Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Master Reboot Record virus???... asked to post here now


  • This topic is locked This topic is locked
21 replies to this topic

#1 tkccm

tkccm

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Location:Nevada
  • Local time:02:50 AM

Posted 06 November 2009 - 09:58 PM

I have been advised to post here after being on a differerent forum. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/265012/my-computer-is-acting-very-funny-could-it-be-infected/ ~ OB The person thought I might have a master reboot record virus. Was asked to do items 6 through the end. Posting what I was able to do. I was unable to run the rootpeal log. The comuter would say "initializing" but it did not run.

Logs available are posted below. Please advise.

first log from the DDS.scr run....

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/31/2009 9:52:41 PM
System Uptime: 11/5/2009 8:49:40 AM (12 hours ago)

Motherboard: Intel Corporation | | NBGV - Northwood/Brookdale-G Validation Board
Processor: Intel® Celeron® CPU 1.80GHz | WMT478/NWD | 1794/mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 51 GiB total, 11.531 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 1.299 GiB free.
E: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP171: 8/9/2009 1:18:05 AM - System Checkpoint
RP172: 8/10/2009 3:49:04 PM - System Checkpoint
RP173: 8/11/2009 9:15:21 PM - System Checkpoint
RP174: 8/13/2009 7:26:59 AM - Software Distribution Service 3.0
RP175: 8/14/2009 12:14:54 PM - System Checkpoint
RP176: 8/15/2009 3:39:39 PM - System Checkpoint
RP177: 8/16/2009 9:41:49 AM - Installed Java™ 6 Update 15
RP178: 8/16/2009 9:43:52 AM - Installed MSN Toolbar Setup
RP179: 8/17/2009 3:00:37 AM - Software Distribution Service 3.0
RP180: 8/18/2009 3:00:23 AM - Software Distribution Service 3.0
RP181: 8/19/2009 3:04:33 AM - System Checkpoint
RP182: 8/19/2009 5:25:39 PM - Installed Steam
RP183: 8/21/2009 10:41:23 AM - System Checkpoint
RP184: 8/22/2009 10:48:35 AM - System Checkpoint
RP185: 8/23/2009 10:50:07 AM - System Checkpoint
RP186: 8/24/2009 6:05:37 PM - System Checkpoint
RP187: 8/25/2009 6:45:54 PM - System Checkpoint
RP188: 8/26/2009 3:00:22 AM - Software Distribution Service 3.0
RP189: 8/27/2009 3:34:54 AM - System Checkpoint
RP190: 8/28/2009 4:34:54 AM - System Checkpoint
RP191: 8/29/2009 5:34:51 AM - System Checkpoint
RP192: 8/30/2009 12:37:08 PM - System Checkpoint
RP193: 8/31/2009 1:07:48 PM - System Checkpoint
RP194: 9/1/2009 4:19:50 PM - System Checkpoint
RP195: 9/2/2009 8:57:48 PM - System Checkpoint
RP196: 9/3/2009 10:11:29 PM - System Checkpoint
RP197: 9/4/2009 10:44:36 PM - System Checkpoint
RP198: 9/5/2009 11:09:05 PM - System Checkpoint
RP199: 9/7/2009 10:33:20 PM - System Checkpoint
RP200: 9/8/2009 11:05:24 AM - Software Distribution Service 3.0
RP201: 9/9/2009 3:00:24 AM - Software Distribution Service 3.0
RP202: 9/10/2009 3:05:50 AM - System Checkpoint
RP203: 9/11/2009 4:05:50 AM - System Checkpoint
RP204: 9/12/2009 5:05:58 AM - System Checkpoint
RP205: 9/13/2009 2:28:41 PM - System Checkpoint
RP206: 9/14/2009 4:41:48 PM - System Checkpoint
RP207: 9/15/2009 4:53:57 PM - System Checkpoint
RP208: 9/16/2009 6:02:23 PM - System Checkpoint
RP209: 9/17/2009 6:38:57 PM - System Checkpoint
RP210: 9/18/2009 9:54:48 PM - System Checkpoint
RP211: 9/19/2009 10:32:44 PM - System Checkpoint
RP212: 9/20/2009 2:42:03 PM - Removed Adobe Reader 9.1.
RP213: 9/20/2009 3:07:31 PM - Removed Acrobat.com
RP214: 9/20/2009 3:14:32 PM - Removed MSN Toolbar
RP215: 9/20/2009 3:14:58 PM - Removed Microsoft Search Enhancement Pack
RP216: 9/20/2009 3:15:14 PM - Removed Microsoft Default Manager
RP217: 9/21/2009 4:15:30 PM - System Checkpoint
RP218: 9/22/2009 6:02:27 PM - System Checkpoint
RP219: 9/23/2009 6:46:36 PM - System Checkpoint
RP220: 9/24/2009 6:50:41 PM - System Checkpoint
RP221: 9/25/2009 6:55:35 PM - System Checkpoint
RP222: 9/26/2009 9:19:36 PM - System Checkpoint
RP223: 9/27/2009 9:45:10 PM - System Checkpoint
RP224: 9/28/2009 11:49:53 PM - System Checkpoint
RP225: 9/30/2009 12:17:44 AM - System Checkpoint
RP226: 10/1/2009 12:20:37 AM - System Checkpoint
RP227: 10/2/2009 1:20:35 AM - System Checkpoint
RP228: 10/3/2009 1:21:42 AM - System Checkpoint
RP229: 10/4/2009 2:20:38 AM - System Checkpoint
RP230: 10/5/2009 3:20:39 AM - System Checkpoint
RP231: 10/6/2009 4:20:51 AM - System Checkpoint
RP232: 10/7/2009 5:20:51 AM - System Checkpoint
RP233: 10/8/2009 6:21:01 AM - System Checkpoint
RP234: 10/9/2009 7:20:47 AM - System Checkpoint
RP235: 10/10/2009 8:20:51 AM - System Checkpoint
RP236: 10/11/2009 9:20:49 AM - System Checkpoint
RP237: 10/12/2009 10:20:53 AM - System Checkpoint
RP238: 10/12/2009 8:00:17 PM - Avira AntiVir Personal - 10/12/2009 19:59
RP239: 10/13/2009 8:57:50 PM - System Checkpoint
RP240: 10/14/2009 3:00:42 AM - Software Distribution Service 3.0
RP241: 10/15/2009 3:06:43 AM - System Checkpoint
RP242: 10/16/2009 4:06:42 AM - System Checkpoint
RP243: 10/17/2009 4:45:31 AM - System Checkpoint
RP244: 10/17/2009 10:45:58 AM - Installed SUPERAntiSpyware Free Edition
RP245: 10/18/2009 6:21:12 PM - System Checkpoint
RP246: 10/19/2009 6:13:54 PM - Avira AntiVir Personal - 10/19/2009 17:22
RP247: 10/20/2009 7:02:27 PM - System Checkpoint
RP248: 10/21/2009 3:00:29 AM - Software Distribution Service 3.0
RP249: 10/22/2009 3:00:46 AM - Software Distribution Service 3.0
RP250: 10/23/2009 3:49:37 AM - System Checkpoint
RP251: 10/24/2009 4:49:48 AM - System Checkpoint
RP252: 10/25/2009 5:21:13 AM - System Checkpoint
RP253: 10/26/2009 6:20:35 AM - System Checkpoint
RP254: 10/27/2009 3:00:34 AM - Software Distribution Service 3.0
RP255: 10/28/2009 3:20:38 AM - System Checkpoint
RP256: 10/29/2009 4:20:39 AM - System Checkpoint
RP257: 10/30/2009 4:51:06 AM - System Checkpoint
RP258: 11/2/2009 1:09:30 AM - System Checkpoint
RP259: 11/3/2009 2:05:37 AM - System Checkpoint
RP260: 11/4/2009 3:04:17 AM - System Checkpoint
RP261: 11/4/2009 9:54:32 AM - Removed SUPERAntiSpyware Free Edition
RP262: 11/4/2009 3:58:58 PM - Installed SUPERAntiSpyware Free Edition
RP263: 11/5/2009 8:41:31 AM - Software Distribution Service 3.0

==== Installed Programs ======================


3D Groove Playback Engine
7-Zip 4.57
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Avira AntiVir Personal - Free Antivirus
Big Fish Games Client
Bonjour
Cheat Engine 5.5
Choice Guard
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Detto IntelliMover Demo
DLA
DNA
ESET Online Scanner v3
Foxit Reader
Free Realms Installer
Google Toolbar for Internet Explorer
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
hp center
hp deskjet 5550 series (Remove only)
HP Instant Support
HP Memories Disc
hp toolkit
Inactive HP Printer Drivers (Remove only)
Intel® 845G Chipset Graphics Driver Software
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 17
Java™ 6 Update 15
Junk Mail filter update
KBD
Kublox
Lernout & Hauspie TruVoice American English TTS Engine
Lexmark 2500 Series
Lexmark Toolbar
LiveReg (Symantec Corporation)
LiveUpdate 1.7 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard for Students and Teachers
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSVCRT
Music Manager
MUSICMATCH Jukebox
NVIDIA Windows 2000/XP Display Drivers
PigPen
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RecordNow
RecordNow Update Manager
S3Display
S3Gamma2
S3Info2
S3Overlay
Safari
Samsung Master
Samsung USB Driver
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Speedway
Steam
SUPERAntiSpyware Free Edition
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
Virtual Warfare
WebFldrs XP
WildTangent Channel Manager
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Productivity Pack
Yahoo! Install Manager
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
Zoom ADSL Modem

