HEATHER\Application Data\Malwarebytes
[2009/08/16 17:28:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/16 17:26:33 | 03,942,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\mbam-setup.exe
[2009/08/16 14:35:20 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/08/16 14:35:11 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/08/16 14:35:11 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/08/16 14:35:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/16 14:35:01 | 00,001,644 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/08/16 14:34:56 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/08/16 14:34:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/08/16 14:34:46 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/08/16 14:34:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jdlott.HEATHER\Application Data\PC Tools
[2009/08/16 14:34:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/08/16 14:23:48 | 05,154,304 | ---- | C] () -- C:\Documents and Settings\jdlott.HEATHER\Desktop\WindowsDefender.msi
[2009/08/16 14:21:28 | 26,171,928 | ---- | C] (PC Tools ) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\sdsetup.exe
[2009/08/16 14:07:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jdlott.HEATHER\Application Data\Windows Search
[2009/08/15 23:29:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jdlott.HEATHER\Application Data\vlc
[2009/08/15 23:28:19 | 00,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/08/15 23:27:48 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/08/15 23:22:46 | 00,001,620 | ---- | C] () -- C:\Documents and Settings\jdlott.HEATHER\Desktop\Free Dolphins Screensaver.lnk
[2009/08/15 23:22:46 | 00,001,618 | ---- | C] () -- C:\Documents and Settings\jdlott.HEATHER\Desktop\Free Whales ScreenSaver.lnk
[2009/08/15 23:22:45 | 00,001,616 | ---- | C] () -- C:\Documents and Settings\jdlott.HEATHER\Desktop\Free Animated Desktop Wallpaper.lnk
[2009/08/15 23:21:49 | 04,196,968 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\VLCfree_8676.exe
[2009/08/15 23:20:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jdlott.HEATHER\Application Data\Apple Computer
[2009/08/15 23:17:32 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/08/15 23:17:32 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/08/15 13:11:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jdlott.HEATHER\My Documents\Downloads
[2009/08/15 07:56:54 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/15 07:51:59 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/15 07:38:37 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/08/15 07:35:38 | 00,288,048 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\utorrent.exe
[2009/08/05 03:01:48 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/07/26 17:21:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jdlott.HEATHER\Application Data\CyberLink
[2009/07/25 09:14:57 | 00,019,705 | ---- | C] () -- C:\Documents and Settings\jdlott.HEATHER\Desktop\mamwama.jpg
[2009/05/17 08:15:24 | 00,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2009/04/06 17:42:29 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2009/04/06 17:42:25 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2009/04/06 17:41:32 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2009/04/06 17:41:32 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2009/04/06 17:41:32 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2009/04/06 17:41:02 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2009/04/06 17:41:02 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2009/04/06 17:40:41 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2009/04/06 17:40:41 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2009/04/06 17:38:36 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2009/04/06 17:36:33 | 00,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2009/04/06 17:36:33 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2009/04/06 17:36:32 | 01,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2009/04/06 17:36:32 | 00,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2009/04/06 17:36:32 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2009/04/06 17:36:32 | 00,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2009/04/06 17:36:31 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2009/04/06 17:36:31 | 00,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2009/04/06 17:36:31 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2009/04/06 17:36:31 | 00,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2009/04/06 17:36:30 | 00,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2009/04/06 17:36:29 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2009/04/06 17:36:26 | 00,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2009/04/06 17:36:26 | 00,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2007/09/27 11:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/10 22:49:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/10/15 21:54:00 | 00,003,649 | ---- | C] () -- C:\WINDOWS\hpdj6122.ini
[2006/10/08 14:21:03 | 00,172,056 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/02/28 15:48:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/08/26 13:53:21 | 00,000,126 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005/08/26 13:10:10 | 00,000,367 | ---- | C] () -- C:\WINDOWS\SWDEPEND.INI
[2005/08/26 13:10:09 | 00,000,247 | ---- | C] () -- C:\WINDOWS\SP70DATA.INI
[2005/03/23 17:35:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2005/02/09 11:56:53 | 00,001,591 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/09/14 11:40:23 | 00,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2004/09/14 11:40:23 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2004/09/14 11:35:20 | 00,018,277 | ---- | C] () -- C:\WINDOWS\hpclj3500.ini
[2004/09/14 11:34:37 | 00,000,312 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/09/14 11:34:35 | 00,001,045 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2004/09/14 11:34:16 | 00,196,608 | R--- | C] () -- C:\WINDOWS\System32\hpbvnstp.dll
[2004/08/27 18:17:39 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\irisscan.dll
[2004/08/27 18:17:22 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\IRSCANA8.dll
[2004/07/14 11:47:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2004/07/14 11:47:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/06/16 16:20:08 | 00,100,352 | ---- | C] () -- C:\WINDOWS\System32\PG32CONV.DLL
[2004/06/16 16:20:08 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2004/06/16 09:49:49 | 00,002,734 | ---- | C] () -- C:\WINDOWS\pviewm.ini
[2004/06/16 09:49:43 | 00,001,353 | ---- | C] () -- C:\WINDOWS\sview.ini
[2004/06/07 06:04:26 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/07 05:54:48 | 00,000,893 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/06/07 05:49:10 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/06/07 05:32:48 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/07 05:21:42 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/26 15:59:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/20 12:21:34 | 00,000,799 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/03/20 11:58:32 | 00,000,649 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/03/20 11:50:44 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/03/19 16:40:50 | 00,619,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntfs.sys
[2004/03/19 16:37:28 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/31 04:17:12 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2000/04/14 17:50:02 | 00,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1998/06/11 15:08:06 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll

========== Files - Modified Within 30 Days ==========

[2009/08/19 17:53:29 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/08/19 17:50:33 | 00,029,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\beep.sys
[2009/08/19 17:50:33 | 00,029,184 | ---- | M] () -- C:\WINDOWS\System32\dllcache\figaro.sys
[2009/08/19 17:50:33 | 00,029,184 | ---- | M] () -- C:\WINDOWS\System32\dllcache\beep.sys
[2009/08/19 17:50:33 | 00,011,264 | ---- | M] () -- C:\WINDOWS\System32\braviax.exe
[2009/08/19 17:47:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/19 17:47:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/08/19 17:47:46 | 00,011,264 | ---- | M] () -- C:\WINDOWS\braviax.exe
[2009/08/19 17:47:46 | 00,006,144 | ---- | M] () -- C:\WINDOWS\System32\cru629.dat
[2009/08/19 17:47:46 | 00,006,144 | ---- | M] () -- C:\WINDOWS\cru629.dat
[2009/08/18 18:19:49 | 00,019,910 | ---- | M] () -- C:\WINDOWS\System32\civowi.sys
[2009/08/18 18:19:49 | 00,018,908 | ---- | M] () -- C:\WINDOWS\ihimi.exe
[2009/08/18 18:19:49 | 00,018,638 | ---- | M] () -- C:\WINDOWS\jaku.exe
[2009/08/18 18:19:49 | 00,017,249 | ---- | M] () -- C:\Program Files\Common Files\jibuwatah.com
[2009/08/18 18:19:49 | 00,017,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\exenere.db
[2009/08/18 18:19:49 | 00,015,488 | ---- | M] () -- C:\WINDOWS\bonofib.dll
[2009/08/18 18:19:49 | 00,014,602 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\syqi.bat
[2009/08/18 18:19:49 | 00,014,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\finohe.scr
[2009/08/18 18:19:49 | 00,014,184 | ---- | M] () -- C:\WINDOWS\System32\sujidi._sy
[2009/08/18 18:19:49 | 00,014,109 | ---- | M] () -- C:\Program Files\Common Files\teqojaleqi.ban
[2009/08/18 18:19:49 | 00,011,873 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\qehyguwa.bin
[2009/08/18 18:19:49 | 00,011,775 | ---- | M] () -- C:\WINDOWS\numadimil.reg
[2009/08/18 18:19:49 | 00,010,799 | ---- | M] () -- C:\WINDOWS\onucehewo.vbs
[2009/08/18 18:19:49 | 00,010,465 | ---- | M] () -- C:\WINDOWS\ulodeno.reg
[2009/08/18 18:13:06 | 00,190,539 | ---- | M] () -- C:\WINDOWS\System32\wisdstr.exe
[2009/08/18 18:08:52 | 04,268,444 | -H-- | M] () -- C:\Documents and Settings\jdlott.HEATHER\Local Settings\Application Data\IconCache.db
[2009/08/18 18:04:40 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\OTL.exe
[2009/08/18 17:39:59 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/18 03:02:18 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/17 21:14:43 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\HiJackThis.exe
[2009/08/17 20:58:20 | 08,798,656 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\windows-kb890830-v2.13.exe
[2009/08/17 20:39:11 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/17 20:38:44 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2009/08/17 20:23:27 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF32473.exe
[2009/08/17 19:04:31 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI
[2009/08/16 17:27:43 | 03,942,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\mbam-setup.exe
[2009/08/16 14:35:02 | 00,001,644 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/08/16 14:31:46 | 26,171,928 | ---- | M] (PC Tools ) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\sdsetup.exe
[2009/08/16 14:27:25 | 05,154,304 | ---- | M] () -- C:\Documents and Settings\jdlott.HEATHER\Desktop\WindowsDefender.msi
[2009/08/15 23:28:19 | 00,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/08/15 23:22:46 | 00,001,620 | ---- | M] () -- C:\Documents and Settings\jdlott.HEATHER\Desktop\Free Dolphins Screensaver.lnk
[2009/08/15 23:22:46 | 00,001,618 | ---- | M] () -- C:\Documents and Settings\jdlott.HEATHER\Desktop\Free Whales ScreenSaver.lnk
[2009/08/15 23:22:45 | 00,001,616 | ---- | M] () -- C:\Documents and Settings\jdlott.HEATHER\Desktop\Free Animated Desktop Wallpaper.lnk
[2009/08/15 23:21:54 | 04,196,968 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\VLCfree_8676.exe
[2009/08/15 23:17:32 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/08/15 23:17:32 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/08/15 23:16:56 | 00,007,168 | ---- | M] () -- C:\Documents and Settings\jdlott.HEATHER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/15 07:44:10 | 00,619,584 | ---- | M] () -- C:\WINDOWS\System32\drivers\ntfs.sys
[2009/08/15 07:35:59 | 00,288,048 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\jdlott.HEATHER\Desktop\utorrent.exe
[2009/08/08 12:10:14 | 00,216,064 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/08/05 03:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 03:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/30 14:38:18 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/07/29 17:49:16 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/27 16:27:12 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/07/25 09:14:57 | 00,019,705 | ---- | M] () -- C:\Documents and Settings\jdlott.HEATHER\Desktop\mamwama.jpg

