Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Malware Defense Need Additional Support


  • This topic is locked This topic is locked
7 replies to this topic

#1 sublimespacegirl

sublimespacegirl

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 19 January 2010 - 12:09 PM

I am having problems with Malware Defense. I followed your guide posted on 12/9/09 to uninstall it on Friday 1/15/10. And the pop-ups, redirects and tacky desktop icons are gone. However the next day I used my computer (Monday), an Avast warning popped up twice saying it found two different Trojans on my computer. I deleted them through Avast. Today (Tuesday) my computer is running unusually slow and I was just redirected to a website and a pop-up appeared saying my computer may be infected and to download additional programs. I went into my task manager and closed everything and then went straight to this website. All my logs are included. Any help you can provide would be greatly appreciated. Thank you.


DDS (Ver_09-12-01.01) - NTFSx86
Run by KatyG at 9:49:25.69 on Tue 01/19/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.405 [GMT -7:00]

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: avast! antivirus 4.8.1368 [VPS 100119-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\katyg\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [cls_pack.exe] c:\docume~1\katyg\locals~1\temp\cls_pack.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\3DJm1VJ34.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
AppInit_DLLs: APITRAP.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\katyg\applic~1\mozilla\firefox\profiles\j6u8ggca.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=CFTP2V5&o=10159&locale=en_US&q=
FF - plugin: c:\documents and settings\katyg\application data\mozilla\firefox\profiles\j6u8ggca.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-1-15 114768]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-15 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-15 138680]
R2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2003-9-2 20064]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-15 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-15 352920]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [2009-10-15 142336]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [2009-10-15 524288]
S3 vtdg46xx;vtdg46xx;c:\progra~1\turtle~1\santac~1\contro~1\vtdg46xx.sys [2009-10-15 19232]
S4 Dmadcml;Dmadcml;c:\windows\system32\drivers\mtlstrm.sys [2009-10-14 1309184]

=============== Created Last 30 ================

2010-01-18 15:39:34 3428 ----a-w- c:\windows\winzip32.ini
2010-01-15 21:47:05 0 d-----w- c:\docume~1\katyg\applic~1\Malwarebytes
2010-01-15 21:47:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-15 21:46:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-15 21:46:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-15 21:46:58 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-15 18:17:43 182784 ----a-w- c:\windows\system32\ddao35.dll
2010-01-15 18:17:43 13760 ----a-w- c:\windows\system32\drivers\qdfsdrv.sys
2010-01-15 18:17:42 86016 ----a-w- c:\windows\system32\apitrap.dll
2010-01-15 18:17:41 90112 ----a-w- c:\windows\system32\qdcsinet.dll
2010-01-15 18:17:34 0 d-----w- c:\docume~1\katyg\applic~1\Symantec
2010-01-15 18:17:33 437528 ----a-w- c:\windows\system32\401COMUPD.EXE
2010-01-15 18:17:33 0 d-----w- c:\program files\common files\Symantec Shared
2010-01-15 18:17:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-01-15 18:17:24 0 d-----w- c:\program files\Symantec
2010-01-15 18:17:22 0 d-----w- c:\program files\Norton CleanSweep
2010-01-15 18:17:12 305152 ----a-w- c:\windows\IsUninst.exe
2010-01-15 18:17:10 0 d-----w- c:\documents and settings\katyg\WINDOWS
2010-01-15 16:40:59 1048 ----a-w- c:\windows\system32\h8srtshsyst.dll
2010-01-15 15:40:34 1180 ----a-w- c:\windows\system32\h8srtkrl32mainweq.dll
2010-01-15 15:39:16 241 ----a-w- c:\windows\system32\H8SRTtlmiqxivbf.dat
2010-01-15 15:39:15 23040 ----a-w- c:\windows\system32\H8SRTtfmqrmtalm.dll
2010-01-15 15:39:14 40448 ----a-w- c:\windows\system32\drivers\H8SRTrldnqqhwbu.sys
2010-01-13 15:24:22 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-28 16:31:54 221184 ----a-w- c:\windows\system32\wmpns.dll

==================== Find3M ====================

2010-01-14 18:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-08 17:43:08 51355 ----a-w- c:\windows\fonts\AdobeFnt09.lst
2009-11-11 22:27:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-29 05:38:23 667136 ----a-w- c:\windows\system32\wininet.dll

============= FINISH: 9:50:23.37 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 sublimespacegirl

sublimespacegirl
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 20 January 2010 - 11:11 AM

I also get the attached "Security Warning" when I turn my computer on every morning. I believe this may be left over from the uninstall.


