Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus trojan help


  • This topic is locked This topic is locked
12 replies to this topic

#1 spike_this

spike_this

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 26 August 2009 - 06:04 PM

I am having trouble cleaning up my laptop. Do not know what is affecting it. I cannot run any antivirus software on it. here is my DDS.txt log.


DDS (Ver_09-07-30.01) - NTFSx86
Run by xxxxxxxxxxxx at 16:23:29.76 on Wed 08/26/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.671 [GMT -4:00]

AV: Windows Security Suite *On-access scanning enabled* (Updated) {6CB7CA54-49AA-4945-9A3A-B65BC8E9501D}
FW: Windows Security Suite *enabled* {1CBA391A-07F1-4F53-AFFE-BB28702549EB}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\dldocoms.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Tami Kjerulf\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Better The World Browser Helper Object: {1563e220-e853-11dd-ba2f-0800200c9a66} - c:\program files\better the world\better the world sidebar\BetterTheWorld.Bho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB: {00021493-0000-0000-C000-000000000046} - No File
EB: Better The World v0.65: {47e34055-3265-4fbf-b66b-a8791fe8a449} - c:\program files\better the world\better the world sidebar\BetterTheWorld.Sidebar.dll
EB: Better The World: {48cf477e-0187-2598-4d54-57696c4a6f6e} - Shdocvw.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [pdfSaver3] "c:\program files\tracker software\pdf-xchange 3\pdfsaver\pdfSaver3.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NDSTray.exe] NDSTray.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [TPSMain] TPSMain.exe
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [pdfSaver3]
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {06BF0870-6C3A-4880-947F-3D4AB417E447} - {47E34055-3265-4FBF-B66B-A8791FE8A449} - c:\program files\better the world\better the world sidebar\BetterTheWorld.Sidebar.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://walmart.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tamikj~1\applic~1\mozilla\firefox\profiles\snodiyju.default\
FF - prefs.js: browser.search.selectedEngine - search
FF - prefs.js: keyword.URL - hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-8-26 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-8-26 29208]

=============== Created Last 30 ================

2009-08-26 14:01 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-26 14:01 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-26 14:01 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-26 11:49 50,968 a------- c:\windows\system32\avgfwdx.dll
2009-08-26 11:49 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2009-08-26 11:49 <DIR> --d----- c:\program files\AVG
2009-08-26 10:30 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-08-26 08:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-08-26 08:05 <DIR> --d----- c:\docume~1\tamikj~1\applic~1\AVG8
2009-08-26 00:19 <DIR> --d----- C:\hijack logs
2009-08-26 00:10 102 a------- C:\index.ini
2009-08-26 00:06 <DIR> --d----- c:\program files\a-squared HiJackFree
2009-08-25 21:27 <DIR> --d----- c:\windows\pss
2009-08-25 21:25 <DIR> --dsh--- c:\documents and settings\tami kjerulf\IECompatCache
2009-08-24 20:38 <DIR> --d----- c:\program files\Personal Vault Backup Manager
2009-08-23 21:30 <DIR> --dsh--- c:\documents and settings\tami kjerulf\PrivacIE
2009-08-23 12:11 <DIR> --dsh--- c:\documents and settings\tami kjerulf\IETldCache
2009-08-23 12:09 <DIR> --d----- c:\windows\ie8updates
2009-08-23 12:09 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-08-23 12:09 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-23 12:09 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-08-23 12:08 11,067,392 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-08-23 12:08 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-08-23 12:08 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-08-23 12:07 <DIR> -cd-h--- c:\windows\ie8
2009-08-23 12:06 155,066 a------- c:\docume~1\alluse~1\applic~1\Spyware.dat
2009-08-23 12:06 34,539 a------- c:\docume~1\alluse~1\applic~1\Firewall.dat
2009-08-23 12:06 13,487 a------- c:\docume~1\alluse~1\applic~1\AdManager.dat
2009-08-23 12:06 865 a------- c:\docume~1\alluse~1\applic~1\Virus.dat
2009-08-23 12:06 496 a------- c:\docume~1\alluse~1\applic~1\PerformanceService.dat
2009-08-23 12:06 481 a------- c:\docume~1\alluse~1\applic~1\Parental.dat
2009-08-23 12:06 282 a------- c:\docume~1\tamikj~1\applic~1\Privacy.dat
2009-08-23 12:06 253 a------- c:\docume~1\alluse~1\applic~1\ActivationInfo.dat
2009-08-23 12:06 216 a------- c:\docume~1\alluse~1\applic~1\Freedom.dat
2009-08-23 12:06 154 a------- c:\docume~1\alluse~1\applic~1\AdBlocker.dat
2009-08-23 12:06 138 a------- c:\docume~1\alluse~1\applic~1\AntiFraud.dat
2009-08-23 12:06 137 a------- c:\docume~1\alluse~1\applic~1\AvQuarantine.dat
2009-08-23 12:06 40 a------- c:\windows\system32\?????????????????4????????????????????????g
2009-08-21 21:30 4,502 a------- c:\windows\system32\tmp.reg
2009-08-15 07:33 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-14 22:16 <DIR> --d----- C:\2009 DS games
2009-08-05 05:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll

==================== Find3M ====================

2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 19:05 1,885,088 a------- C:\SmitfraudFix.exe
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-02 11:17 75,776 a------- c:\windows\system32\WS2Fix.exe
2007-11-20 22:03 266,240 a------- c:\program files\SAM.xla
2006-10-01 09:15 1,281,840 a------- c:\program files\{961BDE6B-ADFB-4DF3-9ADF-517FE99040ED}_Essential4K.zip
2006-04-30 22:04 23 a------- c:\program files\MMX5RegistryBackup_10-8-2005_18.22.59_Clave de Licencia de Uso.txt
2005-09-19 12:29 39,371,032 a------- c:\program files\MMX52-E-344_Pro_MindManagerPro.exe

============= FINISH: 16:23:38.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:06 PM

Posted 10 September 2009 - 11:09 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 spike_this

spike_this
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 12 September 2009 - 06:49 PM

I am having trouble with my laptop. I have run Malware Anti malware, Smitfraud fix. they all come up with nothing. i had problems with my sympatico antivirus. would not work. i reinstalled, but the program would not work. I then downloaded AVG and tried to install. Again, no luck. Something is preventing me from loading and running any virus protection.