==== Event Viewer Messages From Past Week ========

11/4/2009 9:54:45 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/4/2009 9:54:38 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
11/4/2009 9:44:57 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
11/4/2009 9:44:57 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/4/2009 9:30:05 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
11/4/2009 9:30:05 AM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
11/4/2009 9:30:05 AM, error: Service Control Manager [7034] - The lxdd_device service terminated unexpectedly. It has done this 1 time(s).
11/4/2009 9:30:05 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/4/2009 9:30:05 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
11/4/2009 9:30:04 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/4/2009 9:30:04 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2009 9:30:02 AM, error: Service Control Manager [7031] - The a-squared Free Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/4/2009 4:18:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips Processor SASDIFSV SASKUTIL ssmdrv
11/4/2009 4:13:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/4/2009 4:13:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/4/2009 4:12:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss ssmdrv Tcpip
11/4/2009 4:12:27 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
11/4/2009 4:12:27 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/4/2009 4:12:27 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/4/2009 4:12:27 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
11/4/2009 4:12:27 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/4/2009 4:12:27 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/1/2009 8:20:21 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
11/1/2009 8:20:21 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/1/2009 8:20:21 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
11/1/2009 8:18:55 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService service to connect.
11/1/2009 8:18:55 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the a-squared Free Service service to connect.
11/1/2009 8:18:55 PM, error: Service Control Manager [7000] - The lxddCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/1/2009 8:18:55 PM, error: Service Control Manager [7000] - The a-squared Free Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================


Second log from same run....


DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 20:31:55.59 on Thu 11/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.995 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Sprint Virtual Assistant\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://us6.hpwis.com/
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
mSearch Bar = hxxp://srch-us6.hpwis.com/
uInternet Settings,ProxyOverride = localhost;*.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Gamevance Text: {beac7dc8-e106-4c6a-931e-5a42e7362883} - c:\program files\gamevance\gvtl.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\hp\explorebar\HPTOOLKT.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: hp toolkit: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [nwiz] nwiz.exe /install
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [StorageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DDCM] "c:\program files\wildtangent\ddc\ddcmanager\DDCMan.exe" -Background
mRun: [DDCActiveMenu] "c:\program files\wildtangent\ddc\activemenu\DDCActiveMenu.exe" -boot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe"
mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpcent~2.lnk - c:\program files\hp center\137903\shadow\ShadowBar.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpcent~1.lnk - c:\program files\hp center\137903\program\BackWeb-137903.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sprint~1.lnk - c:\program files\sprint virtual assistant\bin\matcli.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www.freerealms.com/gamedata/FreeRealmsInstaller.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233465652685
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233504491483
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://content.embarq.synacor.com/gigantes/embarq/support/OnlineScanner/fscax.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-12 108289]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-11 24652]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2009-10-18 99248]

=============== Created Last 30 ================

2009-11-04 21:58:06 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-04 16:04:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-04 16:04:51 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-04 16:04:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-30 04:36:02 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-30 04:22:23 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-10-26 02:32:00 0 d-----w- c:\docume~1\owner\applic~1\Foxit Software
2009-10-25 16:49:09 0 d-----w- c:\program files\a-squared Free
2009-10-19 23:37:39 0 d-----w- c:\program files\ESET
2009-10-18 17:48:39 0 d-----w- c:\program files\Foxit Software
2009-10-18 17:48:39 0 d-----w- c:\docume~1\owner\applic~1\Foxit
2009-10-18 17:13:25 0 d-----w- c:\program files\Lx_cats
2009-10-18 17:12:52 0 d-----w- C:\logs
2009-10-18 17:12:13 40960 ----a-w- c:\windows\system32\lxddvs.dll
2009-10-18 17:12:09 344064 ----a-w- c:\windows\system32\lxddcoin.dll
2009-10-18 17:11:34 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-18 17:11:34 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-18 17:11:28 69632 ----a-w- c:\windows\system32\lxddcnv4.dll
2009-10-18 17:11:28 692224 ----a-w- c:\windows\system32\lxdddrs.dll
2009-10-18 17:11:28 65536 ----a-w- c:\windows\system32\lxddcaps.dll
2009-10-18 17:07:30 44 ----a-w- c:\windows\system32\lxddrwrd.ini
2009-10-18 17:07:30 0 d-----w- c:\program files\Lexmark Toolbar
2009-10-18 17:07:12 0 d-----w- c:\program files\Lexmark 2500 Series
2009-10-17 16:46:22 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-17 16:46:01 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-17 16:46:01 0 d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-10-17 03:14:49 0 d-----w- c:\docume~1\owner\applic~1\Uniblue
2009-10-13 02:05:03 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-13 02:03:51 0 d-----w- c:\program files\Avira
2009-10-13 02:03:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 02:24:57 34 ----a-w- c:\documents and settings\owner\jagex_runescape_preferences.dat
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 21:09:06 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-16 15:42:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2008-12-05 03:52:23 560 ----a-w- c:\program files\Global.sw
2008-11-08 02:15:11 14400 ----a-w- c:\program files\common files\unusywo.inf
2008-11-07 02:04:21 10100 ----a-w- c:\program files\common files\rizylipajy.dll
2008-11-07 02:04:20 19423 ----a-w- c:\program files\common files\obom._sy
2008-11-07 02:04:20 11426 ----a-w- c:\program files\common files\ogaty.com
2008-11-07 02:04:19 16759 ----a-w- c:\program files\common files\yredokubyv.scr
2007-09-22 19:46:17 774144 -c--a-w- c:\program files\RngInterstitial.dll
2009-02-01 04:47:26 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009013120090201\index.dat

============= FINISH: 20:33:28.42 ===============

Edited by Orange Blossom, 06 November 2009 - 10:00 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:50 AM

Posted 11 November 2009 - 09:38 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 tkccm

tkccm
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Location:Nevada
  • Local time:02:50 AM

Posted 11 November 2009 - 11:19 AM

Problems...
broken links in internet explorer
slow computer
takes many attempts to get into internet explorer
cursor moves across screen on it own at times

Am I infected forum tried...
ATF Cleaner and superantispyware in safe mode
ESET online scanner
Malwarebytes
TFC
RKills - could not get it to run though
superantispyware again
gmer.exe

They said it looked like a master boot record virus and asked me to post here....so here I am....

Logs you requested:

OTL logfile created on: 11/11/2009 8:43:58 AM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 63.30% Memory free
3.35 Gb Paging File | 2.94 Gb Available in Paging File | 87.79% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.90 Gb Total Space | 10.77 Gb Free Space | 21.15% Space Free | Partition Type: NTFS
Drive D: | 5.02 Gb Total Space | 1.30 Gb Free Space | 25.90% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUBBLES
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/11 08:42:56 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/11/06 19:06:18 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/10/28 19:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 19:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/24 16:17:19 | 01,217,808 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/18 11:29:22 | 01,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/08/16 08:42:27 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/16 08:42:26 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/07 17:15:06 | 00,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/03 06:15:18 | 00,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/09 13:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 17:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 18:20:08 | 12,055,912 | ---- | M] (Open Text Inc.) -- C:\Program Files\FirstClass\fcc32.exe
PRC - [2007/06/11 18:27:24 | 00,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/05/25 08:41:38 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe
PRC - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2003/08/28 18:44:16 | 00,184,320 | ---- | M] () -- C:\Program Files\Sprint Virtual Assistant\bin\mpbtn.exe
PRC - [2002/07/24 17:33:13 | 00,016,384 | ---- | M] () -- C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
PRC - [2002/07/16 08:03:00 | 00,106,549 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfswctrl.exe
PRC - [2002/06/08 01:18:40 | 00,122,880 | ---- | M] (WildTangent) -- C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
PRC - [2002/05/21 23:28:58 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
PRC - [2002/05/15 03:29:02 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2002/05/15 03:20:50 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2001/07/06 21:56:56 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\KBD.EXE
PRC - [1998/05/07 16:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2009/11/11 08:42:56 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 17:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 17:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2002/07/24 17:33:13 | 00,024,576 | ---- | M] (BackWeb) -- C:\Documents and Settings\Owner\Local Settings\Temp\IadHide3.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/28 19:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/16 21:31:03 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/18 11:29:22 | 01,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/16 08:42:26 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/07 17:15:06 | 00,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/09 13:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/05/25 08:41:54 | 00,099,248 | ---- | M] () -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 08:41:38 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2002/05/03 17:06:00 | 00,061,440 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)


