Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware?


  • This topic is locked This topic is locked
19 replies to this topic

#1 xtickledpink

xtickledpink

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 23 February 2010 - 07:01 PM

I was having issues with something else and the person that was helping me told me to come here and do this. Here is what I have done so far:

http://www.bleepingcomputer.com/forums/ind...p;#entry1610703

Started with this first topic: "The past couple times I have turned on my computer this message pops up. It doesn't seem to be effecting my computer in any way (for right now) and I haven't downloaded anything new. I'd like to remove it before it causes a problem. This error message is frm the APC Main...whatever that is."


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 18:50:06.04 on Tue 02/23/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.238 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 100223-2] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Webroot Internet Security Essentials *disabled* {2DB6657C-B970-44d3-AB42-6325A913CCC2}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Performance Center] "c:\program files\ascentive\performance center\APCMain.exe" -m
mRun: [SoundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe"
mRun: [igfxhkcmd] "c:\windows\system32\hkcmd.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [KernelFaultCheck] "c:\windows\system32\dumprep.exe" 0 -k
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\sonici~1.lnk - c:\documents and settings\owner\local settings\temp\vies7d53\Setup.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dlbcserv.lnk - c:\program files\dell photo printer 720\dlbcserv.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\dell wireless\PRISMCFG.exe
IE: &Search
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: PermissionResearch - c:\program files\permissionresearch\prls.dll
AppInit_DLLs: c:\windows\system32\miwajiho.dll,c:\windows\system32\dajiwava.dll,c:\windows\system32\vegapaye.dll,c:\windows\system32\pidezabi.dll,c:\windows\system32\hafasego.dll,cobjec.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\hafasego.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\vlphhzmg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - YAHOO.COM
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-11-12 29808]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-6 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-6 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-6 138680]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-13 24652]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2008-11-12 3667312]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-1-24 1086840]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-4-6 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-6 352920]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2008-10-13 57344]

=============== Created Last 30 ================

2010-02-23 23:47:39 0 ----a-w- c:\documents and settings\owner\defogger_reenable
2010-02-23 23:00:46 0 d-----w- c:\program files\Cobian Backup 8
2010-02-23 22:35:06 0 d-----w- c:\windows\system32\NtmsData
2010-02-17 00:53:18 0 d-sh--w- C:\found.000
2010-02-02 23:47:15 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-02-02 23:46:44 0 d-----w- c:\program files\SUPERAntiSpyware
2010-02-02 23:46:44 0 d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2010-02-02 23:46:03 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-02-01 17:16:23 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-02-01 17:16:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-01 17:16:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-01 17:16:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-01 17:16:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-01 15:55:55 0 d-----w- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2009-11-22 23:19:57 875 ----a-w- c:\program files\Performance Center.lnk

============= FINISH: 18:50:34.78 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:44 PM

Posted 25 February 2010 - 12:11 PM

Hi xtickledpink
  • Download OTL to your desktop.
    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.
    Now copy the lines in the codebox below.
    CODE
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


    .
  • Click the Run Scan button.


  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

Thanks

BBPP6nz.png


#3 xtickledpink

xtickledpink
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 06 March 2010 - 10:28 PM

OTL.Txt--


OTL logfile created on: 3/6/2010 9:20:02 PM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 256.00 Mb Available Physical Memory | 50.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 65.26 Gb Free Space | 87.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VANESSAROSE
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Webroot\WebrootSecurity\SSU.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\PRISMSVR.exe (Conexant Systems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (PRISMSVC) -- C:\WINDOWS\system32\PRISMSVC.exe (Conexant Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (ssidrv) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (DELL_A02) -- C:\WINDOWS\system32\drivers\PRISMA02.sys (Conexant Systems, Inc.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query="
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "YAHOO.COM"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/15 16:03:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/03 17:53:32 | 000,000,000 | ---D | M]

[2009/07/27 13:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/07/27 13:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/20 23:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vlphhzmg.default\extensions
[2009/07/03 14:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vlphhzmg.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/07/03 14:36:35 | 000,004,196 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vlphhzmg.default\searchplugins\aim-search.xml
[2010/01/20 23:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/02/07 22:14:29 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Sonic INSTALLit! Setup.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\VIES7D53\Setup.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (c:\windows\system32\miwajiho.dll) - C:\WINDOWS\System32\miwajiho.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\dajiwava.dll) - C:\WINDOWS\System32\dajiwava.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\vegapaye.dll) - C:\WINDOWS\System32\vegapaye.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\pidezabi.dll) - C:\WINDOWS\System32\pidezabi.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\hafasego.dll) - C:\WINDOWS\System32\hafasego.dll File not found
O20 - AppInit_DLLs: (cobjec.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PermissionResearch: DllName - C:\Program Files\PermissionResearch\prls.dll - C:\Program Files\PermissionResearch\prls.dll (PermissionResearch)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (em\\ecurity Packages settings..) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/09 21:28:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/10/09 21:27:41 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTrackerPro.lnk - C:\WINDOWS\Installer\{64A32253-A906-4AEB-B6A7-A90512B68D87}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe - (Macrovision Corporation)
MsConfig - StartUpReg: 787d699d - hkey= - key= - C:\WINDOWS\system32\higidipe.DLL File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: avast! - hkey= - key= - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
MsConfig - StartUpReg: CPM7b4e5a01 - hkey= - key= - c:\windows\system32\pidezabi.DLL File not found
MsConfig - StartUpReg: dla - hkey= - key= - File not found
MsConfig - StartUpReg: DVDLauncher - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: igfxtray - hkey= - key= - File not found
MsConfig - StartUpReg: MyWebSearch Plugin - hkey= - key= - C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: ronumajida - hkey= - key= - C:\WINDOWS\system32\zerakede.DLL File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54046588552609792)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/06 21:16:04 | 000,553,984 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/25 23:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/02/23 18:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2010/02/23 18:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 8
[2010/02/23 17:35:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/02/16 19:53:18 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/02/08 18:25:19 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/04/05 22:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/04/05 22:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/05 22:10:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/05 22:10:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/02/02 07:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

========== Files - Modified Within 30 Days ==========

[2010/03/06 21:16:11 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/03/06 15:30:19 | 000,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/06 15:30:19 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/06 15:30:19 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/06 15:26:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/06 15:25:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/06 09:29:11 | 002,756,608 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/03/06 09:29:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/03/05 23:00:04 | 000,001,656 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LC648F7E38E2940BF927729D7B69605A9.job
[2010/03/04 23:44:02 | 004,834,368 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/03/01 07:36:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/27 21:40:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/23 18:52:50 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/02/23 18:49:01 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/02/23 18:47:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/02/22 23:55:32 | 007,450,815 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\09 No Way.mp3
[2010/02/22 12:08:01 | 000,000,340 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2010/02/08 18:25:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2010/02/08 18:25:27 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe