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:39 AM

Posted 21 August 2009 - 11:22 AM

We need to run Combofix. I see you have run it before and may have it still on your computer. If so, please delete that version and download the current version using these instructions.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Lareinab

Lareinab
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 21 August 2009 - 09:24 PM

Here is the log from Combofix

ComboFix 09-08-20.07 - jdlott 08/21/2009 19:53.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.638.296 [GMT -6:00]
Running from: c:\documents and settings\jdlott.HEATHER\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\LocalService\Start Menu\Programs\PC_Antispyware2010
c:\documents and settings\LocalService\Start Menu\Programs\PC_Antispyware2010\PC_Antispyware2010.lnk
c:\documents and settings\LocalService\Start Menu\Programs\PC_Antispyware2010\Uninstall.lnk
c:\program files\PC_Antispyware2010
c:\program files\PC_Antispyware2010\AVEngn.dll
c:\program files\PC_Antispyware2010\data\daily.cvd
c:\program files\PC_Antispyware2010\htmlayout.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg
c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe
c:\program files\PC_Antispyware2010\pthreadVC2.dll
c:\program files\PC_Antispyware2010\Uninstall.exe
c:\windows\bonofib.dll
c:\windows\braviax.exe
c:\windows\cru629.dat
c:\windows\ihimi.exe
c:\windows\jaku.exe
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\braviax.exe
c:\windows\system32\cru629.dat
c:\windows\system32\dllcache\figaro.sys
c:\windows\system32\wisdstr.exe
.
---- Previous Run -------
.
c:\documents and settings\jdlott.HEATHER\Local Settings\Temporary Internet Files\wepo.exe
c:\documents and settings\jdlott.HEATHER\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\braviax.exe
c:\windows\cru629.dat
c:\windows\system32\braviax.exe
c:\windows\system32\cru629.dat
c:\windows\system32\dllcache\figaro.sys


Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP969\A0153608.sys


Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP970\A0154053.sys

.
((((((((((((((((((((((((( Files Created from 2009-07-22 to 2009-08-22 )))))))))))))))))))))))))))))))
.

2009-08-22 02:15 . 2009-08-22 02:15 17023 ----a-w- c:\windows\kiqywuv.bat
2009-08-22 02:15 . 2009-08-22 02:15 15576 ----a-w- c:\windows\qisumyvara.dat
2009-08-22 02:15 . 2009-08-22 02:15 15257 ----a-w- c:\windows\ofyduta.pif
2009-08-22 02:15 . 2009-08-22 02:15 14849 ----a-w- c:\windows\izadonuwo.vbs
2009-08-22 02:15 . 2009-08-22 02:15 14500 ----a-w- c:\windows\system32\avusu.vbs
2009-08-22 02:15 . 2009-08-22 02:15 13945 ----a-w- c:\program files\Common Files\citoxihejy.reg
2009-08-22 02:15 . 2009-08-22 02:15 13898 ----a-w- c:\documents and settings\LocalService\Application Data\zaxynapino.exe
2009-08-22 02:15 . 2009-08-22 02:15 13196 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\punyzoheho.dat
2009-08-22 02:15 . 2009-08-22 02:15 11329 ----a-w- c:\windows\eriri.exe
2009-08-22 02:15 . 2009-08-22 02:59 -------- d-----w- c:\program files\PC_Antispyware2010
2009-08-22 02:08 . 2009-08-22 02:08 626336 ----a-w- c:\windows\system32\dllcache\ntfs.sys
2009-08-19 23:40 . 2009-08-19 23:40 -------- d-----w- C:\_OTL
2009-08-19 00:19 . 2009-08-19 00:19 19910 ----a-w- c:\windows\system32\civowi.sys
2009-08-19 00:19 . 2009-08-19 00:19 17249 ----a-w- c:\program files\Common Files\jibuwatah.com
2009-08-19 00:19 . 2009-08-19 00:19 17210 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\ymop.dat
2009-08-19 00:19 . 2009-08-19 00:19 17047 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\vekalune.bat
2009-08-19 00:19 . 2009-08-19 00:19 14602 ----a-w- c:\documents and settings\All Users\Application Data\syqi.bat
2009-08-19 00:19 . 2009-08-19 00:19 14288 ----a-w- c:\documents and settings\All Users\Application Data\finohe.scr
2009-08-19 00:19 . 2009-08-19 00:19 11775 ----a-w- c:\windows\numadimil.reg
2009-08-19 00:19 . 2009-08-19 00:19 10799 ----a-w- c:\windows\onucehewo.vbs
2009-08-19 00:19 . 2009-08-19 00:19 10465 ----a-w- c:\windows\ulodeno.reg
2009-08-19 00:12 . 2009-08-22 02:08 29184 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-19 00:12 . 2009-08-22 02:08 29184 ----a-w- c:\windows\system32\dllcache\beep.sys
2009-08-18 23:39 . 2009-08-03 19:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-18 23:39 . 2009-08-03 19:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-18 23:39 . 2009-08-18 23:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-18 00:49 . 2009-08-22 02:15 -------- d-----w- C:\quarantine
2009-08-16 23:28 . 2009-08-16 23:28 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\Malwarebytes
2009-08-16 23:28 . 2009-08-16 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-16 20:35 . 2008-12-11 14:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-16 20:35 . 2009-04-03 16:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-16 20:35 . 2008-12-18 17:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-16 20:35 . 2009-08-16 23:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-16 20:34 . 2009-08-16 21:09 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-16 20:34 . 2008-12-10 17:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-16 20:34 . 2009-08-16 21:11 -------- d-----w- c:\program files\Spyware Doctor
2009-08-16 20:34 . 2009-08-16 20:34 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\PC Tools
2009-08-16 20:34 . 2009-08-16 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-08-16 20:07 . 2009-08-16 20:07 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\Windows Search
2009-08-16 16:21 . 2009-08-16 16:21 18091 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\hoxitec.sys
2009-08-16 16:21 . 2009-08-16 16:21 18188 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\ezilef.dat
2009-08-16 05:29 . 2009-08-16 05:29 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\vlc
2009-08-16 05:27 . 2009-08-16 05:27 -------- d-----w- c:\program files\VideoLAN
2009-08-16 05:20 . 2009-08-16 05:20 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\Apple Computer
2009-08-15 13:56 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-15 13:38 . 2009-08-15 13:38 -------- d-----w- c:\program files\AskBarDis
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-26 23:21 . 2009-07-26 23:21 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 02:15 . 2009-08-22 02:15 15685 ----a-w- c:\program files\Common Files\pyzacoqim.lib
2009-08-22 02:08 . 2004-03-19 22:40 626336 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-19 00:19 . 2009-08-19 00:19 14109 ----a-w- c:\program files\Common Files\teqojaleqi.ban
2009-08-19 00:19 . 2009-08-19 00:19 11873 ----a-w- c:\documents and settings\All Users\Application Data\qehyguwa.bin
2009-08-17 14:18 . 2009-04-06 03:06 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\Skype
2009-08-16 16:21 . 2009-08-16 16:21 18380 ----a-w- c:\documents and settings\LocalService\Application Data\xovix.bin
2009-08-16 16:21 . 2009-08-16 16:21 10493 ----a-w- c:\documents and settings\LocalService\Application Data\lajyqilex.dat
2009-08-16 14:19 . 2009-04-07 18:54 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\skypePM
2009-08-05 09:01 . 2002-12-12 05:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-28 04:06 . 2009-04-06 23:43 -------- d-----w- c:\program files\Lx_cats
2009-07-17 19:01 . 2004-03-19 22:33 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 05:43 . 2004-08-04 07:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-05 09:01 . 2009-07-05 09:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-05 09:01 . 2009-07-05 09:01 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-02 23:01 . 2004-06-07 12:04 125272 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-02 22:59 . 2009-07-02 22:59 -------- d-----w- c:\program files\MSECache
2009-06-29 16:12 . 2004-02-06 23:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-03-19 22:34 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2004-03-30 01:48 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-03-30 01:48 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-03-19 22:44 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-03-19 22:42 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-03-19 22:40 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2004-03-19 22:38 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-03-19 22:38 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-03-19 22:43 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-03-19 22:37 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 23:52 . 2007-06-29 06:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-12 12:31 . 2004-03-19 22:43 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-03-19 22:43 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 15:19 . 2004-03-19 22:40 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-03-19 22:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2003-10-21 16:06 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2003-05-30 14:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-25 06:24 . 2008-05-27 05:18 350208 ----a-w- c:\windows\system32\mssph.dll
.