Currently, I am not running any virus protection. i am uploading the txt files with my other desktop computer. i am not browsing on the laptop.

My first post has my hijack this log and i am including the DDS.txt file. Any help would be appreciated.

Attached Files

  • Attached File  dds.txt   16.2KB   6 downloads


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:06 PM

Posted 14 September 2009 - 07:34 PM

Hi spike_this,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

This I don't like.

c:\windows\system32\?????????????????4????????????????????????g



There isn't anything else visible so we may be looking at rootkit and trojan activity.

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.

    First Location
    Second Location
    Third Location

  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Then I'd like to see if that mad file name comes up with another scan

We need to create an OTL Report
  • Please download OTL By OldTimer
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:[list]
    OTListIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 spike_this

spike_this
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 15 September 2009 - 01:42 PM

Thanks for the assistance. Here are the txt files



ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/15 14:22
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA6B5000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BBC000 Size: 8192 File Visible: No Signed: -
Status: -

Name: hiber_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\hiber_WMILIB.SYS
Address: 0xF7BBA000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9218000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

==EOF==


Here are the 2 OTL reports
OTL logfile created on: 9/15/2009 2:31:28 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Tami Kjerulf\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 563.73 Mb Available Physical Memory | 55.60% Memory free
2.39 Gb Paging File | 2.12 Gb Available in Paging File | 88.61% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.91 Gb Total Space | 50.99 Gb Free Space | 54.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.87 Gb Total Space | 1.28 Gb Free Space | 68.22% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-8545FB4E07
Current User Name: Tami Kjerulf
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2005/11/28 12:29:00 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/28 12:31:32 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/10/05 14:30:34 | 00,595,184 | ---- | M] ( ) -- C:\WINDOWS\System32\dldocoms.exe
PRC - [2004/08/27 12:33:00 | 00,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe
PRC - [2005/11/28 12:28:14 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/08/11 05:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2005/10/14 18:29:08 | 00,088,203 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2005/12/09 03:49:42 | 15,691,264 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2005/11/02 04:41:04 | 00,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2005/10/06 09:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2005/04/26 20:13:20 | 00,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/11/30 16:25:22 | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2006/01/05 18:02:24 | 00,352,256 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
PRC - [2005/08/16 15:23:12 | 00,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2005/03/11 19:03:16 | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\TDispVol.exe
PRC - [2004/08/17 15:37:44 | 00,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\Ltmoh.exe
PRC - [2006/03/02 04:02:08 | 00,761,948 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/12/05 13:37:40 | 00,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
PRC - [2005/11/28 12:41:50 | 00,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2005/11/28 01:55:14 | 00,098,304 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2005/11/28 01:52:00 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/11/28 01:55:58 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2007/03/09 12:09:58 | 00,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2005/05/31 21:59:58 | 00,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\TPSBattM.exe
PRC - [2006/03/02 03:50:52 | 00,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2004/12/30 04:32:20 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
PRC - [2004/09/05 19:20:18 | 00,380,928 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
PRC - [2004/08/27 12:37:00 | 00,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\RAMASST.exe
PRC - [2005/11/28 12:37:52 | 00,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2008/11/10 19:29:34 | 02,356,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/09/15 14:27:24 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tami Kjerulf\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2005/01/17 04:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Stopped])
SRV - File not found -- -- (CLTNetCnService [Auto | Stopped])
SRV - [2007/10/05 14:30:34 | 00,595,184 | ---- | M] ( ) -- C:\WINDOWS\System32\dldocoms.exe -- (dldo_device [Auto | Running])
SRV - [2004/08/27 12:33:00 | 00,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running])
SRV - [2005/11/28 12:29:00 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2003/07/28 16:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/11/28 12:28:14 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2005/11/28 12:31:32 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2005/12/20 15:22:14 | 00,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV [Auto | Stopped])
SRV - [2004/08/11 05:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/10/25 17:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/09/02 02:42:00 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2005/11/14 21:00:22 | 01,122,656 | R--- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2009/08/26 11:49:34 | 00,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\avgfwdx.sys -- (Avgfwdx [On_Demand | Stopped])
DRV - [2009/08/26 11:49:34 | 00,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\avgfwdx.sys -- (Avgfwfd [On_Demand | Stopped])
DRV - [2005/10/06 09:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 16:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/10/06 09:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/10/06 09:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/10/06 09:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/10/06 09:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 16:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/10/06 09:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/10/06 09:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/09/12 07:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 09:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2005/10/10 03:31:42 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2008/09/02 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/11/28 02:20:20 | 01,353,820 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2005/12/09 04:48:40 | 04,123,136 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2003/09/11 03:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\System32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running])
DRV - [2005/06/01 15:33:00 | 00,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) -- C:\WINDOWS\System32\Drivers\meiudf.sys -- (meiudf [System | Running])
DRV - [2003/01/29 02:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Running])
DRV - [2003/09/19 05:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (Pfc [On_Demand | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/04/25 05:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/11/28 13:09:26 | 00,013,568 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2006/03/02 03:46:54 | 00,191,968 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2002/01/24 15:43:40 | 00,006,528 | ---- | M] () -- C:\WINDOWS\System32\Drivers\Tbiosdrv.sys -- (TBiosDrv [On_Demand | Stopped])
DRV - [2005/11/29 22:12:00 | 00,162,560 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2005/09/09 18:47:10 | 00,009,344 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tosrfec.sys -- (tosrfec [On_Demand | Stopped])
DRV - [2005/10/20 18:03:42 | 00,006,144 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\DRIVERS\NBSMI.sys -- (TVALD [On_Demand | Running])
DRV - [2005/11/30 15:01:02 | 00,043,392 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\Tvs.sys -- (Tvs [On_Demand | Running])
DRV - [2008/07/22 20:32:44 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2005/12/05 05:55:30 | 01,428,096 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w39n51.sys -- (w39n51 [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1719000413-2428712915-2049811611-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1719000413-2428712915-2049811611-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-1719000413-2428712915-2049811611-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1719000413-2428712915-2049811611-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-1719000413-2428712915-2049811611-1006\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKU\S-1-5-21-1719000413-2428712915-2049811611-1006\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\S-1-5-21-1719000413-2428712915-2049811611-1006\S-1-5-21-1719000413-2428712915-2049811611-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1719000413-2428712915-2049811611-1006\S-1-5-21-1719000413-2428712915-2049811611-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..keyword.URL: "http://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/16 12:29:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/16 12:29:16 | 00,000,000 | ---D | M]