========== Files Created - No Company Name ==========

[2010/02/23 18:52:46 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/02/23 18:48:58 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/02/23 18:47:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/02/23 00:45:01 | 007,450,815 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\09 No Way.mp3
[2010/02/08 18:25:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/22 18:19:42 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\AscSQLite.dll
[2009/11/22 18:19:28 | 000,000,875 | ---- | C] () -- C:\Program Files\Performance Center.lnk
[2009/04/06 23:30:05 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/27 02:43:52 | 001,477,736 | -HS- | C] () -- C:\WINDOWS\System32\epidigih.ini
[2009/01/26 14:48:52 | 001,473,520 | -HS- | C] () -- C:\WINDOWS\System32\ibuhinew.ini
[2009/01/25 12:52:24 | 001,473,502 | -HS- | C] () -- C:\WINDOWS\System32\ewevizuh.ini
[2009/01/24 21:33:29 | 001,385,526 | -HS- | C] () -- C:\WINDOWS\System32\otimabof.ini
[2009/01/24 09:27:33 | 001,385,526 | -HS- | C] () -- C:\WINDOWS\System32\ufakomol.ini
[2009/01/23 08:52:29 | 001,385,517 | -HS- | C] () -- C:\WINDOWS\System32\inadimuj.ini
[2009/01/22 14:03:06 | 001,385,553 | -HS- | C] () -- C:\WINDOWS\System32\izijahoy.ini
[2009/01/21 15:34:09 | 001,386,074 | -HS- | C] () -- C:\WINDOWS\System32\apeniyum.ini
[2009/01/21 03:34:03 | 001,383,649 | -HS- | C] () -- C:\WINDOWS\System32\iyotuguy.ini
[2009/01/20 15:33:48 | 001,384,285 | -HS- | C] () -- C:\WINDOWS\System32\utakojub.ini
[2009/01/20 14:33:08 | 001,384,285 | -HS- | C] () -- C:\WINDOWS\System32\ajagebir.ini
[2009/01/19 13:53:21 | 001,384,285 | -HS- | C] () -- C:\WINDOWS\System32\igidobum.ini
[2009/01/18 11:14:51 | 001,355,377 | -HS- | C] () -- C:\WINDOWS\System32\enamilub.ini
[2009/01/17 21:51:01 | 001,355,377 | -HS- | C] () -- C:\WINDOWS\System32\ewagayud.ini
[2009/01/17 08:24:38 | 001,355,364 | -HS- | C] () -- C:\WINDOWS\System32\evatuyur.ini
[2009/01/16 22:04:53 | 001,335,859 | -HS- | C] () -- C:\WINDOWS\System32\olebudom.ini
[2009/01/16 09:45:56 | 001,335,859 | -HS- | C] () -- C:\WINDOWS\System32\iyezuvag.ini
[2009/01/16 08:45:36 | 001,335,859 | -HS- | C] () -- C:\WINDOWS\System32\evokelop.ini
[2009/01/15 12:52:16 | 001,332,269 | -HS- | C] () -- C:\WINDOWS\System32\omovuvij.ini
[2009/01/14 16:34:50 | 001,322,862 | -HS- | C] () -- C:\WINDOWS\System32\obunogok.ini
[2009/01/14 08:16:10 | 001,303,000 | -HS- | C] () -- C:\WINDOWS\System32\orutikay.ini
[2009/01/13 12:03:13 | 001,303,086 | -HS- | C] () -- C:\WINDOWS\System32\afunuyet.ini
[2009/01/13 10:16:31 | 001,286,764 | -HS- | C] () -- C:\WINDOWS\System32\uzunijah.ini
[2009/01/12 12:09:03 | 001,309,177 | -HS- | C] () -- C:\WINDOWS\System32\awigamep.ini
[2009/01/12 00:08:30 | 001,297,138 | -HS- | C] () -- C:\WINDOWS\System32\owovubey.ini
[2009/01/11 12:08:19 | 001,297,138 | -HS- | C] () -- C:\WINDOWS\System32\ahujibem.ini
[2009/01/11 12:08:19 | 000,000,250 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/01/11 00:08:04 | 001,297,138 | -HS- | C] () -- C:\WINDOWS\System32\aberemat.ini
[2009/01/10 12:07:55 | 001,297,156 | -HS- | C] () -- C:\WINDOWS\System32\efamonoz.ini
[2009/01/10 00:07:33 | 001,289,531 | -HS- | C] () -- C:\WINDOWS\System32\obavihig.ini
[2009/01/09 11:01:06 | 001,282,447 | -HS- | C] () -- C:\WINDOWS\System32\iyawabav.ini
[2009/01/08 23:00:50 | 001,281,944 | -HS- | C] () -- C:\WINDOWS\System32\owoseyip.ini
[2009/01/08 11:00:32 | 001,281,944 | -HS- | C] () -- C:\WINDOWS\System32\ejesiset.ini
[2009/01/07 23:00:18 | 001,276,161 | -HS- | C] () -- C:\WINDOWS\System32\atuhudov.ini
[2009/01/07 11:00:03 | 001,276,161 | -HS- | C] () -- C:\WINDOWS\System32\ewawuhab.ini
[2009/01/06 22:59:50 | 001,276,161 | -HS- | C] () -- C:\WINDOWS\System32\ofaguvil.ini
[2009/01/06 09:59:33 | 001,276,161 | -HS- | C] () -- C:\WINDOWS\System32\ogonapun.ini
[2009/01/05 21:35:18 | 001,261,098 | -HS- | C] () -- C:\WINDOWS\System32\ayelunan.ini
[2009/01/05 09:35:10 | 001,261,085 | -HS- | C] () -- C:\WINDOWS\System32\osimetoz.ini
[2009/01/04 17:01:29 | 001,262,084 | -HS- | C] () -- C:\WINDOWS\System32\egoseluh.ini
[2009/01/04 05:00:46 | 001,262,093 | -HS- | C] () -- C:\WINDOWS\System32\aganavak.ini
[2009/01/03 17:00:35 | 001,262,075 | -HS- | C] () -- C:\WINDOWS\System32\irezepup.ini
[2009/01/03 05:00:33 | 001,262,075 | -HS- | C] () -- C:\WINDOWS\System32\inazikun.ini
[2009/01/02 13:29:42 | 001,262,075 | -HS- | C] () -- C:\WINDOWS\System32\okuyuful.ini
[2009/01/02 12:29:29 | 001,262,093 | -HS- | C] () -- C:\WINDOWS\System32\udibuwuf.ini
[2009/01/01 20:56:12 | 001,262,640 | -HS- | C] () -- C:\WINDOWS\System32\oluborev.ini
[2009/01/01 08:56:01 | 001,262,640 | -HS- | C] () -- C:\WINDOWS\System32\uforelud.ini
[2008/12/31 20:55:38 | 001,262,640 | -HS- | C] () -- C:\WINDOWS\System32\upufupez.ini
[2008/12/31 08:55:25 | 001,262,640 | -HS- | C] () -- C:\WINDOWS\System32\uviyoger.ini
[2008/12/30 13:37:35 | 001,262,640 | -HS- | C] () -- C:\WINDOWS\System32\upodotit.ini
[2008/12/29 23:18:25 | 001,262,642 | -HS- | C] () -- C:\WINDOWS\System32\unovugaj.ini
[2008/12/29 10:18:05 | 001,262,699 | -HS- | C] () -- C:\WINDOWS\System32\enulidev.ini
[2008/12/28 22:17:57 | 001,694,337 | -HS- | C] () -- C:\WINDOWS\System32\ebalevag.ini
[2008/12/28 10:17:48 | 001,694,337 | -HS- | C] () -- C:\WINDOWS\System32\ilufogot.ini
[2008/12/27 22:17:38 | 001,694,337 | -HS- | C] () -- C:\WINDOWS\System32\usogobij.ini
[2008/12/27 09:17:20 | 001,685,422 | -HS- | C] () -- C:\WINDOWS\System32\ujozimug.ini
[2008/12/26 13:35:30 | 001,685,430 | -HS- | C] () -- C:\WINDOWS\System32\uwifazov.ini
[2008/12/25 23:46:08 | 001,603,449 | -HS- | C] () -- C:\WINDOWS\System32\urosoyib.ini
[2008/12/25 22:46:02 | 001,603,449 | -HS- | C] () -- C:\WINDOWS\System32\usoduviy.ini
[2008/12/25 10:45:20 | 001,603,449 | -HS- | C] () -- C:\WINDOWS\System32\efohubuk.ini
[2008/12/24 22:45:10 | 001,603,449 | -HS- | C] () -- C:\WINDOWS\System32\idurarad.ini
[2008/12/24 10:44:55 | 001,603,449 | -HS- | C] () -- C:\WINDOWS\System32\abowipop.ini
[2008/12/23 22:44:47 | 001,603,449 | -HS- | C] () -- C:\WINDOWS\System32\iziyihon.ini
[2008/12/23 10:44:52 | 001,603,458 | -HS- | C] () -- C:\WINDOWS\System32\ebojobod.ini
[2008/12/22 22:06:25 | 001,603,458 | -HS- | C] () -- C:\WINDOWS\System32\asizevom.ini
[2008/12/22 10:06:14 | 001,603,449 | -HS- | C] () -- C:\WINDOWS\System32\oyoyosav.ini
[2008/12/21 22:06:48 | 001,603,458 | -HS- | C] () -- C:\WINDOWS\System32\ahawozop.ini
[2008/12/20 15:09:41 | 001,603,449 | -HS- | C] () -- C:\WINDOWS\System32\ajazitug.ini
[2008/12/20 03:09:38 | 001,603,449 | -HS- | C] () -- C:\WINDOWS\System32\uzonojeh.ini
[2008/11/17 18:52:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2008/11/17 18:49:04 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB
[2008/11/17 18:49:04 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
[2008/11/17 18:48:08 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2008/11/12 16:02:20 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2008/10/28 14:48:30 | 000,000,340 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/10/13 16:47:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\CoPrism.dll
[2008/10/13 16:34:44 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/09/22 13:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/04 07:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/02/10 15:08:00 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2002/11/13 15:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll

========== LOP Check ==========

[2008/10/13 18:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/10/13 17:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2008/10/13 16:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2009/04/05 16:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/04/05 10:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/03/04 00:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/15 16:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/31 14:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/05/05 10:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/04/06 22:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/13 18:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2009/04/02 18:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2009/11/02 14:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2009/04/06 12:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VersionTracker Pro
[2008/10/29 20:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2010/03/05 23:00:04 | 000,001,656 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_LC648F7E38E2940BF927729D7B69605A9.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/04/25 10:28:14 | 000,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2005/05/17 17:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
[2005/05/17 17:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\drivers\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/11/12 16:02:20 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wrLZMA.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< CREATERESTOREPOINT >

========== Alternate Data Streams ==========

@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A724744F
@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F878F14A
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2
< End of report >


Extras.txt.
OTL Extras logfile created on: 3/6/2010 9:20:02 PM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 256.00 Mb Available Physical Memory | 50.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 65.26 Gb Free Space | 87.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VANESSAROSE
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\PRISMSVR.exe" = C:\WINDOWS\system32\PRISMSVR.exe:*:Enabled:PRISMSVR -- (Conexant Systems, Inc.)
"C:\Program Files\Viewpoint\Common\ViewpointService.exe" = C:\Program Files\Viewpoint\Common\ViewpointService.exe:*:Enabled:ViewpointService -- (Viewpoint Corporation)
"C:\Program Files\Internet Explorer\iedw.exe" = C:\Program Files\Internet Explorer\iedw.exe:*:Enabled:iedw -- (Microsoft Corporation)
"C:\Program Files\Dell Photo Printer 720\dlbcserv.exe" = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe:*:Enabled:dlbcserv -- ()
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger -- ()
"C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe" = C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe:*:Enabled:SZServer -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\WINDOWS\Temp\~osD.tmp\ossproxy.exe" = C:\WINDOWS\Temp\~osD.tmp\ossproxy.exe:*:Enabled:ossproxy.exe -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"c:\program files\permissionresearch\prmrsr.exe" = c:\program files\permissionresearch\prmrsr.exe:*:Enabled:prmrsr.exe -- (PermissionResearch)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 13
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{64A32253-A906-4AEB-B6A7-A90512B68D87}" = VersionTracker Pro Windows
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1" = Spy Sweeper
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11718290}" = Dream Day Wedding Viva Las Vegas
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = USB 2.0 Wireless LAN Card Utility
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Search" = AIM Search
"AIM_6" = AIM 6
"avast!" = avast! Antivirus
"CobBackup8" = Cobian Backup 8
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dell Photo Printer 720" = Dell Photo Printer 720
"Dell Photo Printer 720 Logger" = Dell Photo Printer 720 Logger
"GoToAssist" = GoToAssist 8.0.0.514
"LimeWire" = LimeWire 5.2.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"Multi Virus Cleaner 2008_is1" = Multi Virus Cleaner 2008
"MySpaceIM" = MySpaceIM
"PROSet" = Intel® PRO Network Adapters and Drivers
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ViewpointMediaPlayer" = Viewpoint Media Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 3/3/2010 2:39:30 PM | Computer Name = VANESSAROSE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\WebrootSecurity\masters\other.dat failed, 00000005.