========== Driver Services (SafeList) ==========

DRV - [2009/10/12 21:24:56 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/12 21:24:54 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/12 21:24:52 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/28 15:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/11 09:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/10/01 11:24:02 | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/08/03 22:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
DRV - [2003/03/31 15:29:00 | 00,625,537 | ---- | M] (LT) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/07/24 16:36:23 | 00,028,164 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\system32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2002/07/16 08:03:00 | 00,095,125 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2002/07/16 08:03:00 | 00,091,156 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2002/07/16 08:03:00 | 00,054,900 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2002/07/16 08:03:00 | 00,034,805 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2002/07/16 08:03:00 | 00,023,701 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2002/07/16 08:03:00 | 00,014,421 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2002/07/16 08:03:00 | 00,006,325 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2002/07/16 08:03:00 | 00,004,117 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2002/07/16 08:03:00 | 00,002,201 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2002/07/13 04:27:04 | 00,155,008 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2002/06/19 16:43:44 | 00,005,589 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2002/06/19 16:42:58 | 00,022,995 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2002/06/06 09:56:00 | 00,040,368 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2002/06/05 10:21:00 | 00,081,552 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2002/05/22 19:44:06 | 00,069,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91})
DRV - [2002/05/22 19:43:56 | 00,090,336 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E})
DRV - [2002/05/22 19:42:54 | 00,078,045 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2002/05/03 17:06:00 | 00,931,882 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002/04/18 09:02:00 | 00,016,288 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2002/04/08 22:44:56 | 00,188,032 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2002/03/08 21:40:10 | 00,013,780 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/03/04 11:10:00 | 00,027,648 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2001/12/27 03:52:58 | 00,027,136 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\SISAGP.sys -- (SISAGP)
DRV - [2001/12/07 21:26:00 | 00,013,502 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001/08/18 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/17 12:50:26 | 00,731,648 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B)
DRV - [2001/08/08 13:13:36 | 00,158,140 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2001/08/08 13:13:30 | 00,012,479 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2001/08/08 13:13:30 | 00,012,031 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2001/08/08 13:13:30 | 00,011,679 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2001/08/08 13:13:28 | 00,019,359 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2001/08/08 13:13:28 | 00,011,999 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2001/08/08 13:13:26 | 00,033,503 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2001/08/08 13:13:24 | 00,029,215 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2001/08/08 13:13:24 | 00,023,519 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/08 13:13:24 | 00,019,199 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2001/06/04 14:00:00 | 00,014,112 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [1996/04/03 12:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4194836640-1754454779-3683679437-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
IE - HKU\S-1-5-21-4194836640-1754454779-3683679437-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-4194836640-1754454779-3683679437-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-4194836640-1754454779-3683679437-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4194836640-1754454779-3683679437-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-4194836640-1754454779-3683679437-1003\..\URLSearchHook: {19A0F032-27D7-4227-BBB5-51AA9E5904F5} - C:\Program Files\Dogpile Toolbar\Helper.dll ()
IE - HKU\S-1-5-21-4194836640-1754454779-3683679437-1003\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-4194836640-1754454779-3683679437-1003\..\URLSearchHook: EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-4194836640-1754454779-3683679437-1003\S-1-5-21-4194836640-1754454779-3683679437-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4194836640-1754454779-3683679437-1003\S-1-5-21-4194836640-1754454779-3683679437-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/16 08:42:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0346.1\Firefox [2009/11/09 21:00:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2009/11/09 21:00:22 | 00,000,000 | ---D | M]