[2008/11/03 21:01:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Kjerulf\Application Data\mozilla\Extensions
[2008/11/03 21:01:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Kjerulf\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/11/03 21:01:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Kjerulf\Application Data\mozilla\Firefox\Profiles\snodiyju.default\extensions
[2008/11/03 21:01:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/16 12:29:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/30 07:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/30 07:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/30 07:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/12/21 10:10:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/12/21 10:10:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/12/21 10:10:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/12/21 10:10:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/12/21 10:10:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/12/21 10:10:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/12/21 10:10:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/30 03:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 03:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/24 00:12:56 | 00,001,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/07/30 03:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 03:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 03:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 03:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (7174 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.125.45.100 test1111.com
O1 - Hosts: 74.125.45.100 test1112.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 206.53.61.77 google.ae
O1 - Hosts: 206.53.61.77 google.as
O1 - Hosts: 206.53.61.77 google.at
O1 - Hosts: 206.53.61.77 google.az
O1 - Hosts: 206.53.61.77 google.ba
O1 - Hosts: 206.53.61.77 google.be
O1 - Hosts: 206.53.61.77 google.bg
O1 - Hosts: 206.53.61.77 google.bs
O1 - Hosts: 206.53.61.77 google.ca
O1 - Hosts: 206.53.61.77 google.cd
O1 - Hosts: 206.53.61.77 google.com.gh
O1 - Hosts: 206.53.61.77 google.com.hk
O1 - Hosts: 201 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Better The World Browser Helper Object) - {1563E220-E853-11DD-BA2F-0800200C9A66} - C:\Program Files\Better The World\Better The World Sidebar\BetterTheWorld.Bho.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1719000413-2428712915-2049811611-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-1719000413-2428712915-2049811611-1006\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [pdfSaver3] File not found
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SSA.exe] C:\Program Files\Bell\Internet Service Advisor\SSA.exe File not found
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-1719000413-2428712915-2049811611-1006..\Run: [pdfSaver3] C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
O4 - HKU\S-1-5-21-1719000413-2428712915-2049811611-1006..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1719000413-2428712915-2049811611-1006..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\System32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1719000413-2428712915-2049811611-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1719000413-2428712915-2049811611-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Better The World - {06BF0870-6C3A-4880-947F-3D4AB417E447} - C:\Program Files\Better The World\Better The World Sidebar\BetterTheWorld.Sidebar.dll ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} http://walmart.pnimedia.com/upload/activex...tupv2.0.0.9.cab? (Photo Upload Plugin Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/21 06:35:22 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/25 21:33:06 | 00,588,162 | ---- | M] () - E:\Autoruns.zip -- [ FAT ]
O33 - MountPoints2\{9b678972-3d8c-11db-bfb4-00130284aec5}\Shell - "" = AutoRun
O33 - MountPoints2\{9b678972-3d8c-11db-bfb4-00130284aec5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9b678972-3d8c-11db-bfb4-00130284aec5}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ad3853e0-c6ae-11dc-8226-00130284aec5}\Shell - "" = AutoRun
O33 - MountPoints2\{ad3853e0-c6ae-11dc-8226-00130284aec5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad3853e0-c6ae-11dc-8226-00130284aec5}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f06c6a3e-5772-11de-83ee-00130284aec5}\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/09/15 14:30:42 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tami Kjerulf\Desktop\OTL.exe
[2009/09/12 08:19:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/09/03 22:30:00 | 00,010,253 | ---- | C] () -- C:\Documents and Settings\Tami Kjerulf\Desktop\Winnipeg hockey 09regdates.pdf
[2009/08/26 16:24:36 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Tami Kjerulf\Desktop\settings.dat
[2009/08/26 16:19:54 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Tami Kjerulf\Desktop\RootRepeal.exe
[2009/08/26 16:03:37 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Tami Kjerulf\Desktop\HijackThis.exe
[2009/08/26 16:03:31 | 03,185,678 | ---- | C] () -- C:\Documents and Settings\Tami Kjerulf\Desktop\ComboFix.exe
[2009/08/26 14:01:23 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/26 14:01:21 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/26 14:01:19 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/26 14:01:19 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/26 12:15:11 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/08/26 11:49:34 | 00,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2009/08/26 11:49:34 | 00,029,208 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2009/08/26 11:49:34 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/08/26 11:24:45 | 10,633,09312 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/26 10:52:26 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/08/26 10:52:26 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/08/26 10:52:26 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/08/26 10:52:26 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/08/26 10:52:26 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/08/26 10:52:25 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/08/26 10:52:25 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/08/26 10:52:25 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/08/26 10:52:25 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/08/26 10:52:25 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/08/26 10:52:25 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/08/26 10:52:25 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/08/26 10:52:25 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/08/26 10:52:25 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/08/26 10:30:14 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/08/26 08:15:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/08/26 08:05:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tami Kjerulf\Application Data\AVG8
[2009/08/26 08:05:07 | 00,848,712 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Tami Kjerulf\Desktop\avg_free_stb_all_8_32_cnet.exe
[2009/08/26 00:19:02 | 00,000,000 | ---D | C] -- C:\hijack logs
[2009/08/26 00:10:55 | 00,000,102 | ---- | C] () -- C:\index.ini
[2009/08/26 00:06:51 | 00,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\a-squared HiJackFree.lnk
[2009/08/26 00:06:51 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared HiJackFree
[2009/08/25 21:43:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tami Kjerulf\Desktop\Autoruns
[2009/08/25 21:41:27 | 00,588,162 | ---- | C] () -- C:\Documents and Settings\Tami Kjerulf\Desktop\Autoruns.zip
[2009/08/25 21:41:23 | 61,118,744 | ---- | C] (Emsi Software GmbH ) -- C:\Documents and Settings\Tami Kjerulf\Desktop\a2AntiMalwareSetup.exe
[2009/08/25 21:41:18 | 01,760,112 | ---- | C] (Emsi Software GmbH ) -- C:\Documents and Settings\Tami Kjerulf\Desktop\a2HiJackFreeSetup.exe
[2009/08/25 21:27:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/08/24 20:38:41 | 00,000,000 | ---D | C] -- C:\Program Files\Personal Vault Backup Manager
[2009/08/23 21:30:16 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\Tami Kjerulf\Desktop\Shortcut to Internet Explorer.lnk
[2009/08/23 12:09:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/08/23 12:09:00 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/08/23 12:09:00 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/08/23 12:09:00 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/08/23 12:08:59 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/08/23 12:08:59 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/08/23 12:08:59 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/08/23 12:08:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/08/23 12:07:02 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/08/23 12:06:46 | 00,155,066 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Spyware.dat
[2009/08/23 12:06:46 | 00,034,539 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Firewall.dat
[2009/08/23 12:06:46 | 00,013,487 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\AdManager.dat
[2009/08/23 12:06:46 | 00,000,865 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Virus.dat
[2009/08/23 12:06:46 | 00,000,496 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PerformanceService.dat
[2009/08/23 12:06:46 | 00,000,481 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Parental.dat
[2009/08/23 12:06:46 | 00,000,282 | ---- | C] () -- C:\Documents and Settings\Tami Kjerulf\Application Data\Privacy.dat
[2009/08/23 12:06:46 | 00,000,253 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ActivationInfo.dat
[2009/08/23 12:06:46 | 00,000,217 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SharedData.ini
[2009/08/23 12:06:46 | 00,000,216 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Freedom.dat
[2009/08/23 12:06:46 | 00,000,154 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\AdBlocker.dat
[2009/08/23 12:06:46 | 00,000,138 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\AntiFraud.dat
[2009/08/23 12:06:46 | 00,000,137 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\AvQuarantine.dat