Error - 3/4/2010 1:55:41 AM | Computer Name = VANESSAROSE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\WebrootSecurity\masters\other.dat failed, 00000005.

Error - 3/5/2010 12:36:06 AM | Computer Name = VANESSAROSE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\DCIM\100CASIO\CIMG0369.JPG failed, 0000001E.

Error - 3/5/2010 12:44:25 AM | Computer Name = VANESSAROSE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\WebrootSecurity\masters\other.dat failed, 00000005.

Error - 3/5/2010 11:04:40 AM | Computer Name = VANESSAROSE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\WebrootSecurity\masters\other.dat failed, 00000005.

Error - 3/6/2010 9:28:53 AM | Computer Name = VANESSAROSE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\WebrootSecurity\masters\other.dat failed, 00000005.

Error - 3/6/2010 10:29:03 AM | Computer Name = VANESSAROSE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\WebrootSecurity\masters\other.dat failed, 00000005.

Error - 3/6/2010 4:26:58 PM | Computer Name = VANESSAROSE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\WebrootSecurity\masters\other.dat failed, 00000005.

Error - 3/6/2010 4:27:01 PM | Computer Name = VANESSAROSE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\WebrootSecurity\masters\other.dat failed, 00000005.

Error - 3/6/2010 4:27:02 PM | Computer Name = VANESSAROSE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\WebrootSecurity\masters\other.dat failed, 00000005.

[ Application Events ]
Error - 2/23/2010 1:42:41 AM | Computer Name = VANESSAROSE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/23/2010 12:08:01 PM | Computer Name = VANESSAROSE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/24/2010 8:05:37 PM | Computer Name = VANESSAROSE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/28/2010 5:25:08 PM | Computer Name = VANESSAROSE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x068b9fc8.

Error - 2/28/2010 8:09:10 PM | Computer Name = VANESSAROSE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/3/2010 12:35:09 AM | Computer Name = VANESSAROSE | Source = Application Hang | ID = 1002
Description = Hanging application aim6.exe, version 1.4.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/3/2010 12:52:11 AM | Computer Name = VANESSAROSE | Source = Application Hang | ID = 1002
Description = Hanging application aim6.exe, version 1.4.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/4/2010 12:40:04 AM | Computer Name = VANESSAROSE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/4/2010 2:47:15 PM | Computer Name = VANESSAROSE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/4/2010 7:29:34 PM | Computer Name = VANESSAROSE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/5/2010 10:26:19 PM | Computer Name = VANESSAROSE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.103 for the Network Card with network
address 00904BDDAF6C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/6/2010 9:28:56 AM | Computer Name = VANESSAROSE | Source = ssidrv | ID = 131098
Description = Failed to set monitor event rule.

Error - 3/6/2010 10:29:05 AM | Computer Name = VANESSAROSE | Source = ssidrv | ID = 131098
Description = Failed to set monitor event rule.

Error - 3/6/2010 4:26:03 PM | Computer Name = VANESSAROSE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 00904BDDAF6C has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 3/6/2010 7:01:37 PM | Computer Name = VANESSAROSE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.105 for the Network Card with network
address 00904BDDAF6C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/6/2010 7:13:57 PM | Computer Name = VANESSAROSE | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.101
with the system having network hardware address 0C:60:76:40:C2:9B. Network operations
on this system may be disrupted as a result.

Error - 3/6/2010 7:29:04 PM | Computer Name = VANESSAROSE | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.101
with the system having network hardware address 0C:60:76:40:C2:9B. Network operations
on this system may be disrupted as a result.

Error - 3/6/2010 8:31:42 PM | Computer Name = VANESSAROSE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.105 for the Network Card with network
address 00904BDDAF6C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/6/2010 9:22:42 PM | Computer Name = VANESSAROSE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.105 for the Network Card with network
address 00904BDDAF6C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/6/2010 9:24:02 PM | Computer Name = VANESSAROSE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 00904BDDAF6C has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).


< End of report >



#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:44 PM

Posted 07 March 2010 - 11:02 AM

Hi xtickledpink

Thanks for getting back to me.

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking (Morpheus, Ares, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. That is no longer true.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