===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days, up to more than a week, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Elise - forum moderator

Attached Files


Edited by elise025, 22 January 2010 - 09:22 AM.


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:37 PM

Posted 25 January 2010 - 09:09 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 sublimespacegirl

sublimespacegirl
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 25 January 2010 - 05:45 PM

OTL Extras logfile created on: 1/25/2010 3:30:07 PM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\katyg\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 366.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 24.57 Gb Free Space | 65.97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 56.18 Gb Total Space | 15.54 Gb Free Space | 27.66% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive M: | 452.41 Gb Total Space | 356.99 Gb Free Space | 78.91% Space Free | Partition Type: NTFS
Drive N: | 452.41 Gb Total Space | 356.99 Gb Free Space | 78.91% Space Free | Partition Type: NTFS
Drive Z: | 452.41 Gb Total Space | 356.99 Gb Free Space | 78.91% Space Free | Partition Type: NTFS

Computer Name: HIBCC_EKXU66
Current User Name: KatyG
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_USERS\S-1-5-21-2424294608-2469424775-3051301696-6616\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Disabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated)
"C:\Program Files\Canon\Network ScanGear\SgTool.exe" = C:\Program Files\Canon\Network ScanGear\SgTool.exe:*:Disabled:SGTOOL -- (CANON INC.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{4D37A36A-7E00-11D6-99DD-00600815E2D0}" = PKZIP Shared Components
"{4D37A396-7E00-11D6-99DD-00600815E2D0}" = PKZIP Command Line
"{4D37A3B7-7E00-11D6-99DD-00600815E2D0}" = PKZIP for Windows
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{77BCA488-8514-11D6-99DD-00600815E2D0}" = PKZIP Explorer
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{88F76FEE-30DC-4927-A0CD-06D2DAD93934}" = Hims
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90150409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{949DBB22-2FB7-4de1-804C-23D495A988D8}" = CuteFTP 8 Home
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D58580-EA01-11D3-9318-008048B86EFE}" = Santa Cruz
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B78DFC99-6197-11D6-99DD-00600815E2D0}" = PKZIP Plug-In
"{BBE3E502-F1D6-4FC9-9844-CC0850B7C516}" = Network ScanGear Ver.2.21
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EEE90C2D-8ACE-4007-9CF6-B07D0516F6B9}" = Intel® PRO Network Connections 12.0.36.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"avast!" = avast! Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"InstallShield_{BBE3E502-F1D6-4FC9-9844-CC0850B7C516}" = Network ScanGear Ver.2.21
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"magicolor 2300 DL" = magicolor 2300 DL
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Norton CleanSweep" = Norton CleanSweep
"Office8.0" = Microsoft Office 97, Professional Edition
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/28/2009 6:26:55 PM | Computer Name = HIBCC_EKXU66 | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.5510.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/28/2009 6:26:58 PM | Computer Name = HIBCC_EKXU66 | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.5510.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/5/2009 6:38:58 PM | Computer Name = HIBCC_EKXU66 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3576, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/5/2009 6:38:58 PM | Computer Name = HIBCC_EKXU66 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3576, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/16/2009 11:41:14 AM | Computer Name = HIBCC_EKXU66 | Source = Application Hang | ID = 1002
Description = Hanging application HimsShell.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/1/2009 3:27:45 PM | Computer Name = HIBCC_EKXU66 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.

Error - 12/9/2009 6:24:06 PM | Computer Name = HIBCC_EKXU66 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/7/2010 11:55:47 AM | Computer Name = HIBCC_EKXU66 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/15/2010 12:59:37 PM | Computer Name = HIBCC_EKXU66 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 1/15/2010 3:19:15 PM | Computer Name = HIBCC_EKXU66 | Source = Application Hang | ID = 1002
Description = Hanging application Installer.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.


