Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware keeps coming back.


  • This topic is locked This topic is locked
42 replies to this topic

#1 redsteroo

redsteroo

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Charles Town, WV
  • Local time:12:27 PM

Posted 04 April 2010 - 07:32 PM

I have already been through the "Am I Infected" forum and I am sure that I am but I don't know how or with what. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/305217/security-breach/ ~ OB We have run MBAM and GMER and removed some infections and the next day when I ran my Spyware Doctor, I was reinfected with two new infections. Already identified them as keyloggers and one was some type of autodialer.

Anyway, I was told to run a DDS and post it here. Time for an operation, I guess. LOL I am hoping to learn something from the process. I have already learned a lot just reading and researching on my own before I broke down and came to bleepingcomputer for help. I know when something is over my head and whatever this is.....is it! crazy.gif

Thank you so kindly for the help! Here is the DDS. I did run a GMER last night but for some reason, my system had crashed when I returned the computer so I did not have the results. If you would like for me to run another one, please advise and I will do it ASAP.



DDS (Ver_10-03-17.01) - NTFSx86
Run by Compaq_Owner at 0:48:56.29 on Sun 04/04/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.191 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Cobian Backup 8\cbService.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.myspace.com
uSearch Page =
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=CATS2_Printer&application=303&prodOS=011&gwCountry=US&product_full_name=psc%201310%20series&modelID=Q5765A&PROD_SERIAL_ID=MY4B6CD10CO2
uSearchAssistant = hxxp://www.google.com
mSearchAssistant =
uURLSearchHooks: ICQ Toolbar: {855f3b16-6d32-4fe6-8a56-bbb695989046} -
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
TB: ICQ Toolbar: {855f3b16-6d32-4fe6-8a56-bbb695989046} -
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
{42cdd1bf-3ffb-4238-8ad1-7859df00b1d6}
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [cdloader] "c:\documents and settings\compaq_owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [Cobian Backup 8 interface] "c:\program files\cobian backup 8\cbInterface.exe" -service
dRunOnce: [RunNarrator] Narrator.exe
IE: &Add animation to IncrediMail Style Box
IE: &ICQ Toolbar Search - c:\program files\icqtoolbar\toolbaru.dll/SEARCH.HTML
IE: &Search
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\program files\icqlite\ICQLite.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\compaq_owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab
DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} - hxxp://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli puwareda.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-3-24 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-3-24 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-3-24 59664]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-3-24 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-3-24 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-3-24 365280]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-3-24 1141712]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-3-24 70408]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-3-24 33552]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S2 gupdate1c9bf064f310e36;Google Update Service (gupdate1c9bf064f310e36);c:\program files\google\update\GoogleUpdate.exe [2009-4-16 133104]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

=============== Created Last 30 ================

2010-04-04 04:46:31 0 ----a-w- c:\documents and settings\compaq_owner\defogger_reenable
2010-04-04 01:33:20 0 d-----w- C:\backup
2010-04-04 01:31:25 0 d-----w- C:\New Folder (2)
2010-04-04 01:30:59 0 d-----w- C:\New Folder
2010-04-03 18:36:35 0 d-----w- c:\program files\Cobian Backup 8
2010-04-03 17:42:18 0 d--h--w- c:\windows\PIF
2010-04-02 17:07:04 1504 ------w- c:\windows\system32\tmp.reg
2010-04-01 03:27:13 0 d-----w- c:\program files\ESET
2010-03-30 08:46:23 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-03-30 08:24:56 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 08:24:53 20824 ------w- c:\windows\system32\drivers\mbam.sys
2010-03-30 08:24:53 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-25 02:50:08 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-03-25 02:50:08 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-03-25 02:50:08 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-03-25 01:35:27 882 ------w- c:\windows\RegSDImport.xml
2010-03-25 01:35:27 880 ------w- c:\windows\RegISSImport.xml
2010-03-25 01:35:27 767952 ------w- c:\windows\BDTSupport.dll
2010-03-25 01:35:27 149456 ------w- c:\windows\SGDetectionTool.dll
2010-03-25 01:35:27 131 ------w- c:\windows\IDB.zip
2010-03-25 01:35:27 1152444 ------w- c:\windows\UDB.zip
2010-03-25 01:35:26 165840 ------w- c:\windows\PCTBDRes.dll
2010-03-25 01:35:26 1640400 ------w- c:\windows\PCTBDCore.dll
2010-03-25 01:30:19 7387 ------w- c:\windows\system32\drivers\pctgntdi.cat
2010-03-25 01:30:19 233136 ------w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-25 01:29:53 87784 ------w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-25 01:29:53 7412 ------w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-03-25 01:29:53 7383 ------w- c:\windows\system32\drivers\pctcore.cat
2010-03-25 01:29:53 207280 ------w- c:\windows\system32\drivers\PCTCore.sys
2010-03-25 01:29:10 7383 ------w- c:\windows\system32\drivers\pctplsg.cat
2010-03-25 01:29:10 70408 ------w- c:\windows\system32\drivers\pctplsg.sys
2010-03-25 01:28:54 0 d-----w- c:\program files\common files\PC Tools
2010-03-25 01:28:53 0 d-----w- c:\program files\Spyware Doctor
2010-03-20 17:21:40 2 ------w- c:\windows\msoffice.ini
2010-03-11 00:06:51 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-07 07:53:16 0 d-----w- c:\docume~1\alluse~1\applic~1\DriverScanner

==================== Find3M ====================

2010-03-11 12:38:54 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ------w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ------w- c:\windows\system32\corpol.dll
2010-03-02 20:02:59 1432 ------w- c:\docume~1\compaq~1\applic~1\wklnhst.dat
2010-02-13 21:14:05 77312 ------w- c:\windows\ua2.dll
2006-09-11 18:27:27 88 --sh--r- c:\windows\system32\DEFE13C748.sys
2006-09-11 18:27:30 3766 --sh--w- c:\windows\system32\KGyGaAvL.sys
2008-09-13 21:01:02 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091320080914\index.dat

============= FINISH: 0:52:08.76 ===============

Edited by Orange Blossom, 04 April 2010 - 10:29 PM.