[2009/08/21 21:30:11 | 00,004,502 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/08/17 21:46:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tami Kjerulf\My Documents\Downloads
[2009/02/03 17:20:43 | 00,000,963 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2009/02/02 20:54:24 | 00,000,155 | ---- | C] () -- C:\WINDOWS\ka.ini
[2009/02/02 20:46:11 | 00,000,026 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/09/10 19:50:24 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dldopmui.dll
[2007/09/10 19:46:54 | 01,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoserv.dll
[2007/09/10 19:43:34 | 00,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\dldolmpm.dll
[2007/09/10 19:43:26 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoiesc.dll
[2007/09/10 19:43:08 | 00,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocomm.dll
[2007/09/10 19:41:48 | 00,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\dldohbn3.dll
[2007/09/10 19:41:10 | 00,954,368 | ---- | C] ( ) -- C:\WINDOWS\System32\dldousb1.dll
[2007/09/10 19:40:22 | 00,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocomc.dll
[2007/09/10 19:38:56 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoprox.dll
[2007/09/10 19:36:26 | 00,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoinpa.dll
[2007/09/06 21:40:36 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\dldodrs.dll
[2007/09/05 04:53:26 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldoinsr.dll
[2007/09/05 04:53:20 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldocur.dll
[2007/09/05 04:53:04 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\dldojswr.dll
[2007/09/05 04:52:04 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldoinsb.dll
[2007/09/05 04:52:00 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldocub.dll
[2007/09/05 04:51:16 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldoins.dll
[2007/09/05 04:51:16 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldocu.dll
[2007/09/05 04:50:36 | 00,503,808 | ---- | C] () -- C:\WINDOWS\System32\dldoutil.dll
[2007/09/05 04:50:28 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldogrd.dll
[2007/08/31 19:51:12 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dldocaps.dll
[2007/08/03 18:08:52 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\dldocoin.dll
[2007/08/01 09:15:52 | 00,077,906 | ---- | C] () -- C:\WINDOWS\System32\dldocfg.dll
[2007/06/14 21:45:06 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldocnv4.dll
[2007/03/10 10:25:05 | 00,000,029 | ---- | C] () -- C:\WINDOWS\PControl.ini
[2006/09/06 20:40:40 | 00,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2006/09/02 02:41:22 | 00,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2006/08/01 06:53:18 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldovs.dll
[2006/03/03 02:59:05 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/03 02:08:54 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/03/03 02:07:17 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/03/03 02:07:17 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2006/02/21 11:41:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/02/21 11:32:23 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/02/21 11:32:23 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/02/21 11:31:45 | 00,000,216 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/21 11:29:26 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/02/21 11:29:26 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/02/21 11:29:25 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/02/21 11:29:25 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/02/21 11:29:25 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/02/21 11:29:25 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/02/21 10:19:15 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/02/21 10:18:38 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/02/21 10:18:37 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/02/21 10:18:37 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/02/21 10:18:37 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/02/21 09:49:19 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/21 06:38:36 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/02/21 04:37:59 | 00,002,392 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/21 04:37:51 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/21 04:37:50 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/11/28 08:33:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 18:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/31 13:43:32 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2005/07/23 01:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 21:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 18:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2004/01/13 06:46:00 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/09/15 14:27:24 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tami Kjerulf\Desktop\OTL.exe
[2009/09/11 19:35:17 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/11 19:35:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/11 19:35:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/11 19:35:04 | 10,633,09312 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/11 17:02:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/09/11 17:02:49 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/09/10 18:26:54 | 04,838,146 | -H-- | M] () -- C:\Documents and Settings\Tami Kjerulf\Local Settings\Application Data\IconCache.db
[2009/09/09 19:04:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/09/09 19:04:18 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/09/09 18:23:43 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/08 20:55:26 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/09/08 20:55:26 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/09/06 07:59:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/09/06 07:59:28 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/09/05 14:22:44 | 00,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/05 14:22:44 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/05 14:22:44 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/09/03 22:30:00 | 00,010,253 | ---- | M] () -- C:\Documents and Settings\Tami Kjerulf\Desktop\Winnipeg hockey 09regdates.pdf
[2009/09/03 22:09:51 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/09/03 22:09:51 | 00,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/09/02 21:48:06 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/09/02 21:48:06 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/09/02 14:50:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/09/02 14:50:46 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/08/28 17:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/08/26 16:24:36 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Tami Kjerulf\Desktop\settings.dat
[2009/08/26 16:20:00 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Tami Kjerulf\Desktop\RootRepeal.exe
[2009/08/26 15:59:40 | 03,185,678 | ---- | M] () -- C:\Documents and Settings\Tami Kjerulf\Desktop\ComboFix.exe
[2009/08/26 15:55:16 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Tami Kjerulf\Desktop\HijackThis.exe
[2009/08/26 14:01:23 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/26 11:49:34 | 00,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2009/08/26 11:49:34 | 00,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2009/08/26 10:58:54 | 00,004,502 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/08/26 07:20:32 | 00,848,712 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Tami Kjerulf\Desktop\avg_free_stb_all_8_32_cnet.exe
[2009/08/26 00:10:55 | 00,000,102 | ---- | M] () -- C:\index.ini
[2009/08/26 00:06:51 | 00,000,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\a-squared HiJackFree.lnk
[2009/08/25 21:37:50 | 61,118,744 | ---- | M] (Emsi Software GmbH ) -- C:\Documents and Settings\Tami Kjerulf\Desktop\a2AntiMalwareSetup.exe
[2009/08/25 21:35:48 | 01,760,112 | ---- | M] (Emsi Software GmbH ) -- C:\Documents and Settings\Tami Kjerulf\Desktop\a2HiJackFreeSetup.exe
[2009/08/25 21:33:06 | 00,588,162 | ---- | M] () -- C:\Documents and Settings\Tami Kjerulf\Desktop\Autoruns.zip
[2009/08/23 21:30:16 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\Tami Kjerulf\Desktop\Shortcut to Internet Explorer.lnk
[2009/08/23 12:22:18 | 00,315,076 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/23 12:22:18 | 00,041,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/23 12:00:46 | 00,155,066 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Spyware.dat
[2009/08/23 12:00:46 | 00,034,539 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Firewall.dat
[2009/08/23 12:00:46 | 00,000,481 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Parental.dat
[2009/08/23 12:00:46 | 00,000,282 | ---- | M] () -- C:\Documents and Settings\Tami Kjerulf\Application Data\Privacy.dat
[2009/08/23 12:00:46 | 00,000,154 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AdBlocker.dat
[2009/08/23 12:00:46 | 00,000,138 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AntiFraud.dat
[2009/08/23 12:00:31 | 00,000,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Freedom.dat
[2009/08/23 11:54:12 | 00,000,253 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ActivationInfo.dat
[2009/08/23 10:48:04 | 00,000,217 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SharedData.ini
[2009/08/23 10:25:35 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/08/20 17:36:12 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/08/20 17:36:12 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/08/19 20:50:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/19 18:09:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/08/19 18:09:01 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/08/17 21:05:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/08/17 21:05:03 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/08/16 15:57:33 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/08/16 15:57:33 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm

========== Files - Unicode (All) ==========
[2009/08/23 12:06:43 | 00,000,040 | ---- | C] ()(C:\WINDOWS\System32\?????????????????4????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥䉜汥屬敂汬䤠瑮牥敮⁴敓畣楲祴匠牥楶散屳慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/08/24 21:05:33 | 00,000,040 | ---- | M] ()(C:\WINDOWS\System32\?????????????????4????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥䉜汥屬敂汬䤠瑮牥敮⁴敓畣楲祴匠牥楶散屳慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
< End of report >

extra.txt

OTL Extras logfile created on: 9/15/2009 2:31:28 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Tami Kjerulf\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 563.73 Mb Available Physical Memory | 55.60% Memory free
2.39 Gb Paging File | 2.12 Gb Available in Paging File | 88.61% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.91 Gb Total Space | 50.99 Gb Free Space | 54.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.87 Gb Total Space | 1.28 Gb Free Space | 68.22% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-8545FB4E07
Current User Name: Tami Kjerulf
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1719000413-2428712915-2049811611-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Groove Networks\Groove\Bin\Groove.exe" = C:\Program Files\Groove Networks\Groove\Bin\Groove.exe:*:Enabled:Groove Application -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\dldocoms.exe" = C:\WINDOWS\system32\dldocoms.exe:*:Enabled:Dell 968 Server -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldopswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dldopswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldotime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dldotime.exe:*:Enabled:Time Executable -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldojswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dldojswx.exe:*:Enabled:Job Status Window Interface -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3F7A6441-44A4-41C0-9A0A-294629D49208}" = Microsoft Office Live Meeting 2005
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{65616A78-1035-4D95-83D4-1EE8D62D5437}" = btw_explorerbar
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9EA83C2-D7D3-44B9-BF74-BEE5E26F0A96}" = Better The World Sidebar
"A+ French" = A+ French
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"a-squared HiJackFree_is1" = a-squared HiJackFree 3.1
"Citrix Web Client" = Citrix Web Client
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InterActual Player" = InterActual Player
"JumpStart Typing" = JumpStart Typing
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Miuchiz - Planet Mion" = Miuchiz - Planet Mion
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"PDF-XChange 3_is1" = PDF-XChange 3.0
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/14/2009 6:10:56 PM | Computer Name = YOUR-8545FB4E07 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Standard Edition 2003 -- Error 25090. Office
Setup encountered a problem with the Office Source Engine, system error: -2147024891.
Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM and look
for "Office Source Engine" for information on how to resolve this problem.