< End of report >

OTL logfile created on: 1/25/2010 3:30:07 PM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\katyg\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 366.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 24.57 Gb Free Space | 65.97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 56.18 Gb Total Space | 15.54 Gb Free Space | 27.66% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive M: | 452.41 Gb Total Space | 356.99 Gb Free Space | 78.91% Space Free | Partition Type: NTFS
Drive N: | 452.41 Gb Total Space | 356.99 Gb Free Space | 78.91% Space Free | Partition Type: NTFS
Drive Z: | 452.41 Gb Total Space | 356.99 Gb Free Space | 78.91% Space Free | Partition Type: NTFS

Computer Name: HIBCC_EKXU66
Current User Name: KatyG
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/25 15:29:37 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\katyg\Desktop\OTL.exe
PRC - [2010/01/06 14:09:46 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/24 16:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 16:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 16:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 16:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 16:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/11 15:27:30 | 00,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/11/11 15:27:30 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/11/11 15:27:29 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/05 10:37:58 | 12,313,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/04 18:58:30 | 03,502,080 | ---- | M] () -- C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
PRC - [2005/04/04 18:58:30 | 00,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
PRC - [2005/04/04 18:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
PRC - [2004/12/14 02:12:02 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2010/01/25 15:29:37 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\katyg\Desktop\OTL.exe
MOD - [2000/08/28 23:07:08 | 00,086,016 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\apitrap.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/24 16:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 16:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 16:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 16:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/11 15:27:29 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/10/30 15:55:34 | 00,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2009/10/15 09:40:48 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/09/23 16:37:30 | 00,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2005/04/04 18:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/01/25 09:13:53 | 00,030,784 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\kxwcxzrm.sys -- (kxwcxzrm)
DRV - [2009/11/24 16:50:59 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 16:50:12 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 16:50:00 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 16:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 16:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 16:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/14 00:15:30 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 22:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/12/13 23:12:24 | 00,171,416 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000) Intel®
DRV - [2004/08/03 22:41:38 | 01,309,184 | ---- | M] (Smart Link) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Dmadcml)
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/09/02 15:06:38 | 00,020,064 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\MLPTDR_B.SYS -- (MLPTDR_B)
DRV - [2002/06/25 12:22:11 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/29 13:19:44 | 00,524,288 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbcwdm.sys -- (tbcwdm)
DRV - [2001/08/29 13:19:38 | 00,142,336 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbcspud.sys -- (tbcspud)
DRV - [2001/08/28 13:19:48 | 00,019,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Turtle Beach\Santa Cruz\Control Panel\vtdg46xx.sys -- (vtdg46xx)
DRV - [2001/05/14 18:15:40 | 00,010,368 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2424294608-2469424775-3051301696-6616\S-1-5-21-2424294608-2469424775-3051301696-6616\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: ""

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 14:10:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 14:10:03 | 00,000,000 | ---D | M]

[2009/10/15 08:46:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\katyg\Application Data\Mozilla\Extensions
[2010/01/25 10:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\katyg\Application Data\Mozilla\Firefox\Profiles\j6u8ggca.default\extensions
[2009/10/15 11:44:05 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\katyg\Application Data\Mozilla\Firefox\Profiles\j6u8ggca.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/05 15:39:14 | 00,002,259 | ---- | M] () -- C:\Documents and Settings\katyg\Application Data\Mozilla\Firefox\Profiles\j6u8ggca.default\searchplugins\askcom.xml
[2010/01/25 08:38:42 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