------- Sigcheck -------

[-] 2009-08-22 02:08 29184 03578D7FAEB514545F3AB36FFA0790CA c:\windows\SYSTEM32\DLLCACHE\beep.sys
[-] 2009-08-22 02:08 29184 03578D7FAEB514545F3AB36FFA0790CA c:\windows\SYSTEM32\DRIVERS\beep.sys

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys
[7] 2004-08-04 06:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys
[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2009-08-22 02:08 626336 E86D39DA8D7B1F24A79418C6650C0290 c:\windows\SYSTEM32\DLLCACHE\ntfs.sys
[-] 2009-08-22 02:08 626336 E86D39DA8D7B1F24A79418C6650C0290 c:\windows\SYSTEM32\DRIVERS\ntfs.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-08-18_01.18.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-22 02:15 . 2009-08-22 02:15 16384 c:\windows\Temp\Perflib_Perfdata_8ac.dat
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\SYSTEM32\DLLCACHE\wdigest.dll
- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\SYSTEM32\DLLCACHE\secur32.dll
+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\SYSTEM32\DLLCACHE\secur32.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\SYSTEM32\DLLCACHE\ksecdd.sys
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\SYSTEM32\DLLCACHE\atl.dll
+ 2004-08-04 07:56 . 2009-07-14 05:43 286208 c:\windows\SYSTEM32\DLLCACHE\wmpdxm.dll
+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\SYSTEM32\DLLCACHE\schannel.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\SYSTEM32\DLLCACHE\msv1_0.dll
+ 2009-04-16 11:01 . 2009-06-25 08:25 730112 c:\windows\SYSTEM32\DLLCACHE\lsasrv.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\SYSTEM32\DLLCACHE\kerberos.dll
+ 2004-08-04 07:56 . 2009-07-14 05:43 10841088 c:\windows\SYSTEM32\wmp.dll
+ 2005-05-11 10:00 . 2009-07-29 23:49 24281536 c:\windows\SYSTEM32\MRT.exe
- 2005-05-11 10:00 . 2009-07-30 00:49 24281536 c:\windows\SYSTEM32\MRT.exe
+ 2004-08-04 07:56 . 2009-07-14 05:43 10841088 c:\windows\SYSTEM32\DLLCACHE\wmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"StatusClient 2.5"="c:\program files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2003-03-08 36864]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2003-06-10 155648]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2005-03-02 139320]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-03-17 157552]
"VX1000"="c:\windows\vVX1000.exe" [2009-03-17 721936]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"Regedit32"="c:\windows\system32\regedit.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\stuladhar\Start Menu\Programs\Startup\
palmOne Registration.lnk - c:\program files\Palm\register.exe [2005-2-22 2301952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\vusbsp\\VonageTalkUSB.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxddtime.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [8/16/2009 2:35 PM 130936]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\SYSTEM32\DRIVERS\mvstdi5x.sys [12/3/2004 6:13 PM 58048]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 3:30 AM 204800]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/16/2009 2:34 PM 348752]
S1 5ade7e8;5ade7e8;c:\windows\system32\drivers\5ade7e8.sys --> c:\windows\system32\drivers\5ade7e8.sys [?]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [8/15/2009 7:40 AM 234888]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxddserv.exe [4/6/2009 5:42 PM 99248]
S3 NaiAvFilter101;NAI Anti Virus;\Device\NaiAvFilter101.sys --> \Device\NaiAvFilter101.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ENTDRV51
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PC Antispyware 2010 - c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\jdlott.HEATHER\Application Data\Mozilla\Firefox\Profiles\7q131snu.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\program files\Common Files\fluxDVD\APIX\NPAPIX.dll
FF - plugin: c:\program files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-21 20:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\EntApi.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2572)
c:\windows\system32\WININET.dll
c:\windows\system32\EntApi.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\lxddcoms.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\windows\SYSTEM32\java.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\SYSTEM32\searchindexer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\braviax.exe.vir
c:\windows\SYSTEM32\rundll32.exe
c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-08-22 21:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-22 03:06
ComboFix2.txt 2009-08-18 01:32

Pre-Run: 32,264,445,952 bytes free
Post-Run: 32,205,475,840 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
331 --- E O F --- 2009-08-19 09:01

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:39 AM

Posted 22 August 2009 - 11:14 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Driver::
5ade7e8

File::
c:\windows\system32\drivers\5ade7e8.sys
c:\windows\kiqywuv.bat
c:\windows\qisumyvara.dat
c:\windows\ofyduta.pif
c:\windows\izadonuwo.vbs
c:\windows\system32\avusu.vbs
c:\program files\Common Files\citoxihejy.reg
c:\documents and settings\LocalService\Application Data\zaxynapino.exe
c:\documents and settings\LocalService\Local Settings\Application Data\punyzoheho.dat
c:\windows\eriri.exe
c:\windows\system32\civowi.sys
c:\program files\Common Files\jibuwatah.com
c:\documents and settings\LocalService\Local Settings\Application Data\ymop.dat
c:\documents and settings\LocalService\Local Settings\Application Data\vekalune.bat
c:\documents and settings\All Users\Application Data\syqi.bat
c:\documents and settings\All Users\Application Data\finohe.scr
c:\windows\numadimil.reg
c:\windows\onucehewo.vbs
c:\windows\ulodeno.reg

Folder::
c:\program files\PC_Antispyware2010

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Regedit32"=-
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


==================



Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Lareinab

Lareinab
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 23 August 2009 - 09:07 AM

I had a hard time getting the computer to run..it kept freezing and was incredibly slow so, I had to restart it many time before I could follow your instructions.

Here's the combo fix log

ComboFix 09-08-22.06 - jdlott 08/22/2009 22:01.10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.638.230 [GMT -6:00]
Running from: c:\documents and settings\jdlott.HEATHER\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\jdlott.HEATHER\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\All Users\Application Data\finohe.scr"
"c:\documents and settings\All Users\Application Data\syqi.bat"
"c:\documents and settings\LocalService\Application Data\zaxynapino.exe"
"c:\documents and settings\LocalService\Local Settings\Application Data\punyzoheho.dat"
"c:\documents and settings\LocalService\Local Settings\Application Data\vekalune.bat"
"c:\documents and settings\LocalService\Local Settings\Application Data\ymop.dat"
"c:\program files\Common Files\citoxihejy.reg"
"c:\program files\Common Files\jibuwatah.com"
"c:\windows\eriri.exe"
"c:\windows\izadonuwo.vbs"
"c:\windows\kiqywuv.bat"
"c:\windows\numadimil.reg"
"c:\windows\ofyduta.pif"
"c:\windows\onucehewo.vbs"
"c:\windows\qisumyvara.dat"
"c:\windows\system32\avusu.vbs"
"c:\windows\system32\civowi.sys"
"c:\windows\system32\drivers\5ade7e8.sys"
"c:\windows\ulodeno.reg"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ijaf._dl
c:\documents and settings\LocalService\Start Menu\Programs\PC_Antispyware2010
c:\documents and settings\LocalService\Start Menu\Programs\PC_Antispyware2010\PC_Antispyware2010.lnk
c:\documents and settings\LocalService\Start Menu\Programs\PC_Antispyware2010\Uninstall.lnk
c:\program files\PC_Antispyware2010
c:\program files\PC_Antispyware2010\AVEngn.dll
c:\program files\PC_Antispyware2010\data\daily.cvd
c:\program files\PC_Antispyware2010\htmlayout.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg
c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe
c:\program files\PC_Antispyware2010\pthreadVC2.dll
c:\program files\PC_Antispyware2010\Uninstall.exe
c:\program files\PC_Antispyware2010\wscui.cpl
c:\windows\system32\_scui.cpl
c:\windows\system32\braviax.exe
c:\windows\system32\dllcache\figaro.sys
c:\windows\system32\wisdstr.exe
c:\windows\utojomoh.exe
c:\windows\ywipubysa.scr


Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP977\A0158435.sys

.
((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 )))))))))))))))))))))))))))))))
.