[2009/11/09 20:54:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/11/09 20:54:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/22 21:30:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions
[2009/09/22 21:30:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll ()
O2 - BHO: (Freecause Toolbar BHO) - {399C60D2-38B1-4E25-B9E7-6498C1BC2DCD} - C:\Program Files\Dogpile Toolbar\Toolbar.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Gamevance Text) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0346.1\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0346.1\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (Dogpile Toolbar) - {C53FE659-316A-4F56-A194-A5BE491BE866} - C:\Program Files\Dogpile Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-4194836640-1754454779-3683679437-1003\..\Toolbar\ShellBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-4194836640-1754454779-3683679437-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-4194836640-1754454779-3683679437-1003\..\Toolbar\WebBrowser: (Dogpile Toolbar) - {C53FE659-316A-4F56-A194-A5BE491BE866} - C:\Program Files\Dogpile Toolbar\Toolbar.dll ()
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DDCActiveMenu] C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe (WildTangent)
O4 - HKLM..\Run: [DDCM] C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe (WildTangent)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0346.1\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-4194836640-1754454779-3683679437-1003..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-4194836640-1754454779-3683679437-1003..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
O4 - HKU\S-1-5-21-4194836640-1754454779-3683679437-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4194836640-1754454779-3683679437-1003..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-4194836640-1754454779-3683679437-1003..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-4194836640-1754454779-3683679437-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-4194836640-1754454779-3683679437-1003..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator.BUBBLES\Start Menu\Programs\Startup\AutoTBar.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4194836640-1754454779-3683679437-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-4194836640-1754454779-3683679437-1003\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www.freerealms.com/gamedata/FreeRealmsInstaller.cab (SonyOnlineInstallerX)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1233465652685 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1233504491483 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://content.embarq.synacor.com/gigantes...anner/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/bejeweled...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/07/24 00:18:29 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{2f449663-42fe-11de-8a05-00402b3f4e1a}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{4e136b9c-f30f-11dd-898d-00402b3f4e1a}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/11 08:42:48 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/11 05:22:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/11/09 21:00:03 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2009/11/09 20:59:20 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/11/09 20:54:45 | 00,000,000 | ---D | C] -- C:\Program Files\Dogpile Toolbar
[2009/11/09 20:54:33 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2009/11/09 20:54:21 | 00,000,000 | ---D | C] -- C:\Program Files\PlaySushi
[2009/11/05 23:02:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\crystal's new stuff
[2009/11/05 21:35:44 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/04 21:45:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2009/11/04 14:58:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/11/04 09:04:53 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/04 09:04:51 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/04 09:04:51 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/04 09:04:12 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/10/29 21:36:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/29 21:22:23 | 02,065,696 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2009/10/29 20:35:30 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2009/10/25 19:32:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Foxit Software
[2009/10/25 09:49:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\a-squared Free
[2009/10/25 09:49:09 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2009/10/19 16:37:39 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/10/18 10:48:39 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2009/10/18 10:48:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Foxit
[2009/10/18 10:13:25 | 00,000,000 | ---D | C] -- C:\Program Files\Lx_cats
[2009/10/18 10:12:52 | 00,000,000 | ---D | C] -- C:\logs
[2009/10/18 10:11:34 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2009/10/18 10:11:34 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2009/10/18 10:07:30 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar
[2009/10/18 10:07:12 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark 2500 Series
[2009/10/18 10:06:58 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2009/10/18 10:06:58 | 00,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2009/10/18 10:06:58 | 00,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2009/10/18 10:06:57 | 00,507,904 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxddutil.dll
[2009/10/18 10:06:56 | 00,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2009/10/18 10:06:55 | 01,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2009/10/18 10:06:55 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2009/10/18 10:06:55 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2009/10/18 10:06:55 | 00,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2009/10/18 10:06:54 | 00,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2009/10/18 10:06:54 | 00,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2009/10/18 10:06:54 | 00,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddih.exe
[2009/10/18 10:06:54 | 00,200,704 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxddinsb.dll
[2009/10/18 10:06:54 | 00,176,128 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxddins.dll
[2009/10/18 10:06:54 | 00,143,360 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxddjswr.dll
[2009/10/18 10:06:54 | 00,106,496 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxddinsr.dll
[2009/10/18 10:06:53 | 00,983,107 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lxddgf.dll
[2009/10/18 10:06:53 | 00,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2009/10/18 10:06:53 | 00,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcoms.exe
[2009/10/18 10:06:53 | 00,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2009/10/18 10:06:53 | 00,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcfg.exe
[2009/10/18 10:06:53 | 00,086,016 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxddcub.dll
[2009/10/18 10:06:53 | 00,077,906 | ---- | C] (Lexmark International) -- C:\WINDOWS\System32\lxddcfg.dll
[2009/10/18 10:06:53 | 00,077,824 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxddcu.dll
[2009/10/18 10:06:53 | 00,036,864 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxddcur.dll
[2009/10/17 09:46:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/10/17 09:46:01 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/17 09:46:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2009/10/17 09:43:23 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2009/10/16 20:14:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2009/10/16 19:51:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009/10/16 19:14:36 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/10/12 19:05:05 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/10/12 19:05:03 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/10/12 19:05:03 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/10/12 19:05:02 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/10/12 19:04:58 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/10/12 19:03:51 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/10/12 19:03:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2007/09/22 12:46:39 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[5 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/11 08:42:56 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/11 08:00:00 | 00,000,310 | ---- | M] () -- C:\WINDOWS\tasks\jvkapude.job
[2009/11/09 21:21:15 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\The Friendship Fish.doc
[2009/11/09 21:00:08 | 04,718,592 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/11/09 18:03:32 | 00,054,272 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\The human body.doc
[2009/11/08 12:00:00 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\Schedule Task Weekly.job
[2009/11/06 19:00:50 | 00,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/11/06 19:00:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/06 19:00:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/06 19:00:37 | 16,085,68832 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/06 18:52:09 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/06 18:51:09 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/11/06 09:28:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/05 22:45:33 | 00,038,744 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/05 22:29:26 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/05 07:49:05 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/11/05 07:48:59 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/11/04 21:43:08 | 00,282,833 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2009/11/04 14:59:18 | 00,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/04 14:57:43 | 07,280,672 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2009/11/04 09:04:56 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/04 09:04:24 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/11/04 09:02:46 | 00,262,656 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2009/11/04 08:29:04 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/11/02 18:01:01 | 00,000,869 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center UI.lnk
[2009/11/01 23:15:40 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/01 19:27:43 | 00,315,892 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 19:27:43 | 00,042,082 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 19:27:42 | 00,362,104 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/01 19:16:48 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/29 21:30:38 | 00,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/10/29 20:36:55 | 00,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/10/26 07:09:17 | 00,069,588 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\120065639-1256566146[1].pdf
[2009/10/22 02:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/22 02:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/10/21 06:39:31 | 00,000,575 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Malwarebytes' Anti-Malware.lnk
[2009/10/20 07:04:54 | 00,069,601 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\899918919-1256047484[1].pdf
[2009/10/20 07:02:28 | 00,071,401 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\882129920-1256047340[1].pdf
[2009/10/18 16:32:05 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\DIR.doc
[2009/10/18 11:17:01 | 00,000,153 | ---- | M] () -- C:\Documents and Settings\All Users\lxdd
[2009/10/18 11:13:44 | 00,421,499 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Envisioning the Future of Education.PDF
[2009/10/18 11:05:54 | 00,327,428 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\The Changing.PDF
[2009/10/18 10:48:44 | 00,000,218 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eBay.url
[2009/10/18 10:48:39 | 00,000,894 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2009/10/18 10:44:29 | 00,170,847 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\2299.pdf
[2009/10/18 10:29:30 | 00,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lexmark Imaging Studio - 2500 Series.LNK
[2009/10/18 10:13:13 | 00,062,013 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2009/10/17 09:56:53 | 00,000,271 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to sweet sixteen.lnk
[2009/10/17 09:56:46 | 00,000,319 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Crystal's Sweet Sixteen Party.lnk
[2009/10/17 09:43:23 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2009/10/14 02:17:32 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/14 02:03:49 | 00,000,726 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/12 19:11:02 | 00,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[5 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/09 21:21:14 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\The Friendship Fish.doc
[2009/11/09 18:03:32 | 00,054,272 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\The human body.doc
[2009/11/05 22:45:33 | 00,038,744 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/05 20:31:15 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/11/05 07:36:33 | 16,085,68832 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/04 21:37:28 | 00,282,833 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2009/11/04 15:08:01 | 06,291,456 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/11/04 14:59:18 | 00,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/04 09:04:56 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/04 09:02:45 | 00,262,656 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2009/10/29 21:38:41 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/29 21:30:37 | 00,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/10/29 20:36:55 | 00,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/10/26 07:10:45 | 00,069,588 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\120065639-1256566146[1].pdf
[2009/10/24 16:19:39 | 00,000,575 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Malwarebytes' Anti-Malware.lnk
[2009/10/20 07:05:06 | 00,069,601 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\899918919-1256047484[1].pdf
[2009/10/20 07:04:21 | 00,071,401 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\882129920-1256047340[1].pdf
[2009/10/18 16:32:05 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\DIR.doc
[2009/10/18 11:14:02 | 00,421,499 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Envisioning the Future of Education.PDF
[2009/10/18 11:06:31 | 00,327,428 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\The Changing.PDF
[2009/10/18 10:49:46 | 00,000,153 | ---- | C] () -- C:\Documents and Settings\All Users\lxdd
[2009/10/18 10:48:44 | 00,000,218 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eBay.url
[2009/10/18 10:48:39 | 00,000,894 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2009/10/18 10:44:29 | 00,170,847 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\2299.pdf
[2009/10/18 10:29:30 | 00,000,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lexmark Imaging Studio - 2500 Series.LNK
[2009/10/18 10:12:13 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2009/10/18 10:12:09 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2009/10/18 10:11:28 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2009/10/18 10:11:28 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2009/10/18 10:11:28 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2009/10/18 10:07:30 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2009/10/18 10:06:58 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2009/10/18 10:06:58 | 00,062,013 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf
[2009/10/18 10:06:54 | 00,646,455 | ---- | C] () -- C:\WINDOWS\System32\lxddhelp.chm
[2009/10/18 10:06:53 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2009/10/18 10:06:53 | 00,001,932 | ---- | C] () -- C:\WINDOWS\System32\lxdd.loc
[2009/10/17 09:56:53 | 00,000,271 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to sweet sixteen.lnk
[2009/10/17 09:56:46 | 00,000,319 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Crystal's Sweet Sixteen Party.lnk
[2009/10/17 09:44:42 | 07,280,672 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2009/10/12 19:11:02 | 00,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/03/15 18:07:42 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/03/14 20:01:32 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/14 20:01:32 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/31 13:45:47 | 00,000,094 | ---- | C] () -- C:\WINDOWS\family.ini
[2009/01/28 22:07:06 | 00,000,164 | ---- | C] () -- C:\WINDOWS\AvDetected.ini
[2009/01/05 14:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/11/07 19:15:11 | 00,014,400 | ---- | C] () -- C:\Program Files\Common Files\unusywo.inf
[2008/11/07 19:15:11 | 00,010,788 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\efuvip.dl
[2008/11/07 19:15:10 | 00,010,963 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\howiguqip.dll
[2008/11/06 19:04:21 | 00,017,700 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\obibinyfy._sy
[2008/11/06 19:04:21 | 00,010,100 | ---- | C] () -- C:\Program Files\Common Files\rizylipajy.dll
[2008/11/06 19:04:20 | 00,019,423 | ---- | C] () -- C:\Program Files\Common Files\obom._sy
[2008/11/06 19:04:20 | 00,011,426 | ---- | C] () -- C:\Program Files\Common Files\ogaty.com
[2008/11/06 19:04:19 | 00,016,759 | ---- | C] () -- C:\Program Files\Common Files\yredokubyv.scr
[2008/09/25 19:34:35 | 00,000,560 | ---- | C] () -- C:\Program Files\Global.sw
[2008/08/20 17:40:40 | 00,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2008/08/18 20:17:02 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2008/05/24 10:13:50 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2007/12/27 18:20:45 | 00,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll
[2007/12/27 18:20:45 | 00,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll
[2007/12/27 18:20:45 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll
[2007/12/27 18:20:45 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2007/12/26 15:44:01 | 00,004,987 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/08 09:55:57 | 00,000,274 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/04/24 06:38:44 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2007/04/01 15:12:24 | 00,015,666 | ---- | C] () -- C:\WINDOWS\wwdslcfg.ini
[2007/03/17 13:44:06 | 00,000,045 | ---- | C] () -- C:\WINDOWS\System32\RPVersion.ini
[2007/02/10 12:09:27 | 00,000,161 | ---- | C] () -- C:\WINDOWS\System32\vclwiz8.dll
[2007/01/30 21:31:39 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2006/08/13 13:57:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/03/18 13:27:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/03/12 16:53:40 | 00,000,051 | ---- | C] () -- C:\WINDOWS\KA.INI
[2006/03/09 14:26:17 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/12/27 13:11:28 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2005/12/16 11:09:30 | 00,000,195 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/12/14 11:46:57 | 00,000,043 | ---- | C] () -- C:\WINDOWS\Tlcpromo.ini
[2005/12/02 11:36:23 | 00,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2005/08/05 13:02:49 | 00,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2005/08/05 12:30:47 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JPR.{PB
[2005/08/05 12:30:47 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JCM.{PB
[2005/08/04 08:08:03 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/03/17 17:06:51 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/14 16:51:02 | 00,001,483 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/01/25 02:39:50 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\AnimWnd.dll
[2005/01/09 17:12:21 | 00,000,232 | ---- | C] () -- C:\WINDOWS\PrintMaster.INI
[2004/12/18 12:44:08 | 00,043,048 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/12/18 12:40:09 | 00,150,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\MLTCAP.sys
[2004/11/13 10:23:09 | 00,076,896 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
[2004/11/07 12:27:51 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/05/19 18:40:06 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\IrrShape.dll
[2002/07/26 20:41:34 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/07/24 17:32:31 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2002/07/24 17:32:31 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2002/07/24 16:41:48 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2002/07/24 16:34:36 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2002/07/24 16:10:35 | 00,000,029 | ---- | C] () -- C:\WINDOWS\ALSndMgr.ini
[2002/07/24 15:58:11 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2002/07/24 15:58:11 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2002/07/24 15:57:49 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2002/07/24 00:29:49 | 00,000,799 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/07/24 00:29:09 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2002/07/24 00:14:33 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/07/24 00:05:50 | 00,000,663 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/07/24 00:05:41 | 00,000,726 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/07/24 00:05:38 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/07/23 17:10:29 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2002/05/31 22:59:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/05/22 19:44:14 | 00,009,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\a312.sys
[2002/05/22 19:04:26 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2002/05/15 03:26:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2002/03/13 17:46:46 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2001/10/10 20:14:40 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\lfwmp12n.dll
[2001/08/31 22:33:58 | 00,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/08 13:13:22 | 00,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2000/04/12 01:28:12 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2000/04/12 01:24:10 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1999/07/23 13:46:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1997/11/17 17:13:16 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[1996/04/03 12:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2490DF4
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:235D5402
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE524528
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AA21473
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9A61FAD
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:619D6FE6
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DE807EE
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F31C4F
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35C88B93
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:522EA216
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3436F8BB
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10151AE6
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C017FB1
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC885335
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20C69EEE
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20240A47
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95546FDA
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5227364
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BFC67DE
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EA3450E
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D69B4B5
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F69BB936
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
< End of report >