Hosts file not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2424294608-2469424775-3051301696-6616\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\3DJm1VJ34.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-2424294608-2469424775-3051301696-6616..\Run: [cls_pack.exe] C:\DOCUME~1\katyg\LOCALS~1\Temp\cls_pack.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\bobh\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\bobh\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2424294608-2469424775-3051301696-6616\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.4.1.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hibcc.org
O20 - AppInit_DLLs: (APITRAP.DLL) - C:\WINDOWS\System32\apitrap.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\katyg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\katyg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/14 14:31:13 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/25 15:29:36 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\katyg\Desktop\OTL.exe
[2010/01/25 10:11:29 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/25 10:10:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/01/25 09:13:51 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kxwcxzrm.sys
[2010/01/22 09:37:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\katyg\Desktop\Antivirus Software
[2010/01/15 14:47:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\katyg\Application Data\Malwarebytes
[2010/01/15 14:47:01 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/15 14:46:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/15 14:46:58 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/15 14:46:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/15 11:35:41 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/01/15 11:35:39 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/01/15 11:35:38 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/01/15 11:35:36 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2010/01/15 11:35:35 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/01/15 11:35:35 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/01/15 11:35:35 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/01/15 11:35:35 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/01/15 11:35:11 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/01/15 11:35:06 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/01/15 11:17:43 | 00,182,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ddao35.dll
[2010/01/15 11:17:43 | 00,013,760 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\qdfsdrv.sys
[2010/01/15 11:17:42 | 00,086,016 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\apitrap.dll
[2010/01/15 11:17:41 | 00,090,112 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\qdcsinet.dll
[2010/01/15 11:17:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\katyg\Application Data\Symantec
[2010/01/15 11:17:33 | 00,437,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\401COMUPD.EXE
[2010/01/15 11:17:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/01/15 11:17:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/01/15 11:17:24 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/01/15 11:17:22 | 00,000,000 | ---D | C] -- C:\Program Files\Norton CleanSweep
[2010/01/15 11:17:12 | 00,305,152 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2010/01/15 11:17:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\katyg\WINDOWS
[2010/01/15 11:04:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\katyg\Desktop\New Folder
[2010/01/13 08:24:22 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/10/14 15:45:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/10/14 14:35:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/10/14 14:30:46 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/10/14 14:30:46 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[22 C:\Documents and Settings\katyg\My Documents\*.tmp files -> C:\Documents and Settings\katyg\My Documents\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/25 15:29:37 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\katyg\Desktop\OTL.exe
[2010/01/25 12:49:11 | 00,001,059 | ---- | M] () -- C:\Documents and Settings\katyg\Desktop\Shortcut to 2010 Attendees.lnk
[2010/01/25 11:57:51 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\katyg\Desktop\Temp Duties.doc
[2010/01/25 11:57:51 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\katyg\Desktop\~$mp Duties.doc
[2010/01/25 09:13:53 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kxwcxzrm.sys
[2010/01/25 08:29:19 | 00,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/01/25 08:28:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/25 08:28:01 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/25 08:27:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/22 16:12:20 | 03,670,016 | -H-- | M] () -- C:\Documents and Settings\katyg\NTUSER.DAT
[2010/01/22 16:12:20 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\katyg\ntuser.ini
[2010/01/22 09:36:47 | 00,000,527 | ---- | M] () -- C:\Documents and Settings\katyg\Desktop\WinZip.lnk
[2010/01/21 11:24:12 | 00,002,249 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HIMS.lnk