2009-08-23 03:55 . 2009-08-23 03:55 13542 ----a-w- c:\windows\fuvary.com
2009-08-23 03:55 . 2009-08-23 03:55 13425 ----a-w- c:\program files\Common Files\ydowoja.dat
2009-08-23 03:55 . 2009-08-23 03:55 16785 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\inysecod.reg
2009-08-23 03:55 . 2009-08-23 03:55 15834 ----a-w- c:\windows\ekozuxe.bin
2009-08-23 03:55 . 2009-08-23 03:55 14217 ----a-w- c:\windows\acugizypy.pif
2009-08-23 03:55 . 2009-08-23 03:55 12160 ----a-w- c:\program files\Common Files\kykahudu.bin
2009-08-23 03:55 . 2009-08-23 03:55 11676 ----a-w- c:\program files\Common Files\amisonupig.reg
2009-08-23 02:36 . 2009-08-23 02:36 19937 ----a-w- c:\program files\Common Files\ixaqodemy.sys
2009-08-23 02:36 . 2009-08-23 02:36 18977 ----a-w- c:\program files\Common Files\diculyn.bin
2009-08-23 02:36 . 2009-08-23 02:36 18051 ----a-w- c:\windows\caxisusaf.com
2009-08-23 02:36 . 2009-08-23 02:36 16999 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\bifabawe.reg
2009-08-23 02:36 . 2009-08-23 02:36 15712 ----a-w- c:\documents and settings\All Users\Application Data\kicuteci.bat
2009-08-23 02:36 . 2009-08-23 02:36 15391 ----a-w- c:\windows\xopedof.bin
2009-08-23 02:36 . 2009-08-23 02:36 10075 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\roradoso.scr
2009-08-22 14:02 . 2009-08-22 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2009-08-22 06:47 . 2009-08-22 06:47 10791 ----a-w- c:\documents and settings\All Users\Application Data\nujox.exe
2009-08-22 06:47 . 2009-08-22 06:47 17907 ----a-w- c:\windows\system32\dotedyna.exe
2009-08-22 06:47 . 2009-08-22 06:47 15449 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\qujof.sys
2009-08-22 06:47 . 2009-08-22 06:47 14617 ----a-w- c:\windows\mybemetaro.bin
2009-08-22 06:47 . 2009-08-22 06:47 13310 ----a-w- c:\documents and settings\All Users\Application Data\qewuf.exe
2009-08-22 06:47 . 2009-08-22 06:47 10222 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\urum.scr
2009-08-22 02:08 . 2009-08-23 04:20 626336 ----a-w- c:\windows\system32\dllcache\ntfs.sys
2009-08-19 23:40 . 2009-08-19 23:40 -------- d-----w- C:\_OTL
2009-08-19 00:12 . 2009-08-23 04:20 29184 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-19 00:12 . 2009-08-23 04:20 29184 ----a-w- c:\windows\system32\dllcache\beep.sys
2009-08-18 23:39 . 2009-08-03 19:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-18 23:39 . 2009-08-03 19:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-18 23:39 . 2009-08-18 23:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-18 00:49 . 2009-08-23 03:51 -------- d-----w- C:\quarantine
2009-08-16 23:28 . 2009-08-16 23:28 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\Malwarebytes
2009-08-16 23:28 . 2009-08-16 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-16 20:35 . 2008-12-11 14:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-16 20:35 . 2009-04-03 16:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-16 20:35 . 2008-12-18 17:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-16 20:35 . 2009-08-16 23:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-16 20:34 . 2009-08-16 21:09 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-16 20:34 . 2008-12-10 17:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-16 20:34 . 2009-08-16 21:11 -------- d-----w- c:\program files\Spyware Doctor
2009-08-16 20:34 . 2009-08-16 20:34 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\PC Tools
2009-08-16 20:34 . 2009-08-16 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-08-16 20:07 . 2009-08-16 20:07 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\Windows Search
2009-08-16 16:21 . 2009-08-16 16:21 18091 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\hoxitec.sys
2009-08-16 16:21 . 2009-08-16 16:21 18188 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\ezilef.dat
2009-08-16 05:29 . 2009-08-16 05:29 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\vlc
2009-08-16 05:27 . 2009-08-16 05:27 -------- d-----w- c:\program files\VideoLAN
2009-08-16 05:20 . 2009-08-16 05:20 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\Apple Computer
2009-08-15 13:56 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-15 13:38 . 2009-08-15 13:38 -------- d-----w- c:\program files\AskBarDis
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-26 23:21 . 2009-07-26 23:21 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 04:20 . 2004-03-19 22:40 626336 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-23 03:55 . 2009-08-23 03:55 16206 ----a-w- c:\documents and settings\All Users\Application Data\yfoxequpeb.reg
2009-08-23 03:55 . 2009-08-23 03:55 13061 ----a-w- c:\program files\Common Files\vevudico.inf
2009-08-23 03:55 . 2009-08-23 03:55 16034 ----a-w- c:\program files\Common Files\jihuby.lib
2009-08-23 02:36 . 2009-08-23 02:36 16708 ----a-w- c:\program files\Common Files\owidubesaq.lib
2009-08-22 06:47 . 2009-08-22 06:47 17752 ----a-w- c:\documents and settings\All Users\Application Data\kywocy.reg
2009-08-22 06:47 . 2009-08-22 06:47 17109 ----a-w- c:\program files\Common Files\girunoqote.db
2009-08-22 06:47 . 2009-08-22 06:47 16597 ----a-w- c:\program files\Common Files\xugacidim.lib
2009-08-22 06:47 . 2009-08-22 06:47 12677 ----a-w- c:\documents and settings\LocalService\Application Data\ahebazyzeq.vbs
2009-08-22 06:47 . 2009-08-22 06:47 11057 ----a-w- c:\program files\Common Files\kizej._dl
2009-08-22 06:47 . 2009-08-22 06:47 10289 ----a-w- c:\documents and settings\LocalService\Application Data\foreheb.vbs
2009-08-22 02:15 . 2009-08-22 02:15 15685 ----a-w- c:\program files\Common Files\pyzacoqim.lib
2009-08-19 00:19 . 2009-08-19 00:19 14109 ----a-w- c:\program files\Common Files\teqojaleqi.ban
2009-08-19 00:19 . 2009-08-19 00:19 11873 ----a-w- c:\documents and settings\All Users\Application Data\qehyguwa.bin
2009-08-17 14:18 . 2009-04-06 03:06 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\Skype
2009-08-16 16:21 . 2009-08-16 16:21 18380 ----a-w- c:\documents and settings\LocalService\Application Data\xovix.bin
2009-08-16 16:21 . 2009-08-16 16:21 10493 ----a-w- c:\documents and settings\LocalService\Application Data\lajyqilex.dat
2009-08-16 14:19 . 2009-04-07 18:54 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\skypePM
2009-08-05 09:01 . 2002-12-12 05:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-28 04:06 . 2009-04-06 23:43 -------- d-----w- c:\program files\Lx_cats
2009-07-17 19:01 . 2004-03-19 22:33 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 05:43 . 2004-08-04 07:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-05 09:01 . 2009-07-05 09:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-05 09:01 . 2009-07-05 09:01 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-02 23:01 . 2004-06-07 12:04 125272 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-02 22:59 . 2009-07-02 22:59 -------- d-----w- c:\program files\MSECache
2009-06-29 16:12 . 2004-02-06 23:05 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-03-19 22:34 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2004-03-30 01:48 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-03-30 01:48 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-03-19 22:44 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-03-19 22:42 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-03-19 22:40 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2004-03-19 22:38 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-03-19 22:38 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-03-19 22:43 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-03-19 22:37 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 23:52 . 2007-06-29 06:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-12 12:31 . 2004-03-19 22:43 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-03-19 22:43 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 15:19 . 2004-03-19 22:40 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-03-19 22:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2003-10-21 16:06 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2003-05-30 14:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-25 06:24 . 2008-05-27 05:18 350208 ----a-w- c:\windows\system32\mssph.dll
.

------- Sigcheck -------

[-] 2009-08-23 04:20 29184 03578D7FAEB514545F3AB36FFA0790CA c:\windows\SYSTEM32\DLLCACHE\beep.sys
[-] 2009-08-23 04:20 29184 03578D7FAEB514545F3AB36FFA0790CA c:\windows\SYSTEM32\DRIVERS\beep.sys