and.....

OTL Extras logfile created on: 11/11/2009 8:43:58 AM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 63.30% Memory free
3.35 Gb Paging File | 2.94 Gb Available in Paging File | 87.79% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.90 Gb Total Space | 10.77 Gb Free Space | 21.15% Space Free | Partition Type: NTFS
Drive D: | 5.02 Gb Total Space | 1.30 Gb Free Space | 25.90% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUBBLES
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\hp center\137903\Program\BackWeb-137903.exe" = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903 -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\lxddcoms.exe" = C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: -- (Lexmark International, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Dogpile Toolbar\TroubleShooter.exe" = C:\Program Files\Dogpile Toolbar\TroubleShooter.exe:*:Enabled:Dogpile Toolbar (Helper) -- (FreeCause Inc.)
"C:\Program Files\Dogpile Toolbar\ToolbarUpdate.exe" = C:\Program Files\Dogpile Toolbar\ToolbarUpdate.exe:*:Enabled:Dogpile Toolbar (Update) -- (FreeCause Inc.)
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe" = C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = RecordNow Update Manager
"{0B5F5D71-117C-4381-98AC-9DBDAD5AE1B6}" = MSN Toolbar Platform
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Productivity Pack
"{3248F0A8-6813-11D6-A77B-00B0D0150170}" = J2SE Runtime Environment 5.0 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4F0AE1FB-4082-4A27-8363-05D292D92FB0}" = Virtual Warfare
"{52C8CFE4-7C7C-11D7-A021-0060979CE4D3}" = Zoom ADSL Modem
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8214CC02-6271-4DC8-B8DD-779933450264}" = RecordNow
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® 845G Chipset Graphics Driver Software
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B279B0DA-6F60-4FBD-9847-0C9AB79A3674}" = PigPen
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D6CAB2F4-26A4-48F4-A35D-CA83063E3928}" = Speedway
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E62C706B-1352-4DCA-B4D4-81C24750B70F}" = Detto IntelliMover Demo
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F7A4D9BE-D989-45B9-BB49-2C0EA34B9991}" = Kublox
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"{FF384BDE-429B-45AD-A0C6-E593393D9D1C}" = HP Memories Disc
"3DGroove" = 3D Groove Playback Engine
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Ask Toolbar_is1" = Ask Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BackWeb-137903 Uninstaller" = hp center
"BFGC" = Big Fish Games Client
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Dogpile Toolbar" = Dogpile Toolbar
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader" = Foxit Reader
"Free Realms Installer" = Free Realms Installer
"hp deskjet 5550 series" = hp deskjet 5550 series (Remove only)
"HP Instant Support" = HP Instant Support
"HPTOOLKIT" = hp toolkit
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only)
"Lexmark 2500 Series" = Lexmark 2500 Series
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate1.7" = LiveUpdate 1.7 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MusicManager" = Music Manager
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Playsushi" = Playsushi
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangentDDC" = WildTangent Channel Manager
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordPerfect Productivity Pack" = WordPerfect Productivity Pack
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4194836640-1754454779-3683679437-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/24/2009 3:42:24 PM | Computer Name = BUBBLES | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x03de9c5c.

Error - 6/24/2009 3:48:11 PM | Computer Name = BUBBLES | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x03de9c5c.

Error - 6/24/2009 3:54:07 PM | Computer Name = BUBBLES | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x04269c5c.

Error - 6/24/2009 4:05:50 PM | Computer Name = BUBBLES | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x03ee9c5c.

Error - 6/24/2009 4:40:54 PM | Computer Name = BUBBLES | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x03ee9c5c.

Error - 6/24/2009 4:42:03 PM | Computer Name = BUBBLES | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x04289c5c.

Error - 6/24/2009 4:48:57 PM | Computer Name = BUBBLES | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x043c9c5c.

Error - 6/24/2009 5:25:12 PM | Computer Name = BUBBLES | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x042c9c5c.

Error - 6/24/2009 9:56:02 PM | Computer Name = BUBBLES | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x03de9c5c.

Error - 6/25/2009 12:07:07 AM | Computer Name = BUBBLES | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x03ee9c5c.

[ System Events ]
Error - 11/6/2009 12:20:48 AM | Computer Name = BUBBLES | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 11/6/2009 12:26:38 AM | Computer Name = BUBBLES | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService
service to connect.

Error - 11/6/2009 12:26:38 AM | Computer Name = BUBBLES | Source = Service Control Manager | ID = 7000
Description = The lxddCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 11/6/2009 12:51:52 AM | Computer Name = BUBBLES | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService
service to connect.

Error - 11/6/2009 12:51:52 AM | Computer Name = BUBBLES | Source = Service Control Manager | ID = 7000
Description = The lxddCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 11/6/2009 12:52:48 AM | Computer Name = BUBBLES | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 11/6/2009 12:53:02 AM | Computer Name = BUBBLES | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the iPod Service service
to connect.

Error - 11/6/2009 12:53:02 AM | Computer Name = BUBBLES | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
%%1053

Error - 11/6/2009 10:02:50 PM | Computer Name = BUBBLES | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService
service to connect.

Error - 11/6/2009 10:02:50 PM | Computer Name = BUBBLES | Source = Service Control Manager | ID = 7000
Description = The lxddCATSCustConnectService service failed to start due to the
following error: %%1053


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:50 AM

Posted 11 November 2009 - 05:12 PM

Hi,


please download and run mbr:

Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >>"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
please also download and run ComboFix:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • rename it to fun.exe
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 tkccm

tkccm
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Location:Nevada
  • Local time:02:50 AM

Posted 11 November 2009 - 08:27 PM

mbr log

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
kernel: MBR read successfully
user & kernel MBR OK

#6 tkccm

tkccm
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Location:Nevada
  • Local time:02:50 AM

Posted 11 November 2009 - 11:32 PM

combo fix log...

ComboFix 09-11-11.02 - Owner 11/11/2009 19:12.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.974 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\fun.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Owner\LOCALS~1\Temp\IadHide3.dll
c:\documents and settings\Clay\Application Data\fubema.bat
c:\documents and settings\Clay\Application Data\talad.bat
c:\documents and settings\Clay\Local Settings\Application Data\acycuf.bat
c:\documents and settings\Owner\Local Settings\Temp\IadHide3.dll
c:\program files\Common Files\unusywo.inf
c:\program files\PlaySushi\PSTExt.dll
c:\recycler\S-1-5-21-2035789119-2038945071-357464061-1003
c:\recycler\S-1-5-21-2035789119-2038945071-357464061-1008
c:\recycler\S-1-5-21-2035789119-2038945071-357464061-1009
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\eqot.exe
c:\windows\patch.exe
c:\windows\system32\icuxazibo.bat
c:\windows\system32\ps2.bat
c:\windows\vydez.scr
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2009-10-12 to 2009-11-12 )))))))))))))))))))))))))))))))
.