Error - 9/14/2009 6:10:56 PM | Computer Name = YOUR-8545FB4E07 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Standard Edition 2003 - Update 'Security
Update for Outlook 2003: Junk E-mail Filter (KB973515): OUTLFLTR' could not be
installed. Error code 1603. Windows Installer can create logs to help troubleshoot
issues with installing software packages. Use the following link for instructions
on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 9/14/2009 10:06:24 PM | Computer Name = YOUR-8545FB4E07 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Standard Edition 2003 -- Error 25090. Office
Setup encountered a problem with the Office Source Engine, system error: -2147024891.
Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM and look
for "Office Source Engine" for information on how to resolve this problem.

Error - 9/14/2009 10:06:24 PM | Computer Name = YOUR-8545FB4E07 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Standard Edition 2003 - Update 'Security
Update for Office Web Components 2003 (KB947319): OWC10' could not be installed.
Error code 1603. Windows Installer can create logs to help troubleshoot issues
with installing software packages. Use the following link for instructions on turning
on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 9/14/2009 10:06:24 PM | Computer Name = YOUR-8545FB4E07 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Standard Edition 2003 - Update 'Security
Update for Office Web Components 2003 (KB947319): OWC11' could not be installed.
Error code 1603. Windows Installer can create logs to help troubleshoot issues
with installing software packages. Use the following link for instructions on turning
on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 9/15/2009 2:21:31 PM | Computer Name = YOUR-8545FB4E07 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Standard Edition 2003 -- Error 25090. Office
Setup encountered a problem with the Office Source Engine, system error: -2147024891.
Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM and look
for "Office Source Engine" for information on how to resolve this problem.

Error - 9/15/2009 2:21:31 PM | Computer Name = YOUR-8545FB4E07 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Standard Edition 2003 - Update 'Security
Update for Outlook 2003: Junk E-mail Filter (KB973515): OUTLFLTR' could not be
installed. Error code 1603. Windows Installer can create logs to help troubleshoot
issues with installing software packages. Use the following link for instructions
on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 9/15/2009 2:21:48 PM | Computer Name = YOUR-8545FB4E07 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Standard Edition 2003 -- Error 25090. Office
Setup encountered a problem with the Office Source Engine, system error: -2147024891.
Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM and look
for "Office Source Engine" for information on how to resolve this problem.

Error - 9/15/2009 2:21:48 PM | Computer Name = YOUR-8545FB4E07 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Standard Edition 2003 - Update 'Security
Update for Office Web Components 2003 (KB947319): OWC10' could not be installed.
Error code 1603. Windows Installer can create logs to help troubleshoot issues
with installing software packages. Use the following link for instructions on turning
on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 9/15/2009 2:21:48 PM | Computer Name = YOUR-8545FB4E07 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Standard Edition 2003 - Update 'Security
Update for Office Web Components 2003 (KB947319): OWC11' could not be installed.
Error code 1603. Windows Installer can create logs to help troubleshoot issues
with installing software packages. Use the following link for instructions on turning
on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

[ System Events ]
Error - 9/14/2009 10:06:07 PM | Computer Name = YOUR-8545FB4E07 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Internet Explorer 8 for Windows XP.

Error - 9/14/2009 10:06:24 PM | Computer Name = YOUR-8545FB4E07 | Source = Service Control Manager | ID = 7000
Description = The Office Source Engine service failed to start due to the following
error: %%5

Error - 9/14/2009 10:06:24 PM | Computer Name = YOUR-8545FB4E07 | Source = Service Control Manager | ID = 7000
Description = The Office Source Engine service failed to start due to the following
error: %%5

Error - 9/14/2009 10:07:00 PM | Computer Name = YOUR-8545FB4E07 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office Web Components (KB947319).

Error - 9/15/2009 2:21:31 PM | Computer Name = YOUR-8545FB4E07 | Source = Service Control Manager | ID = 7000
Description = The Office Source Engine service failed to start due to the following
error: %%5

Error - 9/15/2009 2:21:31 PM | Computer Name = YOUR-8545FB4E07 | Source = Service Control Manager | ID = 7000
Description = The Office Source Engine service failed to start due to the following
error: %%5

Error - 9/15/2009 2:21:48 PM | Computer Name = YOUR-8545FB4E07 | Source = Service Control Manager | ID = 7000
Description = The Office Source Engine service failed to start due to the following
error: %%5

Error - 9/15/2009 2:21:48 PM | Computer Name = YOUR-8545FB4E07 | Source = Service Control Manager | ID = 7000
Description = The Office Source Engine service failed to start due to the following
error: %%5

Error - 9/15/2009 2:22:21 PM | Computer Name = YOUR-8545FB4E07 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter
(KB973515).

Error - 9/15/2009 2:22:21 PM | Computer Name = YOUR-8545FB4E07 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office Web Components (KB947319).


< End of report >

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:06 PM

Posted 15 September 2009 - 03:06 PM

Let's firstly do some cleaning up and resetting.

Please download HostsXpert 4.2
  • Extract (unzip) HostsXpert.zip to a permanent folder on your hard drive such as C:\HostsXpert
  • Double-click HostsXpert.exe to run the program.
  • Click "Restore MS Hosts File".
  • Click OK at the confirmation box.
  • Click "Make Read Only".
  • Click the X to exit the program.
-- Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Next

Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

If you are using Firefox and this has caused page loading problems then please clear your private data. To do this go
to the Tools menu, select Clear Private Data, and then check Cache. Click Clear Private Data Now.

Then close Firefox and then reopen it.


Next, please run MBAM

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

That should give us a good start :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 spike_this

spike_this
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 15 September 2009 - 04:40 PM

I ran all the programs, here is the TXT of the MBAM

Malwarebytes' Anti-Malware 1.41
Database version: 2805
Windows 5.1.2600 Service Pack 3

9/15/2009 5:36:38 PM
mbam-log-2009-09-15 (17-36-38).txt

Scan type: Full Scan (C:\|)
Objects scanned: 149366
Time elapsed: 23 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


whats next!!