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys
[7] 2004-08-04 06:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys
[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2009-08-23 04:20 626336 E86D39DA8D7B1F24A79418C6650C0290 c:\windows\SYSTEM32\DLLCACHE\ntfs.sys
[-] 2009-08-23 04:20 626336 E86D39DA8D7B1F24A79418C6650C0290 c:\windows\SYSTEM32\DRIVERS\ntfs.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-08-18_01.18.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-22 03:57 . 2009-08-22 03:57 11445 c:\windows\SYSTEM32\yzube.dat
+ 2009-08-22 03:57 . 2009-08-22 03:57 14279 c:\windows\SYSTEM32\ovytozoqyl.dat
+ 2009-08-22 03:57 . 2009-08-22 03:57 17533 c:\windows\SYSTEM32\otet.bin
+ 2009-08-22 03:57 . 2009-08-22 03:57 17178 c:\windows\SYSTEM32\jinamonowu.bin
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\SYSTEM32\DLLCACHE\wdigest.dll
- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\SYSTEM32\DLLCACHE\secur32.dll
+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\SYSTEM32\DLLCACHE\secur32.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\SYSTEM32\DLLCACHE\ksecdd.sys
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\SYSTEM32\DLLCACHE\atl.dll
+ 2009-08-22 03:57 . 2009-08-22 03:57 17131 c:\windows\imav.pif
+ 2009-08-22 03:57 . 2009-08-22 03:57 19176 c:\windows\hetisati.vbs
+ 2004-08-04 07:56 . 2009-07-14 05:43 286208 c:\windows\SYSTEM32\DLLCACHE\wmpdxm.dll
+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\SYSTEM32\DLLCACHE\schannel.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\SYSTEM32\DLLCACHE\msv1_0.dll
+ 2009-04-16 11:01 . 2009-06-25 08:25 730112 c:\windows\SYSTEM32\DLLCACHE\lsasrv.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\SYSTEM32\DLLCACHE\kerberos.dll
+ 2004-08-04 07:56 . 2009-07-14 05:43 10841088 c:\windows\SYSTEM32\wmp.dll
+ 2005-05-11 10:00 . 2009-07-29 23:49 24281536 c:\windows\SYSTEM32\MRT.exe
- 2005-05-11 10:00 . 2009-07-30 00:49 24281536 c:\windows\SYSTEM32\MRT.exe
+ 2004-08-04 07:56 . 2009-07-14 05:43 10841088 c:\windows\SYSTEM32\DLLCACHE\wmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"StatusClient 2.5"="c:\program files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2003-03-08 36864]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2003-06-10 155648]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2005-03-02 139320]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-03-17 157552]
"VX1000"="c:\windows\vVX1000.exe" [2009-03-17 721936]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"PC Antispyware 2010"="c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe" [BU]
"Regedit32"="c:\windows\system32\regedit.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\stuladhar\Start Menu\Programs\Startup\
palmOne Registration.lnk - c:\program files\Palm\register.exe [2005-2-22 2301952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\vusbsp\\VonageTalkUSB.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxddtime.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [8/16/2009 2:35 PM 130936]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\SYSTEM32\DRIVERS\mvstdi5x.sys [12/3/2004 6:13 PM 58048]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 3:30 AM 204800]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/16/2009 2:34 PM 348752]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [8/15/2009 7:40 AM 234888]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxddserv.exe [4/6/2009 5:42 PM 99248]
S3 NaiAvFilter101;NAI Anti Virus;\Device\NaiAvFilter101.sys --> \Device\NaiAvFilter101.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ENTDRV51
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\jdlott.HEATHER\Application Data\Mozilla\Firefox\Profiles\7q131snu.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\program files\Common Files\fluxDVD\APIX\NPAPIX.dll
FF - plugin: c:\program files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-22 22:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\JDLOTT~1.HEA\LOCALS~1\Temp\jucl22wb.0.cs 29295 bytes
c:\docume~1\JDLOTT~1.HEA\LOCALS~1\Temp\jucl22wb.cmdline 551 bytes
c:\docume~1\JDLOTT~1.HEA\LOCALS~1\Temp\jucl22wb.dll 0 bytes
c:\docume~1\JDLOTT~1.HEA\LOCALS~1\Temp\jucl22wb.err 0 bytes
c:\docume~1\JDLOTT~1.HEA\LOCALS~1\Temp\jucl22wb.out 655 bytes
c:\docume~1\JDLOTT~1.HEA\LOCALS~1\Temp\jucl22wb.tmp 0 bytes

scan completed successfully
hidden files: 6

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\EntApi.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(6656)
c:\windows\system32\WININET.dll
c:\windows\system32\EntApi.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\lxddcoms.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\windows\SYSTEM32\java.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\SYSTEM32\searchindexer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\braviax.exe.vir
c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-08-23 22:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-23 04:31
ComboFix2.txt 2009-08-23 03:58
ComboFix3.txt 2009-08-22 06:51
ComboFix4.txt 2009-08-22 04:08
ComboFix5.txt 2009-08-23 04:00

Pre-Run: 32,084,426,752 bytes free
Post-Run: 32,034,467,840 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
360 --- E O F --- 2009-08-19 09:01


Here's the Malware log

Malwarebytes' Anti-Malware 1.40
Database version: 2680
Windows 5.1.2600 Service Pack 3

8/23/2009 8:47:05 AM
mbam-log-2009-08-23 (08-47-05).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 514259
Time elapsed: 6 hour(s), 4 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 43

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PC Antispyware 2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Program Files\PC_Antispyware2010\htmlayout.dll.vir (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe.vir (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\PC_Antispyware2010\Uninstall.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\PC_Antispyware2010\wscui.cpl.vir (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\cru629.dat.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\cru629.dat.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\wisdstr.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\_scui.cpl.vir (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DLLCACHE\figaro.sys.vir (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DLLCACHE\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP974\A0154311.dll (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP974\A0154317.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP974\A0154319.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP974\A0154321.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP974\A0154325.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP974\A0154326.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP974\A0154327.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP974\A0154328.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP974\A0154329.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP974\A0154635.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP974\A0154645.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP974\A0155637.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP974\A0155643.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP974\A0155758.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP974\A0155760.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP974\A0155763.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP974\A0155782.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP974\A0154646.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP974\A0155645.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP974\A0155753.dll (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP975\snapshot\MFEX-1.DAT (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP976\A0155966.dll (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP976\A0155972.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP976\A0155974.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP976\A0155975.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP976\A0155982.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP976\A0155986.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP976\A0155987.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP976\A0155989.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP976\A0155990.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP976\snapshot\MFEX-1.DAT (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:39 AM

Posted 23 August 2009 - 09:24 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
c:\documents and settings\All Users\Application Data\kicuteci.bat
c:\documents and settings\All Users\Application Data\nujox.exe
c:\documents and settings\All Users\Application Data\qewuf.exe
c:\documents and settings\LocalService\Local Settings\Application Data\bifabawe.reg
c:\documents and settings\LocalService\Local Settings\Application Data\ezilef.dat
c:\documents and settings\LocalService\Local Settings\Application Data\hoxitec.sys
c:\documents and settings\LocalService\Local Settings\Application Data\inysecod.reg
c:\documents and settings\LocalService\Local Settings\Application Data\qujof.sys
c:\documents and settings\LocalService\Local Settings\Application Data\roradoso.scr
c:\documents and settings\LocalService\Local Settings\Application Data\urum.scr
c:\program files\Common Files\amisonupig.reg
c:\program files\Common Files\diculyn.bin
c:\program files\Common Files\ixaqodemy.sys
c:\program files\Common Files\kykahudu.bin
c:\program files\Common Files\ydowoja.dat
c:\windows\acugizypy.pif
c:\windows\caxisusaf.com
c:\windows\ekozuxe.bin
c:\windows\fuvary.com
c:\windows\mybemetaro.bin
c:\windows\system32\dllcache\ntfs.sys
c:\windows\system32\dotedyna.exe
c:\windows\xopedof.bin
c:\windows\SYSTEM32\yzube.dat
c:\windows\SYSTEM32\ovytozoqyl.dat
c:\windows\SYSTEM32\otet.bin
c:\windows\SYSTEM32\jinamonowu.bin
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Lareinab

Lareinab
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 23 August 2009 - 10:34 AM

Here it is..



ComboFix 09-08-22.06 - jdlott 08/23/2009 10:03.11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.638.289 [GMT -6:00]
Running from: c:\documents and settings\jdlott.HEATHER\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\jdlott.HEATHER\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\All Users\Application Data\kicuteci.bat"
"c:\documents and settings\All Users\Application Data\nujox.exe"
"c:\documents and settings\All Users\Application Data\qewuf.exe"
"c:\documents and settings\LocalService\Local Settings\Application Data\bifabawe.reg"
"c:\documents and settings\LocalService\Local Settings\Application Data\ezilef.dat"
"c:\documents and settings\LocalService\Local Settings\Application Data\hoxitec.sys"
"c:\documents and settings\LocalService\Local Settings\Application Data\inysecod.reg"
"c:\documents and settings\LocalService\Local Settings\Application Data\qujof.sys"
"c:\documents and settings\LocalService\Local Settings\Application Data\roradoso.scr"
"c:\documents and settings\LocalService\Local Settings\Application Data\urum.scr"
"c:\program files\Common Files\amisonupig.reg"
"c:\program files\Common Files\diculyn.bin"
"c:\program files\Common Files\ixaqodemy.sys"
"c:\program files\Common Files\kykahudu.bin"
"c:\program files\Common Files\ydowoja.dat"
"c:\windows\acugizypy.pif"
"c:\windows\caxisusaf.com"
"c:\windows\ekozuxe.bin"
"c:\windows\fuvary.com"
"c:\windows\mybemetaro.bin"
"c:\windows\system32\dllcache\ntfs.sys"
"c:\windows\system32\dotedyna.exe"
"c:\windows\SYSTEM32\jinamonowu.bin"
"c:\windows\SYSTEM32\otet.bin"
"c:\windows\SYSTEM32\ovytozoqyl.dat"
"c:\windows\SYSTEM32\yzube.dat"
"c:\windows\xopedof.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\kicuteci.bat
c:\documents and settings\All Users\Application Data\nujox.exe
c:\documents and settings\All Users\Application Data\qewuf.exe
c:\documents and settings\LocalService\Local Settings\Application Data\bifabawe.reg
c:\documents and settings\LocalService\Local Settings\Application Data\ezilef.dat
c:\documents and settings\LocalService\Local Settings\Application Data\hoxitec.sys
c:\documents and settings\LocalService\Local Settings\Application Data\inysecod.reg
c:\documents and settings\LocalService\Local Settings\Application Data\qujof.sys
c:\documents and settings\LocalService\Local Settings\Application Data\roradoso.scr
c:\documents and settings\LocalService\Local Settings\Application Data\urum.scr
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\muzovevuku.ban
c:\documents and settings\LocalService\Start Menu\Programs\PC_Antispyware2010
c:\documents and settings\LocalService\Start Menu\Programs\PC_Antispyware2010\PC_Antispyware2010.lnk
c:\documents and settings\LocalService\Start Menu\Programs\PC_Antispyware2010\Uninstall.lnk
c:\program files\Common Files\amisonupig.reg
c:\program files\Common Files\diculyn.bin
c:\program files\Common Files\ixaqodemy.sys
c:\program files\Common Files\kykahudu.bin
c:\program files\Common Files\ydowoja.dat
c:\program files\PC_Antispyware2010
c:\program files\PC_Antispyware2010\AVEngn.dll
c:\program files\PC_Antispyware2010\data\daily.cvd
c:\program files\PC_Antispyware2010\htmlayout.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg
c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe
c:\program files\PC_Antispyware2010\pthreadVC2.dll
c:\program files\PC_Antispyware2010\Uninstall.exe
c:\program files\PC_Antispyware2010\wscui.cpl
c:\windows\acugizypy.pif
c:\windows\caxisusaf.com
c:\windows\ekozuxe.bin
c:\windows\fuvary.com
c:\windows\hedinawy.exe
c:\windows\ifyjidu.exe
c:\windows\mybemetaro.bin
c:\windows\system32\_scui.cpl
c:\windows\system32\braviax.exe
c:\windows\system32\dllcache\figaro.sys
c:\windows\system32\dllcache\ntfs.sys
c:\windows\system32\dotedyna.exe
c:\windows\SYSTEM32\jinamonowu.bin
c:\windows\SYSTEM32\otet.bin
c:\windows\SYSTEM32\ovytozoqyl.dat
c:\windows\system32\wisdstr.exe
c:\windows\SYSTEM32\yzube.dat
c:\windows\xopedof.bin