[2010/01/20 16:05:15 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\katyg\Desktop\Pat's Email.doc
[2010/01/19 13:43:46 | 00,082,432 | ---- | M] () -- C:\Documents and Settings\katyg\Desktop\pins form HIBCC Data Syntax Ackley comments 18JAN10(2).doc
[2010/01/19 13:43:15 | 00,082,432 | ---- | M] () -- C:\Documents and Settings\katyg\Desktop\pins form HIBCC Data Syntax Ackley comments 18JAN10.doc
[2010/01/18 11:48:21 | 00,069,632 | ---- | M] () -- C:\Documents and Settings\katyg\Desktop\pinsform.doc
[2010/01/18 10:21:28 | 00,001,712 | -H-- | M] () -- C:\Documents and Settings\katyg\My Documents\Default.rdp
[2010/01/18 08:46:00 | 00,003,428 | ---- | M] () -- C:\WINDOWS\winzip32.ini
[2010/01/18 08:46:00 | 00,000,644 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/18 08:41:38 | 00,000,543 | ---- | M] () -- C:\Documents and Settings\katyg\Desktop\WinZip 6.3 32-bit.lnk
[2010/01/15 14:31:56 | 00,001,048 | ---- | M] () -- C:\WINDOWS\System32\h8srtshsyst.dll
[2010/01/15 13:57:24 | 00,000,241 | ---- | M] () -- C:\WINDOWS\System32\H8SRTtlmiqxivbf.dat
[2010/01/15 11:35:35 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/01/15 11:18:36 | 06,419,398 | -H-- | M] () -- C:\Documents and Settings\katyg\Local Settings\Application Data\IconCache.db
[2010/01/15 08:40:34 | 00,001,180 | ---- | M] () -- C:\WINDOWS\System32\h8srtkrl32mainweq.dll
[2010/01/15 08:38:17 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/01/13 16:10:48 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[22 C:\Documents and Settings\katyg\My Documents\*.tmp files -> C:\Documents and Settings\katyg\My Documents\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/25 11:57:51 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\katyg\Desktop\Temp Duties.doc
[2010/01/25 11:57:51 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\katyg\Desktop\~$mp Duties.doc
[2010/01/20 16:05:14 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\katyg\Desktop\Pat's Email.doc
[2010/01/19 13:43:46 | 00,082,432 | ---- | C] () -- C:\Documents and Settings\katyg\Desktop\pins form HIBCC Data Syntax Ackley comments 18JAN10(2).doc
[2010/01/19 13:43:15 | 00,082,432 | ---- | C] () -- C:\Documents and Settings\katyg\Desktop\pins form HIBCC Data Syntax Ackley comments 18JAN10.doc
[2010/01/18 11:48:17 | 00,069,632 | ---- | C] () -- C:\Documents and Settings\katyg\Desktop\pinsform.doc
[2010/01/18 11:47:00 | 00,060,928 | ---- | C] () -- C:\Documents and Settings\katyg\Desktop\PINS Ballot MASTER.doc
[2010/01/18 08:41:39 | 00,000,527 | ---- | C] () -- C:\Documents and Settings\katyg\Desktop\WinZip.lnk
[2010/01/18 08:41:37 | 00,000,543 | ---- | C] () -- C:\Documents and Settings\katyg\Desktop\WinZip 6.3 32-bit.lnk
[2010/01/18 08:39:34 | 00,003,428 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2010/01/15 11:35:11 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2010/01/15 09:40:59 | 00,001,048 | ---- | C] () -- C:\WINDOWS\System32\h8srtshsyst.dll
[2010/01/15 08:40:34 | 00,001,180 | ---- | C] () -- C:\WINDOWS\System32\h8srtkrl32mainweq.dll
[2010/01/15 08:39:16 | 00,000,241 | ---- | C] () -- C:\WINDOWS\System32\H8SRTtlmiqxivbf.dat
[2010/01/15 08:39:15 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\H8SRTtfmqrmtalm.dll
[2010/01/15 08:39:14 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\H8SRTrldnqqhwbu.sys
[2010/01/15 08:38:17 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/11 10:02:56 | 00,001,059 | ---- | C] () -- C:\Documents and Settings\katyg\Desktop\Shortcut to 2010 Attendees.lnk
[2009/11/11 12:47:36 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\katyg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/17 11:55:12 | 00,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2009/10/15 09:55:47 | 00,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/15 09:16:15 | 00,000,012 | ---- | C] () -- C:\WINDOWS\WinInit.INI
[2003/09/02 15:07:06 | 00,018,932 | ---- | C] () -- C:\WINDOWS\MSUMLT_B.INI
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/11/17 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 662 bytes -> C:\WINDOWS\System32\drivers\kxwcxzrm.sys:changelist
< End of report >



#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:37 PM

Posted 25 January 2010 - 06:20 PM

Hi,

please run a scan with Malwarebytes:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

As well as a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 sublimespacegirl

sublimespacegirl
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 26 January 2010 - 11:15 AM

I am trying to add Malwarebytes, but the first link you included is broken and the second one is confusing. I can't find the program.

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:37 PM

Posted 27 January 2010 - 06:59 AM

Hi,

I will remove the second link from my instructions, thanks for letting me know. The second link goes to majorgeeks, you should see a column entitled "Downloads", underneath you have a list featuring majorgeeks twice and internode once. Click on one of the links and you should automatically get offered the file to download.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:37 PM

Posted 05 February 2010 - 03:53 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users