Step 1
Double click on OTL.exe to run it.
Copy the lines in the codebox below. (make sure you include the first lot of : )
CODE
:Otl
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O4 - HKCU..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Sonic INSTALLit! Setup.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\VIES7D53\Setup.exe File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab  (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab  (Reg Error: Key error.)
O20 - AppInit_DLLs: (c:\windows\system32\miwajiho.dll) - C:\WINDOWS\System32\miwajiho.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\dajiwava.dll) - C:\WINDOWS\System32\dajiwava.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\vegapaye.dll) - C:\WINDOWS\System32\vegapaye.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\pidezabi.dll) - C:\WINDOWS\System32\pidezabi.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\hafasego.dll) - C:\WINDOWS\System32\hafasego.dll File not found
O20 - AppInit_DLLs: (cobjec.dll) - File not found
MsConfig - StartUpReg: 787d699d - hkey= - key= - C:\WINDOWS\system32\higidipe.DLL File not found
MsConfig - StartUpReg: CPM7b4e5a01 - hkey= - key= - c:\windows\system32\pidezabi.DLL File not found
MsConfig - StartUpReg: MyWebSearch Plugin - hkey= - key= - C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL File not found
MsConfig - StartUpReg: ronumajida - hkey= - key= - C:\WINDOWS\system32\zerakede.DLL File not found
[2009/11/22 18:19:28 | 000,000,875 | ---- | C] () -- C:\Program Files\Performance Center.lnk
[2009/04/06 23:30:05 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/27 02:43:52 | 001,477,736 | -HS- | C] () -- C:\WINDOWS\System32\epidigih.ini
[2009/01/26 14:48:52 | 001,473,520 | -HS- | C] () -- C:\WINDOWS\System32\ibuhinew.ini
[2009/01/25 12:52:24 | 001,473,502 | -HS- | C] () -- C:\WINDOWS\System32\ewevizuh.ini
[2009/01/24 21:33:29 | 001,385,526 | -HS- | C] () -- C:\WINDOWS\System32\otimabof.ini
[2009/01/24 09:27:33 | 001,385,526 | -HS- | C] () -- C:\WINDOWS\System32\ufakomol.ini
[2009/01/23 08:52:29 | 001,385,517 | -HS- | C] () -- C:\WINDOWS\System32\inadimuj.ini
[2009/01/22 14:03:06 | 001,385,553 | -HS- | C] () -- C:\WINDOWS\System32\izijahoy.ini
[2009/01/21 15:34:09 | 001,386,074 | -HS- | C] () -- C:\WINDOWS\System32\apeniyum.ini
[2009/01/21 03:34:03 | 001,383,649 | -HS- | C] () -- C:\WINDOWS\System32\iyotuguy.ini
[2009/01/20 15:33:48 | 001,384,285 | -HS- | C] () -- C:\WINDOWS\System32\utakojub.ini
[2009/01/20 14:33:08 | 001,384,285 | -HS- | C] () -- C:\WINDOWS\System32\ajagebir.ini
[2009/01/19 13:53:21 | 001,384,285 | -HS- | C] () -- C:\WINDOWS\System32\igidobum.ini
[2009/01/18 11:14:51 | 001,355,377 | -HS- | C] () -- C:\WINDOWS\System32\enamilub.ini
[2009/01/17 21:51:01 | 001,355,377 | -HS- | C] () -- C:\WINDOWS\System32\ewagayud.ini
[2009/01/17 08:24:38 | 001,355,364 | -HS- | C] () -- C:\WINDOWS\System32\evatuyur.ini
[2009/01/16 22:04:53 | 001,335,859 | -HS- | C] () -- C:\WINDOWS\System32\olebudom.ini
[2009/01/16 09:45:56 | 001,335,859 | -HS- | C] () -- C:\WINDOWS\System32\iyezuvag.ini
[2009/01/16 08:45:36 | 001,335,859 | -HS- | C] () -- C:\WINDOWS\System32\evokelop.ini
[2009/01/15 12:52:16 | 001,332,269 | -HS- | C] () -- C:\WINDOWS\System32\omovuvij.ini
[2009/01/14 16:34:50 | 001,322,862 | -HS- | C] () -- C:\WINDOWS\System32\obunogok.ini
[2009/01/14 08:16:10 | 001,303,000 | -HS- | C] () -- C:\WINDOWS\System32\orutikay.ini
[2009/01/13 12:03:13 | 001,303,086 | -HS- | C] () -- C:\WINDOWS\System32\afunuyet.ini
[2009/01/13 10:16:31 | 001,286,764 | -HS- | C] () -- C:\WINDOWS\System32\uzunijah.ini
[2009/01/12 12:09:03 | 001,309,177 | -HS- | C] () -- C:\WINDOWS\System32\awigamep.ini
[2009/01/12 00:08:30 | 001,297,138 | -HS- | C] () -- C:\WINDOWS\System32\owovubey.ini
[2009/01/11 12:08:19 | 001,297,138 | -HS- | C] () -- C:\WINDOWS\System32\ahujibem.ini
[2009/01/11 00:08:04 | 001,297,138 | -HS- | C] () -- C:\WINDOWS\System32\aberemat.ini
[2009/01/10 12:07:55 | 001,297,156 | -HS- | C] () -- C:\WINDOWS\System32\efamonoz.ini
[2009/01/10 00:07:33 | 001,289,531 | -HS- | C] () -- C:\WINDOWS\System32\obavihig.ini
[2009/01/09 11:01:06 | 001,282,447 | -HS- | C] () -- C:\WINDOWS\System32\iyawabav.ini
[2009/01/08 23:00:50 | 001,281,944 | -HS- | C] () -- C:\WINDOWS\System32\owoseyip.ini
[2009/01/08 11:00:32 | 001,281,944 | -HS- | C] () -- C:\WINDOWS\System32\ejesiset.ini
[2009/01/07 23:00:18 | 001,276,161 | -HS- | C] () -- C:\WINDOWS\System32\atuhudov.ini
[2009/01/07 11:00:03 | 001,276,161 | -HS- | C] () -- C:\WINDOWS\System32\ewawuhab.ini
[2009/01/06 22:59:50 | 001,276,161 | -HS- | C] () -- C:\WINDOWS\System32\ofaguvil.ini
[2009/01/06 09:59:33 | 001,276,161 | -HS- | C] () -- C:\WINDOWS\System32\ogonapun.ini
[2009/01/05 21:35:18 | 001,261,098 | -HS- | C] () -- C:\WINDOWS\System32\ayelunan.ini
[2009/01/05 09:35:10 | 001,261,085 | -HS- | C] () -- C:\WINDOWS\System32\osimetoz.ini
[2009/01/04 17:01:29 | 001,262,084 | -HS- | C] () -- C:\WINDOWS\System32\egoseluh.ini
[2009/01/04 05:00:46 | 001,262,093 | -HS- | C] () -- C:\WINDOWS\System32\aganavak.ini
[2009/01/03 17:00:35 | 001,262,075 | -HS- | C] () -- C:\WINDOWS\System32\irezepup.ini
[2009/01/03 05:00:33 | 001,262,075 | -HS- | C] () -- C:\WINDOWS\System32\inazikun.ini
[2009/01/02 13:29:42 | 001,262,075 | -HS- | C] () -- C:\WINDOWS\System32\okuyuful.ini
[2009/01/02 12:29:29 | 001,262,093 | -HS- | C] () -- C:\WINDOWS\System32\udibuwuf.ini
[2009/01/01 20:56:12 | 001,262,640 | -HS- | C] () -- C:\WINDOWS\System32\oluborev.ini
[2009/01/01 08:56:01 | 001,262,640 | -HS- | C] () -- C:\WINDOWS\System32\uforelud.ini
[2008/12/31 20:55:38 | 001,262,640 | -HS- | C] () -- C:\WINDOWS\System32\upufupez.ini
[2008/12/31 08:55:25 | 001,262,640 | -HS- | C] () -- C:\WINDOWS\System32\uviyoger.ini
[2008/12/30 13:37:35 | 001,262,640 | -HS- | C] () -- C:\WINDOWS\System32\upodotit.ini
[2008/12/29 23:18:25 | 001,262,642 | -HS- | C] () -- C:\WINDOWS\System32\unovugaj.ini
[2008/12/29 10:18:05 | 001,262,699 | -HS- | C] () -- C:\WINDOWS\System32\enulidev.ini
[2008/12/28 22:17:57 | 001,694,337 | -HS- | C] () -- C:\WINDOWS\System32\ebalevag.ini
[2008/12/28 10:17:48 | 001,694,337 | -HS- | C] () -- C:\WINDOWS\System32\ilufogot.ini
[2008/12/27 22:17:38 | 001,694,337 | -HS- | C] () -- C:\WINDOWS\System32\usogobij.ini
[2008/12/27 09:17:20 | 001,685,422 | -HS- | C] () -- C:\WINDOWS\System32\ujozimug.ini
[2008/12/26 13:35:30 | 001,685,430 | -HS- | C] () -- C:\WINDOWS\System32\uwifazov.ini
[2008/12/25 23:46:08 | 001,603,449 | -HS- | C] () -- C:\WINDOWS\System32\urosoyib.ini
[2008/12/25 22:46:02 | 001,603,449 | -HS- | C] () -- C:\WINDOWS\System32\usoduviy.ini
[2008/12/25 10:45:20 | 001,603,449 | -HS- | C] () -- C:\WINDOWS\System32\efohubuk.ini
[2008/12/24 22:45:10 | 001,603,449 | -HS- | C] () -- C:\WINDOWS\System32\idurarad.ini
[2008/12/24 10:44:55 | 001,603,449 | -HS- | C] () -- C:\WINDOWS\System32\abowipop.ini
[2008/12/23 22:44:47 | 001,603,449 | -HS- | C] () -- C:\WINDOWS\System32\iziyihon.ini
[2008/12/23 10:44:52 | 001,603,458 | -HS- | C] () -- C:\WINDOWS\System32\ebojobod.ini
[2008/12/22 22:06:25 | 001,603,458 | -HS- | C] () -- C:\WINDOWS\System32\asizevom.ini
[2008/12/22 10:06:14 | 001,603,449 | -HS- | C] () -- C:\WINDOWS\System32\oyoyosav.ini
[2008/12/21 22:06:48 | 001,603,458 | -HS- | C] () -- C:\WINDOWS\System32\ahawozop.ini
[2008/12/20 15:09:41 | 001,603,449 | -HS- | C] () -- C:\WINDOWS\System32\ajazitug.ini
[2008/12/20 03:09:38 | 001,603,449 | -HS- | C] () -- C:\WINDOWS\System32\uzonojeh.ini
[2008/11/17 18:49:04 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB
[2008/11/17 18:49:04 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A724744F
@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F878F14A
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2

:commands
[emptytemp]
[purity]
[EMPTYFLASH]
  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


  • Click the red Run Fix button.


  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.
Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

Step 2
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2






This is an example, you may rename ComboFix to anything you want.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
    For more information read:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

    Then:

    Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    If running Vista, you may not see this screen
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


In your next reply, please submit:
OTL report that comes up after the fix
Combofix.txt


Thanks.

Edited by Starbuck, 07 March 2010 - 11:03 AM.

BBPP6nz.png


#5 xtickledpink

xtickledpink
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 07 March 2010 - 02:02 PM

Should I uninstall limewire since I am no longer using it? I haven't for quite sometime?

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\SITEguard deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Performance Center deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Sonic INSTALLit! Setup.lnk moved successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\miwajiho.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\dajiwava.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\vegapaye.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\pidezabi.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\hafasego.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:cobjec.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\787d699d\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\CPM7b4e5a01\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\MyWebSearch Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ronumajida\ deleted successfully.
C:\Program Files\Performance Center.lnk moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\WINDOWS\system32\epidigih.ini moved successfully.
C:\WINDOWS\system32\ibuhinew.ini moved successfully.
C:\WINDOWS\system32\ewevizuh.ini moved successfully.
C:\WINDOWS\system32\otimabof.ini moved successfully.
C:\WINDOWS\system32\ufakomol.ini moved successfully.
C:\WINDOWS\system32\inadimuj.ini moved successfully.
C:\WINDOWS\system32\izijahoy.ini moved successfully.
C:\WINDOWS\system32\apeniyum.ini moved successfully.
C:\WINDOWS\system32\iyotuguy.ini moved successfully.
C:\WINDOWS\system32\utakojub.ini moved successfully.
C:\WINDOWS\system32\ajagebir.ini moved successfully.
C:\WINDOWS\system32\igidobum.ini moved successfully.
C:\WINDOWS\system32\enamilub.ini moved successfully.
C:\WINDOWS\system32\ewagayud.ini moved successfully.
C:\WINDOWS\system32\evatuyur.ini moved successfully.
C:\WINDOWS\system32\olebudom.ini moved successfully.
C:\WINDOWS\system32\iyezuvag.ini moved successfully.
C:\WINDOWS\system32\evokelop.ini moved successfully.
C:\WINDOWS\system32\omovuvij.ini moved successfully.
C:\WINDOWS\system32\obunogok.ini moved successfully.
C:\WINDOWS\system32\orutikay.ini moved successfully.
C:\WINDOWS\system32\afunuyet.ini moved successfully.
C:\WINDOWS\system32\uzunijah.ini moved successfully.
C:\WINDOWS\system32\awigamep.ini moved successfully.
C:\WINDOWS\system32\owovubey.ini moved successfully.
C:\WINDOWS\system32\ahujibem.ini moved successfully.
C:\WINDOWS\system32\aberemat.ini moved successfully.
C:\WINDOWS\system32\efamonoz.ini moved successfully.
C:\WINDOWS\system32\obavihig.ini moved successfully.
C:\WINDOWS\system32\iyawabav.ini moved successfully.
C:\WINDOWS\system32\owoseyip.ini moved successfully.
C:\WINDOWS\system32\ejesiset.ini moved successfully.
C:\WINDOWS\system32\atuhudov.ini moved successfully.
C:\WINDOWS\system32\ewawuhab.ini moved successfully.
C:\WINDOWS\system32\ofaguvil.ini moved successfully.
C:\WINDOWS\system32\ogonapun.ini moved successfully.
C:\WINDOWS\system32\ayelunan.ini moved successfully.
C:\WINDOWS\system32\osimetoz.ini moved successfully.
C:\WINDOWS\system32\egoseluh.ini moved successfully.
C:\WINDOWS\system32\aganavak.ini moved successfully.
C:\WINDOWS\system32\irezepup.ini moved successfully.
C:\WINDOWS\system32\inazikun.ini moved successfully.
C:\WINDOWS\system32\okuyuful.ini moved successfully.
C:\WINDOWS\system32\udibuwuf.ini moved successfully.
C:\WINDOWS\system32\oluborev.ini moved successfully.
C:\WINDOWS\system32\uforelud.ini moved successfully.
C:\WINDOWS\system32\upufupez.ini moved successfully.
C:\WINDOWS\system32\uviyoger.ini moved successfully.
C:\WINDOWS\system32\upodotit.ini moved successfully.
C:\WINDOWS\system32\unovugaj.ini moved successfully.
C:\WINDOWS\system32\enulidev.ini moved successfully.
C:\WINDOWS\system32\ebalevag.ini moved successfully.
C:\WINDOWS\system32\ilufogot.ini moved successfully.
C:\WINDOWS\system32\usogobij.ini moved successfully.
C:\WINDOWS\system32\ujozimug.ini moved successfully.
C:\WINDOWS\system32\uwifazov.ini moved successfully.
C:\WINDOWS\system32\urosoyib.ini moved successfully.
C:\WINDOWS\system32\usoduviy.ini moved successfully.
C:\WINDOWS\system32\efohubuk.ini moved successfully.
C:\WINDOWS\system32\idurarad.ini moved successfully.
C:\WINDOWS\system32\abowipop.ini moved successfully.
C:\WINDOWS\system32\iziyihon.ini moved successfully.
C:\WINDOWS\system32\ebojobod.ini moved successfully.
C:\WINDOWS\system32\asizevom.ini moved successfully.
C:\WINDOWS\system32\oyoyosav.ini moved successfully.
C:\WINDOWS\system32\ahawozop.ini moved successfully.
C:\WINDOWS\system32\ajazitug.ini moved successfully.
C:\WINDOWS\system32\uzonojeh.ini moved successfully.
C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB moved successfully.
C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A724744F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F878F14A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 533900 bytes