2009-11-12 01:16 . 2009-11-12 01:25 77312 ----a-w- C:\mbr.exe
2009-11-11 00:57 . 2009-11-11 00:57 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-10 04:00 . 2009-11-10 04:00 -------- d-----w- c:\program files\MSN Toolbar
2009-11-10 03:59 . 2009-11-10 03:59 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-10 03:54 . 2009-11-10 03:55 -------- d-----w- c:\program files\Dogpile Toolbar
2009-11-10 03:54 . 2009-11-10 04:00 -------- d-----w- c:\program files\MSN Toolbar Installer
2009-11-10 03:54 . 2009-11-12 02:36 -------- d-----w- c:\program files\PlaySushi
2009-11-06 22:01 . 2009-11-06 22:01 188928 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.dll
2009-11-06 05:45 . 2009-11-06 05:45 38744 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-04 21:58 . 2009-11-04 21:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-04 16:04 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-04 16:04 . 2009-11-04 16:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-04 16:04 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-30 04:36 . 2009-10-30 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-30 04:22 . 2009-08-29 01:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-10-30 03:41 . 2009-10-30 03:41 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-30 03:35 . 2009-10-30 03:36 -------- d-----w- c:\program files\Safari
2009-10-26 02:32 . 2009-10-26 02:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Foxit Software
2009-10-25 16:49 . 2009-11-04 15:51 -------- d-----w- c:\program files\a-squared Free
2009-10-24 23:14 . 2009-11-04 22:21 117760 ----a-w- c:\documents and settings\Administrator.BUBBLES\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-24 23:14 . 2009-10-24 23:14 -------- d-----w- c:\documents and settings\Administrator.BUBBLES\Application Data\SUPERAntiSpyware.com
2009-10-21 18:59 . 2009-10-21 18:59 -------- d-----w- c:\documents and settings\Administrator.BUBBLES\Application Data\Malwarebytes
2009-10-19 23:37 . 2009-10-19 23:37 -------- d-----w- c:\program files\ESET
2009-10-18 17:48 . 2009-10-18 17:48 -------- d-----w- c:\program files\Foxit Software
2009-10-18 17:48 . 2009-10-18 17:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Foxit
2009-10-18 17:13 . 2009-10-22 02:12 -------- d-----w- c:\program files\Lx_cats
2009-10-18 17:12 . 2009-10-18 17:12 -------- d-----w- C:\logs
2009-10-18 17:12 . 2006-05-18 08:47 40960 ----a-w- c:\windows\system32\lxddvs.dll
2009-10-18 17:12 . 2007-03-28 20:16 344064 ----a-w- c:\windows\system32\lxddcoin.dll
2009-10-18 17:11 . 2008-04-13 16:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-18 17:11 . 2008-04-13 16:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-18 17:11 . 2007-01-24 01:40 65536 ----a-w- c:\windows\system32\lxddcaps.dll
2009-10-18 17:11 . 2007-01-09 23:13 692224 ----a-w- c:\windows\system32\lxdddrs.dll
2009-10-18 17:11 . 2006-10-06 23:08 69632 ----a-w- c:\windows\system32\lxddcnv4.dll
2009-10-18 17:07 . 2009-10-18 17:29 -------- d-----w- c:\program files\Lexmark Toolbar
2009-10-18 17:07 . 2009-10-18 17:11 -------- d-----w- c:\program files\Lexmark 2500 Series
2009-10-17 17:09 . 2009-10-17 17:09 -------- d-sh--w- c:\documents and settings\Administrator.BUBBLES\IETldCache
2009-10-17 16:46 . 2009-11-05 05:30 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-17 16:46 . 2009-10-17 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-17 16:46 . 2009-11-04 21:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-17 16:46 . 2009-10-17 16:46 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-10-17 03:14 . 2009-10-17 03:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2009-10-17 02:51 . 2009-10-17 03:01 -------- d-----w- c:\windows\BDOSCAN8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-12 03:10 . 2009-08-19 23:25 -------- d-----w- c:\program files\Steam
2009-11-12 03:03 . 2009-05-30 16:36 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-11-12 02:53 . 2009-05-30 16:36 -------- d-----w- c:\program files\DNA
2009-11-04 15:53 . 2009-03-12 14:58 -------- d-----w- c:\program files\SpeedFan
2009-10-30 04:59 . 2007-12-26 18:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-10-30 04:38 . 2008-09-20 01:52 -------- d-----w- c:\program files\iTunes
2009-10-30 04:36 . 2008-09-20 01:52 -------- d-----w- c:\program files\iPod
2009-10-30 04:31 . 2008-09-20 01:47 -------- d-----w- c:\program files\QuickTime
2009-10-30 04:25 . 2007-12-26 18:01 -------- d-----w- c:\program files\Common Files\Apple
2009-10-30 03:29 . 2008-09-20 01:50 -------- d-----w- c:\program files\Bonjour
2009-10-26 13:36 . 2009-04-26 03:41 -------- d-----w- c:\program files\PopCap Games
2009-10-17 17:04 . 2009-05-15 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-17 04:31 . 2006-06-12 17:56 -------- d-----w- c:\program files\Google
2009-10-17 02:41 . 2009-09-22 01:04 -------- d-----w- c:\program files\ThreatFire
2009-10-17 02:09 . 2008-09-15 03:18 -------- d-----w- c:\program files\Nick Arcade
2009-10-13 13:31 . 2002-07-24 23:35 -------- d-----w- c:\program files\HPSelect
2009-10-13 02:03 . 2009-10-13 02:03 -------- d-----w- c:\program files\Avira
2009-10-13 02:03 . 2009-10-13 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-10-13 01:09 . 2002-07-25 00:39 -------- d-----w- c:\program files\PC-Doctor for Windows XP
2009-10-13 01:05 . 2009-09-20 21:26 -------- d-----w- c:\program files\PC Tools AntiVirus
2009-10-13 01:05 . 2009-09-20 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-12 21:47 . 2007-11-20 02:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-23 04:30 . 2009-09-23 04:30 -------- d-----w- c:\program files\AskBarDis
2009-09-20 21:15 . 2009-08-20 02:37 -------- d-----w- c:\program files\Plants vs Zombies
2009-09-20 21:14 . 2009-05-02 05:19 -------- d-----w- c:\program files\Master Of Defense
2009-09-20 21:08 . 2007-07-06 20:28 -------- d-----w- c:\program files\Common Files\AOL
2009-09-20 20:57 . 2009-07-17 03:53 -------- d-----w- c:\program files\Embarq Online Security 8
2009-09-20 20:45 . 2009-07-17 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
2009-09-20 20:42 . 2002-07-24 23:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-11 14:18 . 2002-08-04 01:45 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2002-08-04 01:45 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 02:24 . 2008-07-12 16:11 34 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2009-08-29 08:08 . 2002-07-24 07:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 01:42 . 2007-12-26 18:02 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 08:00 . 2002-08-04 01:46 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-21 18:58 . 2009-04-26 03:42 164 ----a-w- c:\windows\popcinfot.dat
2009-08-20 21:09 . 2009-08-20 21:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-20 14:15 . 2007-04-18 03:35 81 -c-ha-w- c:\windows\popcinfo.dat
2009-08-19 23:48 . 2009-08-19 23:48 2383904 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2009-08-18 18:30 . 2009-08-18 18:30 564616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2009-08-18 18:24 . 2009-08-18 18:24 17816 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2009-08-16 15:42 . 2009-08-16 15:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-16 15:40 . 2009-08-16 15:40 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2008-12-05 03:52 . 2008-09-26 02:34 560 ----a-w- c:\program files\Global.sw
2008-11-07 02:04 . 2008-11-07 02:04 10100 ----a-w- c:\program files\Common Files\rizylipajy.dll
2008-11-07 02:04 . 2008-11-07 02:04 19423 ----a-w- c:\program files\Common Files\obom._sy
2008-11-07 02:04 . 2008-11-07 02:04 11426 ----a-w- c:\program files\Common Files\ogaty.com
2008-11-07 02:04 . 2008-11-07 02:04 16759 ----a-w- c:\program files\Common Files\yredokubyv.scr
2007-09-22 19:46 . 2007-09-22 19:46 774144 -c--a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{19A0F032-27D7-4227-BBB5-51AA9E5904F5}"= "c:\program files\Dogpile Toolbar\Helper.dll" [2009-05-26 219648]

[HKEY_CLASSES_ROOT\clsid\{19a0f032-27d7-4227-bbb5-51aa9e5904f5}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4F996865-1782-4614-BAF5-C1365A030352}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 23:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{399C60D2-38B1-4E25-B9E7-6498C1BC2DCD}]
2009-05-26 15:41 1297920 ----a-w- c:\program files\Dogpile Toolbar\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
"{C53FE659-316A-4F56-A194-A5BE491BE866}"= "c:\program files\Dogpile Toolbar\Toolbar.dll" [2009-05-26 1297920]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{c53fe659-316a-4f56-a194-a5be491be866}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{587A2AD9-5F47-4029-8123-77327768C9F3}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C53FE659-316A-4F56-A194-A5BE491BE866}"= "c:\program files\Dogpile Toolbar\Toolbar.dll" [2009-05-26 1297920]