.
((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 )))))))))))))))))))))))))))))))
.

2009-08-23 15:11 . 2009-08-23 15:11 0 ----a-w- c:\documents and settings\jdlott.HEATHER\settings.dat
2009-08-23 14:59 . 2009-08-23 14:59 16704 ----a-w- c:\program files\Common Files\ywydem.pif
2009-08-23 14:59 . 2009-08-23 14:59 14932 ----a-w- c:\documents and settings\LocalService\Application Data\owopovo.bat
2009-08-23 14:59 . 2009-08-23 14:59 11125 ----a-w- c:\windows\system32\jazawa.scr
2009-08-23 14:59 . 2009-08-23 14:59 19463 ----a-w- c:\windows\system32\ixixycoxab.dll
2009-08-23 14:59 . 2009-08-23 14:59 15191 ----a-w- c:\documents and settings\All Users\Application Data\iles.com
2009-08-23 14:59 . 2009-08-23 14:59 13383 ----a-w- c:\program files\Common Files\axijyseqo.dll
2009-08-23 14:59 . 2009-08-23 14:59 13363 ----a-w- c:\documents and settings\All Users\Application Data\ycos.dll
2009-08-23 14:59 . 2009-08-23 14:59 12365 ----a-w- c:\windows\epuh.pif
2009-08-23 14:59 . 2009-08-23 14:59 11874 ----a-w- c:\program files\Common Files\ynewovok.exe
2009-08-23 14:59 . 2009-08-23 14:59 11028 ----a-w- c:\documents and settings\All Users\Application Data\yluxu.pif
2009-08-23 14:59 . 2009-08-23 14:59 10599 ----a-w- c:\windows\ohivoc.dat
2009-08-22 14:02 . 2009-08-22 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2009-08-22 03:57 . 2009-08-22 03:57 16608 ----a-w- c:\program files\Common Files\inuduf.reg
2009-08-22 03:57 . 2009-08-22 03:57 19176 ----a-w- c:\windows\hetisati.vbs
2009-08-22 03:57 . 2009-08-22 03:57 17131 ----a-w- c:\windows\imav.pif
2009-08-22 03:57 . 2009-08-22 03:57 16250 ----a-w- c:\documents and settings\All Users\Application Data\mukukugij.bat
2009-08-22 03:57 . 2009-08-22 03:57 14521 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\yciguf.vbs
2009-08-22 03:57 . 2009-08-22 03:57 13780 ----a-w- c:\documents and settings\All Users\Application Data\upexatu.exe
2009-08-22 03:57 . 2009-08-22 03:57 12079 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\elume.reg
2009-08-22 03:57 . 2009-08-22 03:57 11078 ----a-w- c:\documents and settings\All Users\Application Data\vyvydovy.sys
2009-08-22 03:57 . 2009-08-22 03:57 10865 ----a-w- c:\program files\Common Files\esevy.bin
2009-08-19 23:40 . 2009-08-19 23:40 -------- d-----w- C:\_OTL
2009-08-18 23:39 . 2009-08-03 19:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-18 23:39 . 2009-08-03 19:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-18 23:39 . 2009-08-18 23:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-18 00:49 . 2009-08-23 14:59 -------- d-----w- C:\quarantine
2009-08-16 23:28 . 2009-08-16 23:28 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\Malwarebytes
2009-08-16 23:28 . 2009-08-16 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-16 20:35 . 2008-12-11 14:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-16 20:35 . 2009-04-03 16:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-16 20:35 . 2008-12-18 17:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-16 20:35 . 2009-08-16 23:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-16 20:34 . 2009-08-16 21:09 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-16 20:34 . 2008-12-10 17:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-16 20:34 . 2009-08-16 21:11 -------- d-----w- c:\program files\Spyware Doctor
2009-08-16 20:34 . 2009-08-16 20:34 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\PC Tools
2009-08-16 20:34 . 2009-08-16 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-08-16 20:07 . 2009-08-16 20:07 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\Windows Search
2009-08-16 05:29 . 2009-08-16 05:29 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\vlc
2009-08-16 05:27 . 2009-08-16 05:27 -------- d-----w- c:\program files\VideoLAN
2009-08-16 05:20 . 2009-08-16 05:20 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\Apple Computer
2009-08-15 13:56 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-15 13:38 . 2009-08-15 13:38 -------- d-----w- c:\program files\AskBarDis
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-26 23:21 . 2009-07-26 23:21 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 14:59 . 2009-08-23 14:59 14443 ----a-w- c:\documents and settings\LocalService\Application Data\okyfij.vbs
2009-08-23 14:51 . 2004-03-19 22:40 626336 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-23 03:55 . 2009-08-23 03:55 16206 ----a-w- c:\documents and settings\All Users\Application Data\yfoxequpeb.reg
2009-08-23 03:55 . 2009-08-23 03:55 13061 ----a-w- c:\program files\Common Files\vevudico.inf
2009-08-23 03:55 . 2009-08-23 03:55 16034 ----a-w- c:\program files\Common Files\jihuby.lib
2009-08-23 02:36 . 2009-08-23 02:36 16708 ----a-w- c:\program files\Common Files\owidubesaq.lib
2009-08-22 06:47 . 2009-08-22 06:47 17752 ----a-w- c:\documents and settings\All Users\Application Data\kywocy.reg
2009-08-22 06:47 . 2009-08-22 06:47 17109 ----a-w- c:\program files\Common Files\girunoqote.db
2009-08-22 06:47 . 2009-08-22 06:47 16597 ----a-w- c:\program files\Common Files\xugacidim.lib
2009-08-22 06:47 . 2009-08-22 06:47 12677 ----a-w- c:\documents and settings\LocalService\Application Data\ahebazyzeq.vbs
2009-08-22 06:47 . 2009-08-22 06:47 11057 ----a-w- c:\program files\Common Files\kizej._dl
2009-08-22 06:47 . 2009-08-22 06:47 10289 ----a-w- c:\documents and settings\LocalService\Application Data\foreheb.vbs
2009-08-22 03:57 . 2009-08-22 03:57 19834 ----a-w- c:\documents and settings\All Users\Application Data\govosow.reg
2009-08-22 03:57 . 2009-08-22 03:57 19582 ----a-w- c:\program files\Common Files\mitarug.lib
2009-08-22 03:57 . 2009-08-22 03:57 10166 ----a-w- c:\program files\Common Files\qojemeg.lib
2009-08-22 02:15 . 2009-08-22 02:15 15685 ----a-w- c:\program files\Common Files\pyzacoqim.lib
2009-08-19 00:19 . 2009-08-19 00:19 14109 ----a-w- c:\program files\Common Files\teqojaleqi.ban
2009-08-19 00:19 . 2009-08-19 00:19 11873 ----a-w- c:\documents and settings\All Users\Application Data\qehyguwa.bin
2009-08-17 14:18 . 2009-04-06 03:06 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\Skype
2009-08-16 16:21 . 2009-08-16 16:21 18380 ----a-w- c:\documents and settings\LocalService\Application Data\xovix.bin
2009-08-16 16:21 . 2009-08-16 16:21 10493 ----a-w- c:\documents and settings\LocalService\Application Data\lajyqilex.dat
2009-08-16 14:19 . 2009-04-07 18:54 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\skypePM
2009-08-05 09:01 . 2002-12-12 05:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-28 04:06 . 2009-04-06 23:43 -------- d-----w- c:\program files\Lx_cats
2009-07-17 19:01 . 2004-03-19 22:33 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 05:43 . 2004-08-04 07:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-05 09:01 . 2009-07-05 09:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-05 09:01 . 2009-07-05 09:01 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-02 23:01 . 2004-06-07 12:04 125272 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-02 22:59 . 2009-07-02 22:59 -------- d-----w- c:\program files\MSECache
2009-06-29 16:12 . 2004-02-06 23:05 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-03-19 22:34 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2004-03-30 01:48 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-03-30 01:48 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-03-19 22:44 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-03-19 22:42 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-03-19 22:40 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2004-03-19 22:38 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-03-19 22:38 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-03-19 22:43 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-03-19 22:37 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 23:52 . 2007-06-29 06:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-12 12:31 . 2004-03-19 22:43 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-03-19 22:43 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 15:19 . 2004-03-19 22:40 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-03-19 22:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2003-10-21 16:06 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2003-05-30 14:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.