User: Owner
->Temp folder emptied: 165374864 bytes
->Temporary Internet Files folder emptied: 291389031 bytes
->Java cache emptied: 93972285 bytes
->FireFox cache emptied: 13148732 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1943516 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 95202099 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2439247 bytes

Total Files Cleaned = 633.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.1.34.0 log created on 03072010_133301

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WA0KQO6Z\guess;site=espin;status=internal;sect=secret-crush;sub=nosub;page=guess;rsi=I09839_10001;sid=f32c40c8ddbdcc93bd959354f1924be5;a=1;b=3;sz=336x280;tile=2;pos=1;ord=9805768742[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WA0KQO6Z\homepage;net=ns;u=,ns-37857280_1266961600,117208d31a07ea3,it_general_opensource,;;kw=;tile=3;ord1=741896;sz=120x600,160x600;ppos=btf;contx=it_general_opensource;btg=;ord=19[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WA0KQO6Z\homepage;site=espin;status=internal;sect=nosect;sub=nosub;page=homepage;rsi=I09839_10001;rsi=I09839_10067;sid=f32c40c8ddbdcc93bd959354f1924be5;a=1;b=3;sz=336x280;tile=2;pos[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\PWURKCJ5\7c52bf49caab3d0a58a56ec2e43921ed2369aa3da1698465&sessionKey=NHwyNjAxOHwyNTgwMTczMTAxfDEyNjk1NDk0NTB8ZGYwMTdiODQzNGIwZTQ0ZGNhYzE3MDRlZGY5NjQyMTIxNzE1NjFhMnww&noCacheIE=1266957476866 not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\PWURKCJ5\adlink%2F5132%2F1218916%2F0%2F225%2FAdId%3D669958%3BBnId%3D1%3Bitime%3D954338626%3Blink%3Dhttp%3A%2F%2Fad%2Edoubleclick%2Enet%2Fclick%3Bh%3Dv8%2F394a%2F3%2F0%2F%2a%2Fr%3B22[1].htm not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\PWURKCJ5\guess;site=espin;status=internal;sect=secret-crush;sub=nosub;page=guess;rsi=I09839_10001;rsi=I09839_10067;sid=f32c40c8ddbdcc93bd959354f1924be5;a=1;b=3;sz=728x90;dcopt=ist;t[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\PWURKCJ5\homepage;site=espin;status=internal;sect=nosect;sub=nosub;page=homepage;rsi=I09839_10001;sid=f32c40c8ddbdcc93bd959354f1924be5;a=1;b=3;sz=728x90;dcopt=ist;tile=2;pos=1;ord=5[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\PWURKCJ5\homepage;site=espin;status=internal;sect=nosect;sub=nosub;page=homepage;rsi=I09839_10001;sid=f32c40c8ddbdcc93bd959354f1924be5;a=1;b=3;sz=728x90;dcopt=ist;tile=2;pos=1;ord=9[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\PWURKCJ5\match;site=espin;status=internal;sect=secret-crush;sub=nosub;page=match;rsi=I09839_10001;rsi=I09839_10067;sid=f32c40c8ddbdcc93bd959354f1924be5;a=1;b=3;sz=336x280;tile=2;pos[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\D26TQ5AJ\bieb;net=ns;u=,ns-31085086_1266961595,117208d31a07ea3,it_general_opensource,;;kw=;tile=1;ord1=80626;sz=728x25;ppos=atf;contx=it_general_opensource;btg=;ord=192076353537413[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\D26TQ5AJ\dref=http%253A%252F%252Fby109w[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000002%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D1443137378 not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\D26TQ5AJ\dref=http%253A%252F%252Fby109w[2].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000002%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D1443137378 not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\D26TQ5AJ\dref=http%253A%252F%252Fby109w[3].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000002%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D1443137378 not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\D26TQ5AJ\guess;site=espin;status=internal;sect=secret-crush;sub=nosub;page=guess;rsi=I09839_10001;rsi=I09839_10067;sid=f32c40c8ddbdcc93bd959354f1924be5;a=1;b=3;sz=336x280;tile=2;pos[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\D26TQ5AJ\guess;site=espin;status=internal;sect=secret-crush;sub=nosub;page=guess;rsi=I09839_10001;sid=f32c40c8ddbdcc93bd959354f1924be5;a=1;b=3;sz=728x90;dcopt=ist;tile=2;pos=1;ord=2[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\D26TQ5AJ\homepage;site=espin;status=internal;sect=nosect;sub=nosub;page=homepage;rsi=I09839_10001;rsi=I09839_10067;sid=f32c40c8ddbdcc93bd959354f1924be5;a=1;b=3;sz=728x90;dcopt=ist;t[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\D26TQ5AJ\homepage;site=espin;status=internal;sect=nosect;sub=nosub;page=homepage;rsi=I09839_10001;sid=f32c40c8ddbdcc93bd959354f1924be5;a=1;b=3;sz=336x280;tile=2;pos=1;ord=3436612877[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\D26TQ5AJ\inbox;site=espin;status=internal;sect=mail;sub=nosub;page=inbox;rsi=I09839_10001;rsi=I09839_10067;sid=f32c40c8ddbdcc93bd959354f1924be5;a=1;b=3;sz=728x90;dcopt=ist;tile=2;po[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LWU37RI\7c52bf49caab3d0a58a56ec2e43921ed2369aa3da1698465&sessionKey=NHwyNjAxOHwyNTgwMTczMTAxfDEyNjk1NDY0MTR8MWM1OGFhNzFkZjNiNGZkOTJhNWM0Nzc2ZWMzMjJlODRjZjdmMzkxMnww&noCacheIE=1266954414226 not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LWU37RI\bieb;net=ns;u=,ns-23205488_1266961596,117208d31a07ea3,it_general_opensource,;;kw=;tile=2;ord1=828357;sz=300x100;ppos=atf;contx=it_general_opensource;btg=;ord=19207635353741[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LWU37RI\guess;site=espin;status=internal;sect=secret-crush;sub=nosub;page=guess;rsi=I09839_10001;rsi=I09839_10067;sid=f32c40c8ddbdcc93bd959354f1924be5;a=1;b=3;sz=336x280;tile=2;pos[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LWU37RI\guess;site=espin;status=internal;sect=secret-crush;sub=nosub;page=guess;rsi=I09839_10001;rsi=I09839_10067;sid=f32c40c8ddbdcc93bd959354f1924be5;a=1;b=3;sz=728x90;dcopt=ist;t[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LWU37RI\guess;site=espin;status=internal;sect=secret-crush;sub=nosub;page=guess;rsi=I09839_10001;sid=f32c40c8ddbdcc93bd959354f1924be5;a=1;b=3;sz=336x280;tile=2;pos=1;ord=7458630483[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LWU37RI\guess;site=espin;status=internal;sect=secret-crush;sub=nosub;page=guess;rsi=I09839_10001;sid=f32c40c8ddbdcc93bd959354f1924be5;a=1;b=3;sz=728x90;dcopt=ist;tile=2;pos=1;ord=8[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LWU37RI\homepage;net=ns;u=,ns-36874363_1266961593,117208d31a07ea3,it_general_opensource,;;kw=;dcopt=ist;tile=1;ord1=351631;sz=728x90;ppos=atf;contx=it_general_opensource;btg=;ord=[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LWU37RI\homepage;site=espin;status=internal;sect=nosect;sub=nosub;page=homepage;rsi=I09839_10001;sid=f32c40c8ddbdcc93bd959354f1924be5;a=1;b=3;sz=336x280;tile=2;pos=1;ord=3044970314[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LWU37RI\homepage_bottom;net=ns;u=,ns-32213062_1266961600,117208d31a07ea3,it_general_opensource,;;kw=;dcopt=ist;tile=1;ord1=448833;sz=728x90;ppos=btf;contx=it_general_opensource;btg[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LWU37RI\inbox;site=espin;status=internal;sect=mail;sub=nosub;page=inbox;rsi=I09839_10001;rsi=I09839_10067;sid=f32c40c8ddbdcc93bd959354f1924be5;a=1;b=3;sz=336x280;tile=2;pos=1;ord=8[2] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LWU37RI\match;site=espin;status=internal;sect=secret-crush;sub=nosub;page=match;rsi=I09839_10001;rsi=I09839_10067;sid=f32c40c8ddbdcc93bd959354f1924be5;a=1;b=3;sz=728x90;dcopt=ist;t[2] not found!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SFCVENWV\iframe[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MDV8103A\topic298083[1].html moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\wrstemp\SSMS011B907F-311F-4D20-BC67-663AB3787BCC.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS09C1F60A-DA20-4F93-B85E-C7A95E5E055A.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS0E0C65E9-C52B-4A31-BF44-9E0CE7F516E2.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS0E370D25-E6B4-467F-8B69-792881D86756.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS148AADE6-5F7F-44B4-BAA4-F6EBD4A6B31D.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS15461F3E-92A8-4865-9411-00D902FBD259.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS15897C0A-3321-475B-AA45-96F8747FCCFF.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS17FFCF7E-C431-4137-A53E-690D8F1D6A48.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS18B45A87-0DCD-4EB6-9D5F-F4D307D728E5.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS1CF266FC-EA5D-4BB7-827A-E8D1A562376D.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS1F7E6FFD-CC90-40EC-8B9C-0637522D1DF9.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS20CBF001-B941-467F-8969-10AFC969CFDB.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS249B60C8-022C-4CF2-A992-BB944509D3F3.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS2BE243AA-2B4E-4169-825E-1EA14A5B9F46.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS2D099F6E-A607-4A76-978E-9E7A2DDFC497.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS346259C3-60DA-4825-BE54-700A48B71006.