[HKEY_CLASSES_ROOT\clsid\{c53fe659-316a-4f56-a194-a5be491be866}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{587A2AD9-5F47-4029-8123-77327768C9F3}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-07 323392]
"Steam"="c:\program files\Steam\Steam.exe" [2009-10-24 1217808]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-17 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2001-07-07 61440]
"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-05-09 155648]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-07-16 106549]
"DDCM"="c:\program files\WildTangent\DDC\DDCManager\DDCMan.exe" [2002-06-08 122880]
"DDCActiveMenu"="c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" [2002-06-08 86016]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2001-12-19 212992]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-05-15 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-05-15 114688]
"PS2"="c:\windows\system32\ps2.exe" [2002-06-14 81920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-22 188416]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-16 149280]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-12 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0346.1\mswinext.exe" [2009-11-01 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2002-05-04 364544]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\Administrator.BUBBLES\Start Menu\Programs\Startup\
AutoTBar.exe [2002-5-30 40960]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2002-5-30 40960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp center UI.lnk - c:\program files\hp center\137903\Shadow\ShadowBar.exe [2002-7-24 69632]
hp center.lnk - c:\program files\hp center\137903\Program\BackWeb-137903.exe [2002-7-24 16384]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Sprint FastConnect virtual assistant.lnk - c:\program files\Sprint Virtual Assistant\bin\matcli.exe [2005-12-2 212992]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Dogpile Toolbar\\TroubleShooter.exe"=
"c:\\Program Files\\Dogpile Toolbar\\ToolbarUpdate.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2002-07-27 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-07-27 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://srch-us6.hpwis.com/
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - c:\program files\PlaySushi\PSText.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
URLSearchHooks-EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\malwarebytes' anti-malware\mbam.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-11 19:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2584)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxddcoms.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-11-12 20:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-12 03:34

Pre-Run: 11,558,920,192 bytes free
Post-Run: 11,863,224,320 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - AEB26322C5F342D07DBC17220CC3ED46

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:50 AM

Posted 12 November 2009 - 07:00 AM

Hi,

that isn't looking too bad. There are a couple of entries left, for which I want you to run the following script:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\program files\Common Files\rizylipajy.dll
c:\program files\Common Files\obom._sy
c:\program files\Common Files\ogaty.com
c:\program files\Common Files\yredokubyv.scr


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 tkccm

tkccm
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Location:Nevada
  • Local time:02:50 AM

Posted 12 November 2009 - 09:05 PM

ComboFix 09-11-13.04 - Owner 11/12/2009 18:21.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1093 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\fun.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\program files\Common Files\obom._sy"
"c:\program files\Common Files\ogaty.com"
"c:\program files\Common Files\rizylipajy.dll"
"c:\program files\Common Files\yredokubyv.scr"
.

((((((((((((((((((((((((( Files Created from 2009-10-13 to 2009-11-13 )))))))))))))))))))))))))))))))
.

2009-11-12 01:16 . 2009-11-12 01:25 77312 ----a-w- C:\mbr.exe
2009-11-11 00:57 . 2009-11-11 00:57 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-10 04:00 . 2009-11-10 04:00 -------- d-----w- c:\program files\MSN Toolbar
2009-11-10 03:59 . 2009-11-10 03:59 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-10 03:54 . 2009-11-10 03:55 -------- d-----w- c:\program files\Dogpile Toolbar
2009-11-10 03:54 . 2009-11-10 04:00 -------- d-----w- c:\program files\MSN Toolbar Installer
2009-11-10 03:54 . 2009-11-12 02:36 -------- d-----w- c:\program files\PlaySushi
2009-11-06 22:01 . 2009-11-06 22:01 188928 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.dll
2009-11-06 05:45 . 2009-11-06 05:45 38744 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-30 04:36 . 2009-10-30 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-30 04:22 . 2009-08-29 01:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-10-30 03:41 . 2009-10-30 03:41 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-30 03:35 . 2009-10-30 03:36 -------- d-----w- c:\program files\Safari
2009-10-26 02:32 . 2009-10-26 02:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Foxit Software
2009-10-25 16:49 . 2009-11-04 15:51 -------- d-----w- c:\program files\a-squared Free
2009-10-24 23:14 . 2009-11-04 22:21 117760 ----a-w- c:\documents and settings\Administrator.BUBBLES\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-24 23:14 . 2009-10-24 23:14 -------- d-----w- c:\documents and settings\Administrator.BUBBLES\Application Data\SUPERAntiSpyware.com
2009-10-21 18:59 . 2009-10-21 18:59 -------- d-----w- c:\documents and settings\Administrator.BUBBLES\Application Data\Malwarebytes
2009-10-19 23:37 . 2009-10-19 23:37 -------- d-----w- c:\program files\ESET
2009-10-18 17:48 . 2009-10-18 17:48 -------- d-----w- c:\program files\Foxit Software
2009-10-18 17:48 . 2009-10-18 17:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Foxit
2009-10-18 17:13 . 2009-10-22 02:12 -------- d-----w- c:\program files\Lx_cats
2009-10-18 17:12 . 2009-10-18 17:12 -------- d-----w- C:\logs
2009-10-18 17:12 . 2006-05-18 08:47 40960 ----a-w- c:\windows\system32\lxddvs.dll
2009-10-18 17:12 . 2007-03-28 20:16 344064 ----a-w- c:\windows\system32\lxddcoin.dll
2009-10-18 17:11 . 2008-04-13 16:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-18 17:11 . 2008-04-13 16:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-18 17:11 . 2007-01-24 01:40 65536 ----a-w- c:\windows\system32\lxddcaps.dll
2009-10-18 17:11 . 2007-01-09 23:13 692224 ----a-w- c:\windows\system32\lxdddrs.dll
2009-10-18 17:11 . 2006-10-06 23:08 69632 ----a-w- c:\windows\system32\lxddcnv4.dll
2009-10-18 17:07 . 2009-10-18 17:29 -------- d-----w- c:\program files\Lexmark Toolbar
2009-10-18 17:07 . 2009-10-18 17:11 -------- d-----w- c:\program files\Lexmark 2500 Series
2009-10-17 17:09 . 2009-10-17 17:09 -------- d-sh--w- c:\documents and settings\Administrator.BUBBLES\IETldCache
2009-10-17 16:46 . 2009-10-17 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-17 16:46 . 2009-11-13 00:11 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-10-17 16:46 . 2009-11-13 00:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-17 03:14 . 2009-10-17 03:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2009-10-17 02:51 . 2009-10-17 03:01 -------- d-----w- c:\windows\BDOSCAN8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-13 01:46 . 2009-05-30 16:36 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-11-13 01:14 . 2009-08-19 23:25 -------- d-----w- c:\program files\Steam
2009-11-13 01:06 . 2009-05-30 16:36 -------- d-----w- c:\program files\DNA
2009-11-04 15:53 . 2009-03-12 14:58 -------- d-----w- c:\program files\SpeedFan
2009-10-30 04:59 . 2007-12-26 18:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-10-30 04:38 . 2008-09-20 01:52 -------- d-----w- c:\program files\iTunes
2009-10-30 04:36 . 2008-09-20 01:52 -------- d-----w- c:\program files\iPod
2009-10-30 04:31 . 2008-09-20 01:47 -------- d-----w- c:\program files\QuickTime
2009-10-30 04:25 . 2007-12-26 18:01 -------- d-----w- c:\program files\Common Files\Apple
2009-10-30 03:29 . 2008-09-20 01:50 -------- d-----w- c:\program files\Bonjour
2009-10-26 13:36 . 2009-04-26 03:41 -------- d-----w- c:\program files\PopCap Games
2009-10-17 17:04 . 2009-05-15 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-17 04:31 . 2006-06-12 17:56 -------- d-----w- c:\program files\Google
2009-10-17 02:41 . 2009-09-22 01:04 -------- d-----w- c:\program files\ThreatFire
2009-10-17 02:09 . 2008-09-15 03:18 -------- d-----w- c:\program files\Nick Arcade
2009-10-13 13:31 . 2002-07-24 23:35 -------- d-----w- c:\program files\HPSelect
2009-10-13 02:03 . 2009-10-13 02:03 -------- d-----w- c:\program files\Avira
2009-10-13 02:03 . 2009-10-13 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-10-13 01:09 . 2002-07-25 00:39 -------- d-----w- c:\program files\PC-Doctor for Windows XP
2009-10-13 01:05 . 2009-09-20 21:26 -------- d-----w- c:\program files\PC Tools AntiVirus
2009-10-13 01:05 . 2009-09-20 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-12 21:47 . 2007-11-20 02:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-23 04:30 . 2009-09-23 04:30 -------- d-----w- c:\program files\AskBarDis
2009-09-20 21:15 . 2009-08-20 02:37 -------- d-----w- c:\program files\Plants vs Zombies
2009-09-20 21:14 . 2009-05-02 05:19 -------- d-----w- c:\program files\Master Of Defense
2009-09-20 21:08 . 2007-07-06 20:28 -------- d-----w- c:\program files\Common Files\AOL
2009-09-20 20:57 . 2009-07-17 03:53 -------- d-----w- c:\program files\Embarq Online Security 8
2009-09-20 20:45 . 2009-07-17 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
2009-09-20 20:42 . 2002-07-24 23:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-11 14:18 . 2002-08-04 01:45 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2002-08-04 01:45 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 02:24 . 2008-07-12 16:11 34 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2009-08-29 08:08 . 2002-07-24 07:05 916480 ------w- c:\windows\system32\wininet.dll
2009-08-29 01:42 . 2007-12-26 18:02 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 08:00 . 2002-08-04 01:46 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-21 18:58 . 2009-04-26 03:42 164 ----a-w- c:\windows\popcinfot.dat
2009-08-20 21:09 . 2009-08-20 21:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-20 14:15 . 2007-04-18 03:35 81 -c-ha-w- c:\windows\popcinfo.dat
2009-08-19 23:48 . 2009-08-19 23:48 2383904 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2009-08-18 18:30 . 2009-08-18 18:30 564616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2009-08-18 18:24 . 2009-08-18 18:24 17816 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2009-08-16 15:42 . 2009-08-16 15:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-16 15:40 . 2009-08-16 15:40 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2008-12-05 03:52 . 2008-09-26 02:34 560 ----a-w- c:\program files\Global.sw
2007-09-22 19:46 . 2007-09-22 19:46 774144 -c--a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-12_02.50.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-13 01:06 . 2009-11-13 01:06 16384 c:\windows\Temp\Perflib_Perfdata_3d8.dat
- 2009-02-04 23:07 . 2009-10-14 09:09 90112 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2009-02-04 23:07 . 2009-11-12 11:07 90112 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2009-02-04 23:07 . 2009-10-14 09:09 45056 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2009-02-04 23:07 . 2009-11-12 11:07 45056 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2009-02-04 23:07 . 2009-11-12 11:07 22528 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2009-02-04 23:07 . 2009-10-14 09:09 22528 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2009-02-04 23:07 . 2009-10-14 09:09 30720 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2009-02-04 23:07 . 2009-11-12 11:07 30720 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2009-02-04 23:07 . 2009-10-14 09:09 16384 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2009-02-04 23:07 . 2009-11-12 11:07 16384 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2009-02-04 23:07 . 2009-11-12 11:07 34304 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2009-02-04 23:07 . 2009-10-14 09:09 34304 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-11-12 11:00 . 2009-11-12 11:00 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2009-10-27 09:02 . 2009-10-27 09:02 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-02-04 23:07 . 2009-11-12 11:07 3584 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2009-02-04 23:07 . 2009-10-14 09:09 3584 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2009-02-04 23:07 . 2009-10-14 09:09 8192 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-02-04 23:07 . 2009-11-12 11:07 8192 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2009-02-04 23:07 . 2009-10-14 09:09 2560 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-02-04 23:07 . 2009-11-12 11:07 2560 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2002-07-24 00:09 . 2009-11-12 11:31 182632 c:\windows\system32\FNTCACHE.DAT
- 2002-07-24 00:09 . 2009-08-07 19:31 182632 c:\windows\system32\FNTCACHE.DAT
- 2009-02-04 23:07 . 2009-10-14 09:09 114688 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2009-02-04 23:07 . 2009-11-12 11:07 114688 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2002-08-04 01:46 . 2009-08-14 13:21 1850624 c:\windows\system32\win32k.sys
+ 2009-02-01 21:19 . 2009-08-14 13:21 1850624 c:\windows\system32\dllcache\win32k.sys
+ 2009-09-30 22:11 . 2009-09-30 22:11 8409088 c:\windows\Installer\1bc5959.msp
+ 2009-08-18 19:58 . 2009-08-18 19:58 8301056 c:\windows\Installer\1bc5946.msp
+ 2005-05-10 23:50 . 2009-11-05 17:36 26768832 c:\windows\system32\MRT.exe
+ 2009-10-09 01:04 . 2009-10-09 01:04 17510400 c:\windows\Installer\1bc593d.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{19A0F032-27D7-4227-BBB5-51AA9E5904F5}"= "c:\program files\Dogpile Toolbar\Helper.dll" [2009-05-26 219648]