------- Sigcheck -------

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys
[7] 2004-08-04 06:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys
[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2009-08-23 14:51 626336 E86D39DA8D7B1F24A79418C6650C0290 c:\windows\SYSTEM32\DRIVERS\ntfs.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-08-18_01.18.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\SYSTEM32\DLLCACHE\wdigest.dll
- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\SYSTEM32\DLLCACHE\secur32.dll
+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\SYSTEM32\DLLCACHE\secur32.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\SYSTEM32\DLLCACHE\ksecdd.sys
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\SYSTEM32\DLLCACHE\atl.dll
+ 2004-06-17 17:31 . 2004-03-19 22:34 4224 c:\windows\SYSTEM32\DRIVERS\beep.sys
+ 2004-06-17 17:31 . 2004-03-19 22:34 4224 c:\windows\SYSTEM32\DLLCACHE\beep.sys
+ 2004-08-04 07:56 . 2009-07-14 05:43 286208 c:\windows\SYSTEM32\DLLCACHE\wmpdxm.dll
+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\SYSTEM32\DLLCACHE\schannel.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\SYSTEM32\DLLCACHE\msv1_0.dll
+ 2009-04-16 11:01 . 2009-06-25 08:25 730112 c:\windows\SYSTEM32\DLLCACHE\lsasrv.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\SYSTEM32\DLLCACHE\kerberos.dll
+ 2004-08-04 07:56 . 2009-07-14 05:43 10841088 c:\windows\SYSTEM32\wmp.dll
- 2005-05-11 10:00 . 2009-07-30 00:49 24281536 c:\windows\SYSTEM32\MRT.exe
+ 2005-05-11 10:00 . 2009-07-29 23:49 24281536 c:\windows\SYSTEM32\MRT.exe
+ 2004-08-04 07:56 . 2009-07-14 05:43 10841088 c:\windows\SYSTEM32\DLLCACHE\wmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"StatusClient 2.5"="c:\program files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2003-03-08 36864]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2003-06-10 155648]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2005-03-02 139320]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-03-17 157552]
"VX1000"="c:\windows\vVX1000.exe" [2009-03-17 721936]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"PC Antispyware 2010"="c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\stuladhar\Start Menu\Programs\Startup\
palmOne Registration.lnk - c:\program files\Palm\register.exe [2005-2-22 2301952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\vusbsp\\VonageTalkUSB.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxddtime.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [8/16/2009 2:35 PM 130936]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\SYSTEM32\DRIVERS\mvstdi5x.sys [12/3/2004 6:13 PM 58048]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 3:30 AM 204800]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/16/2009 2:34 PM 348752]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [8/15/2009 7:40 AM 234888]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxddserv.exe [4/6/2009 5:42 PM 99248]
S3 NaiAvFilter101;NAI Anti Virus;\Device\NaiAvFilter101.sys --> \Device\NaiAvFilter101.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\jdlott.HEATHER\Application Data\Mozilla\Firefox\Profiles\7q131snu.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\program files\Common Files\fluxDVD\APIX\NPAPIX.dll
FF - plugin: c:\program files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 10:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\EntApi.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-08-23 10:22
ComboFix-quarantined-files.txt 2009-08-23 16:22
ComboFix2.txt 2009-08-23 04:31
ComboFix3.txt 2009-08-23 03:58
ComboFix4.txt 2009-08-22 06:51
ComboFix5.txt 2009-08-23 15:56

Pre-Run: 32,030,859,264 bytes free
Post-Run: 31,992,692,736 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
345 --- E O F --- 2009-08-19 09:01

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:39 AM

Posted 23 August 2009 - 03:22 PM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Folder::
c:\program files\PC_Antispyware2010

File::
c:\documents and settings\All Users\Application Data\govosow.reg
c:\documents and settings\All Users\Application Data\iles.com
c:\documents and settings\All Users\Application Data\kywocy.reg
c:\documents and settings\All Users\Application Data\mukukugij.bat
c:\documents and settings\All Users\Application Data\qehyguwa.bin
c:\documents and settings\All Users\Application Data\upexatu.exe
c:\documents and settings\All Users\Application Data\vyvydovy.sys
c:\documents and settings\All Users\Application Data\ycos.dll
c:\documents and settings\All Users\Application Data\yfoxequpeb.reg
c:\documents and settings\All Users\Application Data\yluxu.pif
c:\documents and settings\LocalService\Application Data\ahebazyzeq.vbs
c:\documents and settings\LocalService\Application Data\foreheb.vbs
c:\documents and settings\LocalService\Application Data\lajyqilex.dat
c:\documents and settings\LocalService\Application Data\okyfij.vbs
c:\documents and settings\LocalService\Application Data\owopovo.bat
c:\documents and settings\LocalService\Application Data\xovix.bin
c:\documents and settings\LocalService\Local Settings\Application Data\elume.reg
c:\documents and settings\LocalService\Local Settings\Application Data\yciguf.vbs
c:\program files\Common Files\axijyseqo.dll
c:\program files\Common Files\esevy.bin
c:\program files\Common Files\girunoqote.db
c:\program files\Common Files\inuduf.reg
c:\program files\Common Files\jihuby.lib
c:\program files\Common Files\kizej._dl
c:\program files\Common Files\mitarug.lib
c:\program files\Common Files\owidubesaq.lib
c:\program files\Common Files\pyzacoqim.lib
c:\program files\Common Files\qojemeg.lib
c:\program files\Common Files\teqojaleqi.ban
c:\program files\Common Files\vevudico.inf
c:\program files\Common Files\xugacidim.lib
c:\program files\Common Files\ynewovok.exe
c:\program files\Common Files\ywydem.pif
c:\windows\epuh.pif
c:\windows\hetisati.vbs
c:\windows\imav.pif
c:\windows\ohivoc.dat
c:\windows\system32\ixixycoxab.dll
c:\windows\system32\jazawa.scr


Registry::
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


====================


Download RootRepeal from one of the following locations and save it to your desktop:Link 1
Link 2
Link 3
  • Double click Posted Image to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Posted Image button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, click the Posted Image button and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 Lareinab

Lareinab
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 24 August 2009 - 07:24 PM

I am unable to run RootRepeal..I have tried several times but the program freezes once it starts to scan the PC Antivirus 2010 folder and then once I restart the computer the virus is back again. Here's the log from combofix

ComboFix 09-08-22.06 - jdlott 08/23/2009 23:59.14.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.638.141 [GMT -6:00]
Running from: c:\documents and settings\jdlott.HEATHER\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\jdlott.HEATHER\Desktop\CFScript.txt
* Resident AV is active


FILE ::
"c:\documents and settings\All Users\Application Data\govosow.reg"
"c:\documents and settings\All Users\Application Data\iles.com"
"c:\documents and settings\All Users\Application Data\kywocy.reg"
"c:\documents and settings\All Users\Application Data\mukukugij.bat"
"c:\documents and settings\All Users\Application Data\qehyguwa.bin"
"c:\documents and settings\All Users\Application Data\upexatu.exe"
"c:\documents and settings\All Users\Application Data\vyvydovy.sys"
"c:\documents and settings\All Users\Application Data\ycos.dll"
"c:\documents and settings\All Users\Application Data\yfoxequpeb.reg"
"c:\documents and settings\All Users\Application Data\yluxu.pif"
"c:\documents and settings\LocalService\Application Data\ahebazyzeq.vbs"
"c:\documents and settings\LocalService\Application Data\foreheb.vbs"
"c:\documents and settings\LocalService\Application Data\lajyqilex.dat"
"c:\documents and settings\LocalService\Application Data\okyfij.vbs"
"c:\documents and settings\LocalService\Application Data\owopovo.bat"
"c:\documents and settings\LocalService\Application Data\xovix.bin"
"c:\documents and settings\LocalService\Local Settings\Application Data\elume.reg"
"c:\documents and settings\LocalService\Local Settings\Application Data\yciguf.vbs"
"c:\program files\Common Files\axijyseqo.dll"
"c:\program files\Common Files\esevy.bin"
"c:\program files\Common Files\girunoqote.db"
"c:\program files\Common Files\inuduf.reg"
"c:\program files\Common Files\jihuby.lib"
"c:\program files\Common Files\kizej._dl"
"c:\program files\Common Files\mitarug.lib"
"c:\program files\Common Files\owidubesaq.lib"
"c:\program files\Common Files\pyzacoqim.lib"
"c:\program files\Common Files\qojemeg.lib"
"c:\program files\Common Files\teqojaleqi.ban"
"c:\program files\Common Files\vevudico.inf"
"c:\program files\Common Files\xugacidim.lib"
"c:\program files\Common Files\ynewovok.exe"
"c:\program files\Common Files\ywydem.pif"
"c:\windows\epuh.pif"
"c:\windows\hetisati.vbs"
"c:\windows\imav.pif"
"c:\windows\ohivoc.dat"
"c:\windows\system32\ixixycoxab.dll"
"c:\windows\system32\jazawa.scr"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.


Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP977\A0160819.sys

.
((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 )))))))))))))))))))))))))))))))
.