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS3781C5D8-E84B-4AAB-8B69-B3E4AFC77853.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS37D7EFE5-2A50-48CB-80BE-1F4B1077D673.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS395CB568-9335-4961-BDE5-DF3BC1EDADD2.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS3C605BB4-9E08-4C56-89F4-42F29724A3FF.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS3D01547B-ECA5-47E3-BB57-39F96D3C3698.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS3F0F51B1-174A-4A05-A3E7-34ABB28DBEF6.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS40136D3C-53B3-4B10-A920-F49216DEFC19.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS405BAC76-8EED-4E43-AA04-D2F7D1441751.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS41017380-5C2D-40BA-8E35-EFE133AD1432.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS4238FCB0-B419-416F-B01D-04F63CB432C5.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS430AEFFD-ECC2-4AFA-9DDC-1C5085E45FA3.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS433286DD-AA8C-4718-932E-8BBCFFAED846.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS443394A4-013E-4F9A-A9BD-CF64B1C8BD22.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS46BB8917-59C9-4574-965A-595251371897.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS47EB12CA-452A-49CB-A91B-591B1D46602C.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS48E59F45-31E0-4E07-9021-0B9668E777F0.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS4C3CC293-6A64-4591-BFDE-B10CEC4284CF.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS58AD9A7C-3826-4073-BFF5-062421D76084.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS5B6CE7AB-195F-4045-99DA-8AB74D5BAE32.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS5EDDF055-4D31-4AE8-AF3A-F8858073BDA3.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS5F2A4922-EB33-4CC8-B9FB-69A4438FB39B.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS5FE2CEA4-F740-4D10-9245-ADCECE551944.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS6185E6A2-A01D-4DD9-BEBA-92A870E62CC1.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS6241F129-F2EC-4D84-A494-A004E68A1908.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS647E2C38-4E63-4D15-B8E0-8D4F8846AC83.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS65736A73-B1E9-4EA8-AC19-FA103428BFD1.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS65DB3ACA-B9DE-404C-B1E4-A899ACFA1FDA.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS6A9C038A-475B-4F40-B5A3-E1C68B2A2988.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS6B94AB77-6BC9-4FB8-80E8-D87F851F87CC.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS6CED282B-F9BE-436B-8491-C50779B96B7F.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS759F95D2-DE4B-4929-9F96-E58FF0BA1CBE.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS780B42F6-6812-4514-9BE5-2A78B138C0D4.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS79892B16-A957-422F-834F-7344F338580C.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS7CC92D9E-D6F4-4451-B0BE-00B1B01C30FB.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS8B3CAF11-AAB3-4ABE-A42F-F4CA31B96E6D.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS8C31EE1E-A3DB-4932-94CD-7DF9B9317739.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS8DED2408-6B76-41A1-944F-E1619B46C3D4.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS906938F6-B287-4C69-A925-65E0F6C4DC1D.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS9295D102-3770-49B2-B082-148C5DEA2C8E.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS96C5D7D9-AE83-48A1-BB86-15D457679367.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS99A178DF-17F7-4DEE-9500-E4F868CDCB42.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS9C9F3BA9-955D-4271-A6DF-B5FB027E01D3.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMS9CBC46DD-9341-4C1C-AB1B-11B0D13C5635.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSA40A0B45-C1B4-4853-A7E3-3985C1938FED.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSA431E8EF-E2B1-48CE-AFE2-2B35A80B5A67.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSA70292FA-72D5-40D2-BEE5-FCB0E2B3B8D2.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSAA596726-7E73-4A75-B55B-3DBFE7BB01DE.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSAADDEA0A-D531-47C1-857B-E02EE81232EA.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSAB41735F-B811-4F44-B2E3-BD9AF67F7B4A.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSABD72525-8595-4346-9109-214B9D61E4E6.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSAD2CEA5F-2264-4E21-B3F8-4E9C7FBE6CE6.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSAF8992DB-3A1F-4654-9EAD-DB5E84DD3BF4.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSAFEC9EA8-0B3F-4FA2-8EF7-72BC63DD5820.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSB35D0780-78A1-4CD7-BE87-5B48F2566438.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSB63D5EA5-0F96-49A4-8FD7-595C3010171D.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSB7F141F5-AAE3-4098-863B-6254A56BB9A8.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSB98FCBF1-BD96-4D24-9CBD-45C1FBFABAA1.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSBC1D5540-9083-4F38-9B23-12D37E486362.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSBDE39FEF-3484-4FEC-91AE-B8F04F533D9F.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSC016EE30-BA9A-43E9-8D07-FBC8B4D649CB.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSC0C6FF5D-E126-4295-8C65-8DF19BC8BC67.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSC1618BB6-B3F6-470E-B90F-F8738AD18774.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSCC0BB707-1A9C-4A67-85BE-1B0989EE47FE.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSD0319120-EAB8-45C5-BD03-2361486C51E5.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSD3D1F7D0-FCF1-47E0-AA26-F88603CDDD46.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSD4665CA5-C1C7-4D97-9197-CF6452E56EEE.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSD4D21534-CACC-4E73-B64E-D5164679C6D9.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSD51190F0-5F0F-4D6A-BF45-71B395C30BF2.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSD7149A69-4510-4AA1-8812-DF446D0E0ACF.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSDC265E9A-F347-4D95-927C-E744597134C8.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSDF6F8B26-B9FB-4E35-A1A0-8B0BBC24789B.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSE047DFBA-FB80-4C6A-AF4E-19A7DB99C215.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSE2FB972D-A82C-49AC-BFF6-1E0C059459E4.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSE30626DF-7D12-43A7-B035-560EB11F5DE1.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSE427CAD4-4585-43EF-AAE8-D9E8FE567EC5.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSE63D7857-F964-4A2B-9DC8-D947F7C83EFB.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSE6521437-93E2-4D6F-96B0-E2A4337B0A5C.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSE71B69FA-2320-460B-B739-6B6FCBCA07F9.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSEC488410-4B66-4414-9214-390337DF90A0.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSEE7532E8-CBBA-490C-B7CB-D2976F80718B.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSF1378D2F-B0EC-4098-80A5-79FEA121D4B5.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSF20E08C3-AA0C-409E-A2C3-4E1E0E481DCE.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSF531A307-C24C-433C-9E36-9D37F5020EF0.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSF83F9BAB-F143-4984-9561-38AFE075C81D.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSF8FF9AEF-1DEB-46C7-9FAC-EAF4F8B01186.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSFA71110C-8D64-46A1-AC4B-80765A07E7B0.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSFE71FD7D-F6B2-446B-BAF1-9DF03BEF5CD3.tmp not found!
File\Folder C:\WINDOWS\temp\wrstemp\SSMSFEE93149-B549-43DF-9C63-5F7E38CA3BEF.tmp not found!
C:\WINDOWS\temp\Perflib_Perfdata_690.dat moved successfully.

Registry entries deleted on Reboot...


#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:44 PM

Posted 07 March 2010 - 02:05 PM

QUOTE
Should I uninstall limewire since I am no longer using it? I haven't for quite sometime?
it would be in your best interest.

BBPP6nz.png


#7 xtickledpink

xtickledpink
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 07 March 2010 - 03:25 PM

ComboFix 10-03-07.02 - Owner 03/07/2010 14:31:17.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.287 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1335 [VPS 100307-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Webroot Internet Security Essentials *disabled* {2DB6657C-B970-44d3-AB42-6325A913CCC2}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\progra~1\Webroot\WEBROO~1\Backup\ntSVc.ocx
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

.
((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
.