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:06 PM

Posted 15 September 2009 - 04:59 PM

Next we are running Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop but rename it Combo-Fix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#9 spike_this

spike_this
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 15 September 2009 - 06:23 PM

Here is the output from the combofix.txt

ComboFix 09-09-14.02 - Tami Kjerulf 09/15/2009 19:12.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.477 [GMT -4:00]
Running from: c:\documents and settings\Tami Kjerulf\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\TAMIKJ~1\LOCALS~1\Temp\catchme.dll
c:\documents and settings\Tami Kjerulf\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
c:\documents and settings\Tami Kjerulf\Local Settings\Temp\catchme.dll
c:\windows\Installer\11847f01.msp
c:\windows\Installer\11847f04.msp
c:\windows\Installer\11847f05.msp
c:\windows\Installer\137a6b31.msp
c:\windows\Installer\137a6b34.msp
c:\windows\Installer\137a6b35.msp
c:\windows\Installer\16963fdc.msp
c:\windows\Installer\16963fdf.msp
c:\windows\Installer\16963fe0.msp
c:\windows\Installer\232ae66e.msp
c:\windows\Installer\232ae66f.msp
c:\windows\Installer\232ae672.msp
c:\windows\Installer\26d2a01.msp
c:\windows\Installer\26d2a02.msp
c:\windows\Installer\26d2a05.msp
c:\windows\Installer\27277.msp
c:\windows\Installer\27278.msp
c:\windows\Installer\2727b.msp
c:\windows\Installer\279f8.msp
c:\windows\Installer\279f9.msp
c:\windows\Installer\279fc.msp
c:\windows\Installer\299ea0f.msp
c:\windows\Installer\299ea12.msp
c:\windows\Installer\299ea13.msp
c:\windows\Installer\2bcb3f1.msp
c:\windows\Installer\2bcb3f4.msp
c:\windows\Installer\2bcb3f5.msp
c:\windows\Installer\3c6c875.msp
c:\windows\Installer\3c6c876.msp
c:\windows\Installer\3c6c879.msp
c:\windows\Installer\74b68b3.msp
c:\windows\Installer\74b68b4.msp
c:\windows\Installer\74b68b7.msp
c:\windows\Installer\9edc1a2.msp
c:\windows\Installer\9edc1a5.msp
c:\windows\Installer\9edc1a6.msp
c:\windows\Installer\a9fa77.msp
c:\windows\Installer\a9fa78.msp
c:\windows\Installer\a9fa7b.msp
c:\windows\Installer\ce78f1e.msp
c:\windows\Installer\ce78f1f.msp
c:\windows\Installer\ce78f22.msp
c:\windows\Installer\f178b71.msp
c:\windows\Installer\f178b74.msp
c:\windows\Installer\f178b75.msp
c:\windows\Installer\f2611d3.msp
c:\windows\Installer\ffd9fc6.msp
c:\windows\Installer\ffd9fc7.msp
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-08-15 to 2009-09-15 )))))))))))))))))))))))))))))))
.