2009-08-24 02:58 . 2009-08-24 05:40 626336 ----a-w- c:\windows\system32\dllcache\ntfs.sys
2009-08-23 15:11 . 2009-08-23 15:11 0 ----a-w- c:\documents and settings\jdlott.HEATHER\settings.dat
2009-08-22 14:02 . 2009-08-22 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2009-08-19 23:40 . 2009-08-19 23:40 -------- d-----w- C:\_OTL
2009-08-18 23:39 . 2009-08-03 19:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-18 23:39 . 2009-08-03 19:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-18 23:39 . 2009-08-18 23:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-18 00:49 . 2009-08-24 05:59 -------- d-----w- C:\quarantine
2009-08-16 23:28 . 2009-08-16 23:28 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\Malwarebytes
2009-08-16 23:28 . 2009-08-16 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-16 20:35 . 2008-12-11 14:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-16 20:35 . 2009-04-03 16:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-16 20:35 . 2008-12-18 17:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-16 20:35 . 2009-08-16 23:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-16 20:34 . 2009-08-16 21:09 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-16 20:34 . 2008-12-10 17:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-16 20:34 . 2009-08-16 21:11 -------- d-----w- c:\program files\Spyware Doctor
2009-08-16 20:34 . 2009-08-16 20:34 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\PC Tools
2009-08-16 20:34 . 2009-08-16 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-08-16 20:07 . 2009-08-16 20:07 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\Windows Search
2009-08-16 05:29 . 2009-08-16 05:29 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\vlc
2009-08-16 05:27 . 2009-08-16 05:27 -------- d-----w- c:\program files\VideoLAN
2009-08-16 05:20 . 2009-08-16 05:20 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\Apple Computer
2009-08-15 13:56 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-15 13:38 . 2009-08-15 13:38 -------- d-----w- c:\program files\AskBarDis
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-26 23:21 . 2009-07-26 23:21 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-24 06:33 . 2009-08-24 06:33 15822 ----a-w- c:\documents and settings\LocalService\Application Data\kewifila.com
2009-08-24 06:33 . 2009-08-24 06:33 15579 ----a-w- c:\documents and settings\LocalService\Application Data\ygegasupan.exe
2009-08-24 06:33 . 2009-08-24 06:33 15380 ----a-w- c:\documents and settings\LocalService\Application Data\ujobora.com
2009-08-24 06:22 . 2009-08-24 06:22 190730 ----a-w- c:\windows\system32\wisdstr.exe
2009-08-24 06:22 . 2004-03-19 22:40 626336 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-24 06:21 . 2009-08-24 06:21 11264 ----a-w- c:\windows\system32\braviax.exe
2009-08-24 06:21 . 2004-06-17 17:31 29184 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-17 14:18 . 2009-04-06 03:06 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\Skype
2009-08-16 14:19 . 2009-04-07 18:54 -------- d-----w- c:\documents and settings\jdlott.HEATHER\Application Data\skypePM
2009-08-05 09:01 . 2002-12-12 05:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-28 04:06 . 2009-04-06 23:43 -------- d-----w- c:\program files\Lx_cats
2009-07-17 19:01 . 2004-03-19 22:33 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 05:43 . 2004-08-04 07:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-05 09:01 . 2009-07-05 09:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-05 09:01 . 2009-07-05 09:01 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-02 23:01 . 2004-06-07 12:04 125272 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-02 22:59 . 2009-07-02 22:59 -------- d-----w- c:\program files\MSECache
2009-06-29 16:12 . 2004-02-06 23:05 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-03-19 22:34 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2004-03-30 01:48 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-03-30 01:48 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-03-19 22:44 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-03-19 22:42 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-03-19 22:40 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2004-03-19 22:38 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-03-19 22:38 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-03-19 22:43 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-03-19 22:37 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 23:52 . 2007-06-29 06:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-12 12:31 . 2004-03-19 22:43 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-03-19 22:43 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 15:19 . 2004-03-19 22:40 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-03-19 22:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2003-10-21 16:06 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2003-05-30 14:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.

------- Sigcheck -------

[-] 2009-08-24 06:21 29184 6EDF46BBE6E7D4FDF260FD9EB426C2BE c:\windows\SYSTEM32\DLLCACHE\beep.sys
[7] 2004-03-19 22:34 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\SYSTEM32\DLLCACHE\cache\beep.sys
[-] 2009-08-24 06:21 29184 6EDF46BBE6E7D4FDF260FD9EB426C2BE c:\windows\SYSTEM32\DRIVERS\beep.sys

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys
[7] 2004-08-04 06:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys
[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2009-08-24 06:22 626336 E86D39DA8D7B1F24A79418C6650C0290 c:\windows\SYSTEM32\DLLCACHE\ntfs.sys
[-] 2009-08-24 06:22 626336 E86D39DA8D7B1F24A79418C6650C0290 c:\windows\SYSTEM32\DRIVERS\ntfs.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-08-18_01.18.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-24 03:08 . 2009-08-24 03:08 12753 c:\windows\ymisu.sys
+ 2009-08-24 03:08 . 2009-08-24 03:08 18708 c:\windows\upyp.com
+ 2009-08-24 03:08 . 2009-08-24 03:08 17513 c:\windows\upegipygox.vbs
+ 2009-08-24 03:08 . 2009-08-24 03:08 12900 c:\windows\ukoru.bin
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\SYSTEM32\DLLCACHE\wdigest.dll
- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\SYSTEM32\DLLCACHE\secur32.dll
+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\SYSTEM32\DLLCACHE\secur32.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\SYSTEM32\DLLCACHE\ksecdd.sys
+ 2009-08-24 06:21 . 2009-08-24 06:21 29184 c:\windows\SYSTEM32\DLLCACHE\figaro.sys
- 2009-08-18 01:18 . 2009-08-18 01:18 29184 c:\windows\SYSTEM32\DLLCACHE\figaro.sys
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\SYSTEM32\DLLCACHE\atl.dll
+ 2009-08-24 03:08 . 2009-08-24 03:08 12262 c:\windows\fimamyk.pif
+ 2009-08-24 03:08 . 2009-08-24 03:08 18906 c:\windows\emybafa.pif
+ 2009-08-24 03:08 . 2009-08-24 03:08 13747 c:\windows\eliqydewaj.bat
+ 2004-08-04 07:56 . 2009-07-14 05:43 286208 c:\windows\SYSTEM32\DLLCACHE\wmpdxm.dll
+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\SYSTEM32\DLLCACHE\schannel.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\SYSTEM32\DLLCACHE\msv1_0.dll
+ 2009-04-16 11:01 . 2009-06-25 08:25 730112 c:\windows\SYSTEM32\DLLCACHE\lsasrv.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\SYSTEM32\DLLCACHE\kerberos.dll
+ 2004-08-04 07:56 . 2009-07-14 05:43 10841088 c:\windows\SYSTEM32\wmp.dll
+ 2005-05-11 10:00 . 2009-07-29 23:49 24281536 c:\windows\SYSTEM32\MRT.exe
- 2005-05-11 10:00 . 2009-07-30 00:49 24281536 c:\windows\SYSTEM32\MRT.exe
+ 2004-08-04 07:56 . 2009-07-14 05:43 10841088 c:\windows\SYSTEM32\DLLCACHE\wmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"StatusClient 2.5"="c:\program files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2003-03-08 36864]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2003-06-10 155648]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2005-03-02 139320]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-03-17 157552]
"VX1000"="c:\windows\vVX1000.exe" [2009-03-17 721936]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"PC Antispyware 2010"="c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe" [2009-08-24 596122]
"Regedit32"="c:\windows\system32\regedit.exe" [BU]
"braviax"="" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"braviax"="" [BU]

c:\documents and settings\stuladhar\Start Menu\Programs\Startup\
palmOne Registration.lnk - c:\program files\Palm\register.exe [2005-2-22 2301952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\vusbsp\\VonageTalkUSB.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxddtime.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [8/16/2009 2:35 PM 130936]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\SYSTEM32\DRIVERS\mvstdi5x.sys [12/3/2004 6:13 PM 58048]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 3:30 AM 204800]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/16/2009 2:34 PM 348752]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [8/15/2009 7:40 AM 234888]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxddserv.exe [4/6/2009 5:42 PM 99248]
S3 NaiAvFilter101;NAI Anti Virus;\Device\NaiAvFilter101.sys --> \Device\NaiAvFilter101.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ENTDRV51
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\jdlott.HEATHER\Application Data\Mozilla\Firefox\Profiles\7q131snu.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\program files\Common Files\fluxDVD\APIX\NPAPIX.dll
FF - plugin: c:\program files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-24 00:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\wisdstr.exe 190730 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\EntApi.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(7540)
c:\windows\system32\WININET.dll
c:\windows\system32\EntApi.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\lxddcoms.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\windows\SYSTEM32\java.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\SYSTEM32\searchindexer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\windows\SYSTEM32\braviax.exe
c:\windows\SYSTEM32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-08-24 0:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-24 06:37
ComboFix2.txt 2009-08-24 05:52
ComboFix3.txt 2009-08-23 22:37
ComboFix4.txt 2009-08-23 16:22
ComboFix5.txt 2009-08-24 05:57

Pre-Run: 31,984,214,016 bytes free
Post-Run: 31,918,084,096 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
331 --- E O F --- 2009-08-19 09:01

Edited by Lareinab, 24 August 2009 - 07:27 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users