2010-03-07 19:15 . 2010-03-07 19:15 -------- d-----w- c:\windows\LastGood
2010-03-07 19:05 . 2010-03-07 19:05 -------- d-----w- c:\windows\system32\LogFiles
2010-03-07 18:58 . 2010-03-07 19:02 -------- d-----w- C:\Combo
2010-03-07 18:33 . 2010-03-07 18:33 -------- d-----w- C:\_OTL
2010-02-26 04:57 . 2010-02-26 04:57 -------- d-s---w- c:\documents and settings\LocalService\UserData
2010-02-23 23:00 . 2010-02-23 23:01 -------- d-----w- c:\program files\Cobian Backup 8
2010-02-23 22:35 . 2010-02-23 22:46 -------- d-----w- c:\windows\system32\NtmsData
2010-02-17 00:53 . 2010-02-17 00:53 -------- d-----w- C:\found.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 04:55 . 2008-12-04 05:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-02 23:47 . 2010-02-02 23:47 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-02 23:47 . 2010-02-02 23:47 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-02 23:47 . 2010-02-02 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-02 23:46 . 2010-02-02 23:46 65024 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2010-02-02 23:46 . 2010-02-02 23:46 5120 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
2010-02-02 23:46 . 2010-02-02 23:46 18944 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2010-02-02 23:46 . 2010-02-02 23:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-02 23:46 . 2010-02-02 23:46 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-02-02 23:46 . 2010-02-02 23:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-02 18:23 . 2009-11-22 23:19 -------- d-----w- c:\program files\Ascentive
2010-02-02 18:03 . 2008-10-13 21:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-01 17:16 . 2010-02-01 17:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-02-01 17:16 . 2010-02-01 17:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-01 17:16 . 2010-02-01 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-07 21:07 . 2010-02-01 17:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2010-02-01 17:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2008-11-13 22:04 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2008-10-28 315392]
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2008-10-13 917611]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-13 22:47 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTrackerPro.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VersionTrackerPro.lnk
backup=c:\windows\pss\VersionTrackerPro.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
2009-02-05 20:08 81000 ----a-w- c:\progra~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-08-13 05:05 122939 ----a-w- c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 20:54 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 13:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 13:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 09:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PRISMSVR.exe"=
"c:\\WINDOWS\\system32\\LEXBCES.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\reader_sl.exe"=
"c:\\Program Files\\Internet Explorer\\iedw.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\Dell Photo Printer 720\\dlbcserv.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\program files\\permissionresearch\\prmrsr.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/12/2008 4:02 PM 29808]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/6/2009 11:56 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/6/2009 11:56 AM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/13/2008 6:30 PM 24652]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [1/24/2009 6:09 PM 1086840]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [10/13/2008 4:47 PM 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-03-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-03-06 c:\windows\Tasks\wrSpySweeper_LC648F7E38E2940BF927729D7B69605A9.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-01-24 22:11]

2010-03-06 c:\windows\Tasks\wrSpySweeper_LC648F7E38E2940BF927729D7B69605A9.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-01-24 22:11]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uInternet Settings,ProxyOverride = *.local
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vlphhzmg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - YAHOO.COM
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 14:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\PRISMAPI.DLL

- - - - - - - > 'explorer.exe'(2176)
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
.
Completion time: 2010-03-07 14:38:45
ComboFix-quarantined-files.txt 2010-03-07 19:38

Pre-Run: 70,468,968,448 bytes free
Post-Run: 70,443,274,240 bytes free

- - End Of File - - C6A2BB578CF7C6F7D0C384397ED27E38


#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:44 PM

Posted 07 March 2010 - 04:22 PM

Hi xtickledpink,

How is the system running now?

BBPP6nz.png


#9 xtickledpink

xtickledpink
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 07 March 2010 - 05:28 PM

Everything seems to be working perfectly fine. I need to update my webroot...is that something good to use? You know to cover all aspects: virus, spyware, adware, malware, etc?

#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:44 PM

Posted 07 March 2010 - 06:51 PM

Hi xtickledpink

QUOTE
I need to update my webroot...is that something good to use?
Yes it should help.
A 'layered' approach is always best.
No single program will stop everything, so having a resident anti malware program and some extra 'on demand' programs is always the best way to go.

Let's get an online scan done now, just to check for any 'leftovers'.

I'd like you to do an ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Click , and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the button.
  • Click
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

BBPP6nz.png


#11 xtickledpink

xtickledpink
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 09 March 2010 - 06:44 PM

What do you recomment I layer with with webroot?

C:\Program Files\NoAdware\NoAdware5.exe probably a variant of Win32/Adware.ErrorClean application cleaned by deleting - quarantined
C:\Program Files\PermissionResearch\prmrsr.exe a variant of Win32/Adware.RK.AA application cleaned by deleting - quarantined
C:\WINDOWS\system32\AscConTest.dll Win32/Adware.Ascentive application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\aberemat.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\abowipop.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\afunuyet.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\aganavak.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\ahawozop.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\ahujibem.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\ajagebir.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\ajazitug.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\apeniyum.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\asizevom.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\atuhudov.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\awigamep.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\ayelunan.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\ebalevag.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\ebojobod.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\efamonoz.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\efohubuk.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\egoseluh.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\ejesiset.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\enamilub.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\enulidev.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\epidigih.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\evatuyur.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\evokelop.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\ewagayud.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\ewawuhab.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\ewevizuh.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\ibuhinew.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\idurarad.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\igidobum.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\ilufogot.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\inadimuj.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\inazikun.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\irezepup.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\iyawabav.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\iyezuvag.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\iyotuguy.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\izijahoy.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\iziyihon.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\obavihig.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\obunogok.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\ofaguvil.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\ogonapun.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\okuyuful.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\olebudom.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\oluborev.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\omovuvij.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\orutikay.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\osimetoz.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\otimabof.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\owoseyip.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\owovubey.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\oyoyosav.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\udibuwuf.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\ufakomol.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\uforelud.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\ujozimug.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\unovugaj.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\upodotit.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\upufupez.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\urosoyib.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\usoduviy.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\usogobij.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\utakojub.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\uviyoger.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\uwifazov.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\uzonojeh.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03072010_133301\C_WINDOWS\system32\uzunijah.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined


#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:44 PM

Posted 09 March 2010 - 07:20 PM

Hi xtickledpink

QUOTE
What do you recomment I layer with with webroot?
You already have a good AntiVirus program and a good AntiMalware program:
avast! Antivirus
Malwarebytes' Anti-Malware


I wouldn't add anything else, these plus webroot will serve you just fine.
Too many security programs are nearly as bad as no security programs.

Please let me have one more set of OTL reports using the following instructions:

Double click on OTL.exe to run it.
  • Under Extra Registry section, select Use SafeList.
  • Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

Thanks.

BBPP6nz.png


#13 xtickledpink

xtickledpink
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 09 March 2010 - 09:50 PM

Okay! Should I run those regularly?

OTL logfile created on: 3/9/2010 8:39:43 PM - Run 2
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 168.00 Mb Available Physical Memory | 33.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 64.38 Gb Free Space | 86.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VANESSAROSE
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Webroot\WebrootSecurity\SSU.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\PRISMSVR.exe (Conexant Systems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (PRISMSVC) -- C:\WINDOWS\system32\PRISMSVC.exe (Conexant Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (ssidrv) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (DELL_A02) -- C:\WINDOWS\system32\drivers\PRISMA02.sys (Conexant Systems, Inc.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query="
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "YAHOO.COM"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/15 16:03:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/03 17:53:32 | 000,000,000 | ---D | M]

[2009/07/27 13:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/07/27 13:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/20 23:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vlphhzmg.default\extensions
[2009/07/03 14:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vlphhzmg.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/07/03 14:36:35 | 000,004,196 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vlphhzmg.default\searchplugins\aim-search.xml
[2010/01/20 23:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/03/07 14:11:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.144.187.101 204.186.0.203 207.44.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Security Packages - (EM) - File not found
O30 - LSA: Security Packages - (ecurity Packages settings...) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/09 21:28:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/09 12:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/03/09 10:17:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/03/08 23:50:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/03/08 23:49:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/03/08 23:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/03/08 03:00:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/03/07 15:22:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/07 14:05:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/03/07 14:02:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/07 13:58:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/07 13:58:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/07 13:58:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/07 13:58:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/07 13:58:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/07 13:58:00 | 000,000,000 | ---D | C] -- C:\Combo
[2010/03/07 13:57:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/07 13:33:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/06 21:16:04 | 000,553,984 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/25 23:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/02/23 18:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2010/02/23 18:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 8
[2010/02/23 17:35:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/02/16 19:53:18 | 000,000,000 | ---D | C] -- C:\found.000
[2010/02/08 18:25:19 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/04/05 22:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/04/05 22:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/05 22:10:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/05 22:10:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/02/02 07:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

========== Files - Modified Within 30 Days ==========

[2010/03/09 10:12:34 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/09 10:12:34 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/09 10:12:32 | 000,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/09 10:07:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/09 10:07:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/09 10:07:15 | 000,153,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/09 00:00:05 | 002,756,608 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/03/08 23:59:36 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/08 23:47:57 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/03/08 19:40:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2010/03/08 03:26:23 | 004,835,874 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/03/07 14:36:55 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/07 14:29:38 | 004,122,023 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2010/03/07 14:11:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/07 14:02:39 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/06 21:16:11 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/03/01 07:36:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/27 21:40:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/23 18:52:50 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/02/23 18:49:01 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/02/23 18:47:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/02/22 23:55:32 | 007,450,815 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\09 No Way.mp3
[2010/02/08 18:25:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2010/02/08 18:25:27 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe

========== Files Created - No Company Name ==========

[2010/03/07 14:29:38 | 004,122,023 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2010/03/07 14:02:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/07 14:02:36 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/07 13:58:11 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/07 13:58:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/07 13:58:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/07 13:58:11 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/07 13:58:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/23 18:52:46 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/02/23 18:48:58 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/02/23 18:47:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/02/23 00:45:01 | 007,450,815 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\09 No Way.mp3
[2010/02/08 18:25:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/22 18:19:42 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\AscSQLite.dll
[2009/01/11 12:08:19 | 000,000,250 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/17 18:52:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2008/11/17 18:48:08 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2008/11/12 16:02:20 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2008/10/28 14:48:30 | 000,000,340 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/10/13 16:47:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\CoPrism.dll
[2008/10/13 16:34:44 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/09/22 13:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/04 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/02/10 15:08:00 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2002/11/13 15:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
< End of report >