[HKEY_CLASSES_ROOT\clsid\{19a0f032-27d7-4227-bbb5-51aa9e5904f5}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4F996865-1782-4614-BAF5-C1365A030352}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 23:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{399C60D2-38B1-4E25-B9E7-6498C1BC2DCD}]
2009-05-26 15:41 1297920 ----a-w- c:\program files\Dogpile Toolbar\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
"{C53FE659-316A-4F56-A194-A5BE491BE866}"= "c:\program files\Dogpile Toolbar\Toolbar.dll" [2009-05-26 1297920]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{c53fe659-316a-4f56-a194-a5be491be866}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{587A2AD9-5F47-4029-8123-77327768C9F3}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C53FE659-316A-4F56-A194-A5BE491BE866}"= "c:\program files\Dogpile Toolbar\Toolbar.dll" [2009-05-26 1297920]

[HKEY_CLASSES_ROOT\clsid\{c53fe659-316a-4f56-a194-a5be491be866}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{587A2AD9-5F47-4029-8123-77327768C9F3}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-07 323392]
"Steam"="c:\program files\Steam\Steam.exe" [2009-10-24 1217808]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-17 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2001-07-07 61440]
"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-05-09 155648]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-07-16 106549]
"DDCM"="c:\program files\WildTangent\DDC\DDCManager\DDCMan.exe" [2002-06-08 122880]
"DDCActiveMenu"="c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" [2002-06-08 86016]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2001-12-19 212992]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-05-15 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-05-15 114688]
"PS2"="c:\windows\system32\ps2.exe" [2002-06-14 81920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-22 188416]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-16 149280]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-12 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0346.1\mswinext.exe" [2009-11-01 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2002-05-04 364544]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2002-5-30 40960]

c:\documents and settings\Administrator.BUBBLES\Start Menu\Programs\Startup\
AutoTBar.exe [2002-5-30 40960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp center UI.lnk - c:\program files\hp center\137903\Shadow\ShadowBar.exe [2002-7-24 69632]
hp center.lnk - c:\program files\hp center\137903\Program\BackWeb-137903.exe [2002-7-24 16384]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Sprint FastConnect virtual assistant.lnk - c:\program files\Sprint Virtual Assistant\bin\matcli.exe [2005-12-2 212992]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Dogpile Toolbar\\TroubleShooter.exe"=
"c:\\Program Files\\Dogpile Toolbar\\ToolbarUpdate.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/12/2009 7:04 PM 108289]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/11/2009 4:40 PM 24652]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [8/18/2009 11:29 AM 1529728]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [10/18/2009 10:12 AM 99248]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2002-07-27 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-07-27 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://srch-us6.hpwis.com/
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - c:\program files\PlaySushi\PSText.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-12 18:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(336)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-12 19:01
ComboFix-quarantined-files.txt 2009-11-13 02:00
ComboFix2.txt 2009-11-13 00:53
ComboFix3.txt 2009-11-12 03:37

Pre-Run: 11,780,202,496 bytes free
Post-Run: 11,734,003,712 bytes free

- - End Of File - - 899A38FAE1CD06E1EC3F3CF14D59629E

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:50 AM

Posted 13 November 2009 - 08:12 AM

Hi,

you never posted the mbr log. Could you please do so now.

How is your PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 tkccm

tkccm
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Location:Nevada
  • Local time:02:50 AM

Posted 13 November 2009 - 08:06 PM

mbr log

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
kernel: MBR read successfully
user & kernel MBR OK


The computer seems to be doing a little better. Not so many attempts to log in to the internet, and not as many broken links. Will us it more tonight and see how it does.

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:50 AM

Posted 15 November 2009 - 06:11 PM

Hi,

your PC is looking fine to me now. :( There seems to be no Master Boot Record infection either.

Just to be sagfe I would like you to run a scan with Eset:
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
regartds myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 tkccm

tkccm
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Location:Nevada
  • Local time:02:50 AM

Posted 16 November 2009 - 09:52 AM

ESET Scan log....

C:\Qoobox\Quarantine\C\Program Files\PlaySushi\PSText.dll.vir Win32/Adware.Gamevance application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP217\A0130452.dll a variant of Win32/Adware.Gamevance.AA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP253\A0134255.EXE Win32/Agent.NVP trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP253\A0134256.exe Win32/Agent.NVP trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP268\snapshot\MFEX-1.DAT Win32/Adware.Gamevance application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP268\snapshot\MFEX-2.DAT Win32/Adware.Gamevance application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP269\A0141726.dll Win32/Adware.Gamevance application cleaned by deleting - quarantined
C:\WINDOWS\system32\futrvdtd.0ni Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:50 AM

Posted 16 November 2009 - 11:13 AM

Hi,

what issues are you still having? Please describe them.

Please also update your Java version:
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 17.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 tkccm

tkccm
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Location:Nevada
  • Local time:02:50 AM

Posted 16 November 2009 - 10:38 PM

My computer is running much better. I still have some issues with searching the web. I will be in the middle of something, click to go to a site, and it will take a long time and then it will say my browser is not available. I also still get broken links online. Have tried posting this 3 times already.

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:50 AM

Posted 17 November 2009 - 10:57 AM

Hi,

what browser are you using?

Could you please try to empty your temp-folders and let me know if that fixes the problem:
Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users