2009-09-15 23:08 . 2009-09-15 23:08 -------- d-----w- C:\Combo-Fix
2009-09-12 12:19 . 2009-09-12 12:19 -------- d-----w- c:\windows\LastGood
2009-08-26 18:01 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-26 18:01 . 2009-09-15 21:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-26 18:01 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-26 16:15 . 2009-08-26 16:22 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-26 15:49 . 2009-08-26 15:49 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-08-26 15:49 . 2009-08-26 15:49 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-08-26 15:49 . 2009-08-26 15:49 -------- d-----w- c:\program files\AVG
2009-08-26 14:30 . 2009-08-26 14:30 -------- d-----w- C:\$AVG8.VAULT$
2009-08-26 12:15 . 2009-08-26 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-26 12:05 . 2009-08-26 12:05 -------- d-----w- c:\documents and settings\Tami Kjerulf\Application Data\AVG8
2009-08-26 04:19 . 2009-08-26 20:04 -------- d-----w- C:\hijack logs
2009-08-26 04:06 . 2009-08-26 04:06 -------- d-----w- c:\program files\a-squared HiJackFree
2009-08-26 01:25 . 2009-08-26 01:25 -------- d-sh--w- c:\documents and settings\Tami Kjerulf\IECompatCache
2009-08-25 00:38 . 2009-08-26 13:01 -------- d-----w- c:\program files\Personal Vault Backup Manager
2009-08-24 01:30 . 2009-08-24 01:30 -------- d-sh--w- c:\documents and settings\Tami Kjerulf\PrivacIE
2009-08-23 16:11 . 2009-08-23 16:11 -------- d-sh--w- c:\documents and settings\Tami Kjerulf\IETldCache
2009-08-23 16:09 . 2009-08-23 16:09 -------- d-----w- c:\windows\ie8updates
2009-08-23 16:09 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-23 16:09 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-23 16:09 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-23 16:08 . 2009-07-19 22:48 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-08-23 16:08 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-08-23 16:08 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-23 16:07 . 2009-08-24 01:25 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 15:43 . 2006-09-05 18:36 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-26 15:43 . 2006-09-05 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-26 13:01 . 2008-12-07 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Bell
2009-08-25 01:04 . 2006-02-21 14:17 -------- d-----w- c:\program files\InstallShield Installation Information
2009-08-25 01:01 . 2008-12-07 17:54 -------- d-----w- c:\documents and settings\Tami Kjerulf\Application Data\Bell
2009-08-25 00:33 . 2009-07-04 01:45 -------- d-----w- c:\program files\Personal Vault
2009-08-23 16:02 . 2009-07-04 01:44 -------- d-----w- c:\program files\CA
2009-08-23 16:00 . 2009-08-23 16:06 481 ----a-w- c:\documents and settings\All Users\Application Data\Parental.dat
2009-08-23 16:00 . 2009-08-23 16:06 34539 ----a-w- c:\documents and settings\All Users\Application Data\Firewall.dat
2009-08-23 16:00 . 2009-08-23 16:06 282 ----a-w- c:\documents and settings\Tami Kjerulf\Application Data\Privacy.dat
2009-08-23 16:00 . 2009-08-23 16:06 155066 ----a-w- c:\documents and settings\All Users\Application Data\Spyware.dat
2009-08-23 16:00 . 2009-08-23 16:06 154 ----a-w- c:\documents and settings\All Users\Application Data\AdBlocker.dat
2009-08-23 16:00 . 2009-08-23 16:06 138 ----a-w- c:\documents and settings\All Users\Application Data\AntiFraud.dat
2009-08-23 16:00 . 2009-08-23 16:06 216 ----a-w- c:\documents and settings\All Users\Application Data\Freedom.dat
2009-08-23 15:54 . 2009-08-23 16:06 253 ----a-w- c:\documents and settings\All Users\Application Data\ActivationInfo.dat
2009-08-05 09:01 . 2006-02-21 08:37 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 18:16 . 2007-09-26 23:14 -------- d-----w- c:\program files\Google
2009-07-18 01:10 . 2009-07-16 20:52 -------- d-sh--w- c:\documents and settings\All Users\Application Data\2032a89
2009-07-18 00:53 . 2009-07-18 00:53 -------- d-----w- c:\documents and settings\Tami Kjerulf\Application Data\Malwarebytes
2009-07-18 00:53 . 2009-07-18 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-17 23:05 . 2009-07-17 23:06 1885088 ----a-w- C:\SmitfraudFix.exe
2009-07-17 22:57 . 2009-08-23 16:06 865 ----a-w- c:\documents and settings\All Users\Application Data\Virus.dat
2009-07-17 22:57 . 2009-08-23 16:06 496 ----a-w- c:\documents and settings\All Users\Application Data\PerformanceService.dat
2009-07-17 22:57 . 2009-08-23 16:06 137 ----a-w- c:\documents and settings\All Users\Application Data\AvQuarantine.dat
2009-07-17 19:01 . 2006-02-21 08:37 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:08 . 2006-02-21 08:37 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2006-02-21 08:37 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 18:22 . 2009-06-26 02:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-25 08:25 . 2006-02-21 08:37 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2006-02-21 08:37 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2006-02-21 08:37 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2006-02-21 08:37 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2006-02-21 08:37 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2006-02-21 08:37 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2006-02-21 08:37 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2007-11-21 02:03 . 2006-10-01 13:25 266240 ----a-w- c:\program files\SAM.xla
2006-10-01 13:15 . 2006-10-01 13:15 1281840 ----a-w- c:\program files\{961BDE6B-ADFB-4DF3-9ADF-517FE99040ED}_Essential4K.zip
2006-05-01 02:04 . 2007-02-14 13:46 23 ----a-w- c:\program files\MMX5RegistryBackup_10-8-2005_18.22.59_Clave de Licencia de Uso.txt
2005-09-19 16:29 . 2007-02-14 13:46 39371032 ----a-w- c:\program files\MMX52-E-344_Pro_MindManagerPro.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1563E220-E853-11DD-BA2F-0800200C9A66}]
2009-03-02 06:18 536576 ----a-w- c:\program files\Better The World\Better The World Sidebar\BetterTheWorld.Bho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"pdfSaver3"="c:\program files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-10 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-17 184320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-14 88203]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-12-09 15691264]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-03-11 73728]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]
"CFSServ.exe"="CFSServ.exe" [BU]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-21 155648]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Alcmtr"=ALCMTR.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dldocoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldopswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldotime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldojswx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [8/26/2009 11:49 AM 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [8/26/2009 11:49 AM 29208]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{06BF0870-6C3A-4880-947F-3D4AB417E447} - {47E34055-3265-4FBF-B66B-A8791FE8A449} - c:\program files\Better The World\Better The World Sidebar\BetterTheWorld.Sidebar.dll
FF - ProfilePath - c:\documents and settings\Tami Kjerulf\Application Data\Mozilla\Firefox\Profiles\snodiyju.default\
FF - prefs.js: keyword.URL - hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p=
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SSA.exe - c:\program files\Bell\Internet Service Advisor\SSA.exe
HKLM-Run-pdfSaver3 - (no file)
AddRemove-Power Saver - c:\windows\IsUninst.exe -fc:\program files\TOSHIBA\Power Saver\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-15 19:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-09-15 19:18
ComboFix-quarantined-files.txt 2009-09-15 23:17

Pre-Run: 55,984,246,784 bytes free
Post-Run: 56,273,412,096 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

257 --- E O F --- 2009-09-15 18:21

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:06 PM

Posted 15 September 2009 - 06:31 PM

Okay, that should have released the grip on your PC. How is the machine behaving now?


Let's run an online scanner next

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Posted Image
m0le is a proud member of UNITE

#11 spike_this

spike_this
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 15 September 2009 - 07:51 PM

I ran the online scan and have no file to export, it reported that no threats were detected!

i guess it looks like all is much better. Is there anything else or i am clean. if so, what would recommend for a good virus protection.

thx.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:06 PM

Posted 16 September 2009 - 03:46 PM

Yes, we're all done here spike_this. Good job :thumbup2:

My final instructions clean up, clear up and shore up your PC. There's some good reading on protection software. My recommendation is to get an autoupdating, non-resource hog such as Avast. Couple that with a good antispyware program like Superantispyware and get a software firewall. More info below.

For now, we have a clean PC...

Good stuff! :)

Let's do some housekeeping


Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Delete ComboFix and Clean Up
Click Start > Run and type combofix /u click OK (Note the space between combofix and /u)
Posted Image
Please advise if this step is missed for any reason as it performs some important actions.


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Here's some advice on how you can keep your PC clean

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Tutorials on using these programs can be found below:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer


That's it spike_this, happy surfing!

Cheers,


m0le
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:06 PM

Posted 21 September 2009 - 04:35 AM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :thumbup2:

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users