OTL Extras logfile created on: 3/9/2010 8:39:43 PM - Run 2
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 168.00 Mb Available Physical Memory | 33.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 64.38 Gb Free Space | 86.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VANESSAROSE
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\WINDOWS\system32\PRISMSVR.exe" = C:\WINDOWS\system32\PRISMSVR.exe:*:Enabled:PRISMSVR -- (Conexant Systems, Inc.)
"C:\Program Files\Viewpoint\Common\ViewpointService.exe" = C:\Program Files\Viewpoint\Common\ViewpointService.exe:*:Enabled:ViewpointService -- (Viewpoint Corporation)
"C:\Program Files\Internet Explorer\iedw.exe" = C:\Program Files\Internet Explorer\iedw.exe:*:Enabled:iedw -- (Microsoft Corporation)
"C:\Program Files\Dell Photo Printer 720\dlbcserv.exe" = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe:*:Enabled:dlbcserv -- ()
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"c:\program files\permissionresearch\prmrsr.exe" = c:\program files\permissionresearch\prmrsr.exe:*:Enabled:prmrsr.exe -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 13
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{64A32253-A906-4AEB-B6A7-A90512B68D87}" = VersionTracker Pro Windows
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1" = Spy Sweeper
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11718290}" = Dream Day Wedding Viva Las Vegas
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = USB 2.0 Wireless LAN Card Utility
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Search" = AIM Search
"AIM_6" = AIM 6
"avast!" = avast! Antivirus
"CobBackup8" = Cobian Backup 8
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dell Photo Printer 720" = Dell Photo Printer 720
"Dell Photo Printer 720 Logger" = Dell Photo Printer 720 Logger
"ESET Online Scanner" = ESET Online Scanner v3
"GoToAssist" = GoToAssist 8.0.0.514
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"Multi Virus Cleaner 2008_is1" = Multi Virus Cleaner 2008
"PROSet" = Intel® PRO Network Adapters and Drivers
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ViewpointMediaPlayer" = Viewpoint Media Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 3/6/2010 4:26:58 PM | Computer Name = VANESSAROSE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\WebrootSecurity\masters\other.dat failed, 00000005.

Error - 3/6/2010 4:27:01 PM | Computer Name = VANESSAROSE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\WebrootSecurity\masters\other.dat failed, 00000005.

Error - 3/6/2010 4:27:02 PM | Computer Name = VANESSAROSE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\WebrootSecurity\masters\other.dat failed, 00000005.

Error - 3/7/2010 1:17:12 AM | Computer Name = VANESSAROSE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\WebrootSecurity\masters\other.dat failed, 00000005.

Error - 3/7/2010 2:40:43 PM | Computer Name = VANESSAROSE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\WebrootSecurity\masters\other.dat failed, 00000005.

Error - 3/7/2010 2:49:04 PM | Computer Name = VANESSAROSE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\WebrootSecurity\masters\other.dat failed, 00000005.

Error - 3/8/2010 4:26:45 AM | Computer Name = VANESSAROSE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\WebrootSecurity\masters\other.dat failed, 00000005.

Error - 3/8/2010 11:48:46 AM | Computer Name = VANESSAROSE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\8d4b7190fed5d78ca3642f80259aa01d\BITD.tmp
failed, 00000026.

Error - 3/8/2010 12:31:35 PM | Computer Name = VANESSAROSE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\287a4eec8738e59214471d76f4561bed\BIT21.tmp
failed, 00000026.

Error - 3/9/2010 12:47:35 AM | Computer Name = VANESSAROSE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Webroot\WebrootSecurity\masters\other.dat failed, 00000005.

[ Application Events ]
Error - 2/28/2010 8:09:10 PM | Computer Name = VANESSAROSE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/3/2010 12:35:09 AM | Computer Name = VANESSAROSE | Source = Application Hang | ID = 1002
Description = Hanging application aim6.exe, version 1.4.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/3/2010 12:52:11 AM | Computer Name = VANESSAROSE | Source = Application Hang | ID = 1002
Description = Hanging application aim6.exe, version 1.4.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/4/2010 12:40:04 AM | Computer Name = VANESSAROSE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/4/2010 2:47:15 PM | Computer Name = VANESSAROSE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/4/2010 7:29:34 PM | Computer Name = VANESSAROSE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/7/2010 8:17:59 PM | Computer Name = VANESSAROSE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/7/2010 8:22:22 PM | Computer Name = VANESSAROSE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2010 11:21:27 AM | Computer Name = VANESSAROSE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/9/2010 11:22:39 AM | Computer Name = VANESSAROSE | Source = Application Hang | ID = 1002
Description = Hanging application aim6.exe, version 1.4.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/8/2010 4:02:16 AM | Computer Name = VANESSAROSE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAIN_PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{12BDDA76-7E5D-4A4A-A. The master browser is stopping or an election
is being forced.

Error - 3/8/2010 4:26:43 AM | Computer Name = VANESSAROSE | Source = ssidrv | ID = 131098
Description = Failed to set monitor event rule.

Error - 3/8/2010 11:06:01 AM | Computer Name = VANESSAROSE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 00904BDDAF6C has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 3/8/2010 1:04:05 PM | Computer Name = VANESSAROSE | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 3/8/2010 1:52:03 PM | Computer Name = VANESSAROSE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAIN_PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{12BDDA76-7E5D-4A4A-A. The master browser is stopping or an election
is being forced.

Error - 3/8/2010 2:52:08 PM | Computer Name = VANESSAROSE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAIN_PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{12BDDA76-7E5D-4A4A-A. The master browser is stopping or an election
is being forced.

Error - 3/9/2010 12:47:40 AM | Computer Name = VANESSAROSE | Source = ssidrv | ID = 131098
Description = Failed to set monitor event rule.

Error - 3/9/2010 11:07:31 AM | Computer Name = VANESSAROSE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 00904BDDAF6C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/9/2010 11:19:36 AM | Computer Name = VANESSAROSE | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 3/9/2010 9:41:54 PM | Computer Name = VANESSAROSE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAIN_PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{12BDDA76-7E5D-4A4A-A. The master browser is stopping or an election
is being forced.


< End of report >


#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:44 PM

Posted 10 March 2010 - 10:47 AM

Hi xtickledpink

QUOTE
Okay! Should I run those regularly?
Run the 'on demand' scanners about twice a week to be safe ( more if you want) ... just remember to update them before running a scan though.

Just one thing left to do and then we'll finish off.

Step 1
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 18 and save it to your desktop.
  • Scroll down to where it says "JDK 6 Update 18 (JDK or JRE)


  • Click the "Download" button to the right... that says Download JRE
  • Select 'Windows' from the dropdown box.


  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • Click 'Continue'
  • The page will refresh.


  • Click on the link to download Windows Offline Installation and save the file to your desktop.


  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.

    Reboot the system when completed.


  • Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version.

Step 2
  • Please double-click OTL.exe to run it.
  • You should see a CleanUp! button, press that button,


  • This will remove any programs we have asked you to download along with there associated folders.. plus itself.

Note:
MBAM and SAS will not be removed.

Step 3
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Select the drive for cleaning then click OK (usually 'C' drive)
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

You should seriously think about updating to 'Service Pack 3' as well.
The easiest way it turn on automatic updates and let Windows take care of it.

To find out how you may have been infected....read this topic:
So how did i get infected?

Not all of the following information will be applicable to you, but it's still best to read it all.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Use an AntiVirus Software
    Note*:
    Upon installation MS Security Essentials will check that your OS is a legal copy.

    Only install one AntiVirus program
  • Update your AntiVirus Software regularly
  • Use a 3rd party Firewall NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option.

    Only install one software Firewall

    Some 3rd party Firewalls will turn off the windows firewall when they are installed.
    It's always best to check that the Windows Firewall is turned off:

    How to turn off Windows Firewall:
    Start ... Control Panel ...click on 'Classic View'.
    now select Windows Firewall.
    When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok
  • Scan regularly with a 'Stand Alone' Anti-Malware scanner:
    Installing another scanner that you can run once or twice a week is always beneficial.
    Something like:
    Malwarebytes Anti-Malware
    SUPERAntiSypware
    Remember to update these programs each time before running.
    You can install more than one of these if you only run them as stand alone programs.
  • Use an alternative browser:
    Some excellent alternatives to MS Internet Explorer are:

    Firefox
    For added security, add the NoScript extension to this browser:
    Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks
    also consider adding:
    WOT - Safe Browsing Tool

    Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web.
    Btw: you don't have to make a contribution.

    Opera

    They offer better security, more stability, and better speed.
  • Keep a backup of your registry
    Keeping a regular backup of your registry will help when something goes wrong.
    Use a program like:
    Erunt

    A full tutorial on how to set up and use Erunt can be found here:
    Erunt tutorial
  • Keep your system clean of temp files etc, using a 'Cleaner':

    Cleaners are programs that will help to clean out your:
    Windows temp files
    Current user temp files
    Cookies
    Temporary Internet flies
    Browser history
    Recycle bin
    Etc.......
    In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc.
    Programs like:
    CCleaner
    TFC by OldTimer
    ATF Cleaner
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
  • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:
    Using and installing SpywareBlaster
  • Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

Safe surfing.

BBPP6nz.png


#15 xtickledpink

xtickledpink
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 10 March 2010 - 12:55 PM

What is Service Pack 3 and how do I install that? Do I need it?

Or is it okay if I just go and run everything manually myself?

Thank you for all your help!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users