I'd give my right arm to be ambidextrous.

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:27 PM

Posted 08 April 2010 - 11:55 AM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since
resolved your issues I would appreciate if you would let me no so I can close this topic.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT

  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks

unite.jpg


#3 redsteroo

redsteroo
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Charles Town, WV
  • Local time:12:27 PM

Posted 09 April 2010 - 01:39 PM

Ok. Thank you so kindly for the assistance. ohmy.gif) bowdown.gif

OTL Report:

OTL logfile created on: 4/9/2010 2:17:47 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 97.00 Mb Available Physical Memory | 19.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 26.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.77 Gb Total Space | 38.28 Gb Free Space | 26.62% Space Free | Partition Type: NTFS
Drive D: | 5.26 Gb Total Space | 0.68 Gb Free Space | 13.02% Space Free | Partition Type: FAT32
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RED
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/09 14:16:47 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2010/02/02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
PRC - [2010/01/18 14:14:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/09/08 21:09:38 | 010,309,408 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/27 12:37:12 | 000,499,200 | ---- | M] (Luis Cobian) -- C:\Program Files\Cobian Backup 8\cbService.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\hpzipm12.exe
PRC - [2005/04/06 18:57:12 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/01/12 14:54:56 | 000,135,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
PRC - [2004/08/03 17:00:00 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sndvol32.exe


========== Modules (SafeList) ==========

MOD - [2010/04/09 14:16:47 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
MOD - [2010/02/02 10:13:54 | 000,451,856 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFWAH.dll
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/09/09 22:54:58 | 000,155,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MDM)
SRV - [2010/02/02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2007/09/27 12:37:12 | 000,499,200 | ---- | M] (Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 8\cbService.exe -- (CobBMService)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/02/02 10:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/02/02 10:13:54 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/02/02 10:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/08/19 11:02:22 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 14:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 14:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/08/21 20:25:39 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/04/15 18:05:42 | 002,564,032 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/03/04 12:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/09/30 01:55:50 | 000,229,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/09/24 13:38:40 | 000,012,928 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/08/04 02:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/09/11 03:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/07/18 19:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 14:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/04 20:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/08/23 10:31:36 | 000,026,381 | ---- | M] (Efficient Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enethusb.sys -- (ENETHUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...age={startPage}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Value error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.myspace.com/redfox25430"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/07 05:59:32 | 000,000,000 | ---D | M]

[2009/08/19 19:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2010/03/27 07:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\wqh7e3mn.default\extensions
[2009/11/22 09:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\wqh7e3mn.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}-trash
[2009/09/02 09:45:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\wqh7e3mn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/23 22:41:18 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\wqh7e3mn.default\searchplugins\icqplugin.xml
[2008/12/12 14:23:54 | 000,002,158 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\wqh7e3mn.default\searchplugins\MySpace.xml
[2008/08/09 16:22:17 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\wqh7e3mn.default\searchplugins\MyStart Search.xml
[2009/08/19 19:49:24 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\wqh7e3mn.default\searchplugins\siteadvisor.xml
[2009/11/21 10:00:39 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\wqh7e3mn.default\searchplugins\sweetim.xml
[2010/03/27 07:23:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/10/26 11:42:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\realplayer@partners.mozilla.com
[2009/10/03 02:29:17 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/10/03 02:29:18 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

O1 HOSTS File: ([2004/08/04 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [Cobian Backup 8 interface] C:\Program Files\Cobian Backup 8\cbInterface.exe (Luis Cobian)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Compaq_Owner\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O8 - Extra context menu item: &WordWeb... - C:\WINDOWS\wweb32.dll (Antony Lewis)
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...swflash5r42.cab (Shockwave Flash Object)
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} http://apps.corel.com/nos_dl_manager/plugi...NetOpPlugin.ocx (Get_ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/22 00:07:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 22:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/04/09 14:16:43 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/04/03 21:33:20 | 000,000,000 | ---D | C] -- C:\backup
[2010/04/03 21:31:25 | 000,000,000 | ---D | C] -- C:\New Folder (2)
[2010/04/03 21:30:59 | 000,000,000 | ---D | C] -- C:\New Folder
[2010/04/03 14:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 8
[2010/04/03 14:14:38 | 008,499,200 | ---- | C] (Luis Cobian) -- C:\Documents and Settings\Compaq_Owner\Desktop\cbSetup8.exe
[2010/04/03 13:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\TcpView
[2010/04/03 13:42:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/04/02 13:05:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix
[2010/03/31 23:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/03/30 14:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\ProcessExplorer
[2010/03/30 04:46:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/03/30 04:24:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 04:24:53 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/30 04:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/30 04:04:38 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Owner\Desktop\mbam-setup-1.45.exe
[2010/03/30 04:02:33 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Compaq_Owner\Desktop\ATF-Cleaner.exe
[2010/03/27 12:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Autoruns
[2010/03/24 22:50:08 | 000,059,664 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2010/03/24 22:50:08 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2010/03/24 22:50:08 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2010/03/24 21:35:27 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/03/24 21:35:26 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/03/24 21:35:26 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/03/24 21:30:19 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/03/24 21:29:53 | 000,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/03/24 21:29:53 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/03/24 21:29:10 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/03/24 21:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/03/24 21:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/03/23 10:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Threat Expert
[2010/03/15 03:32:14 | 034,870,008 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Compaq_Owner\Desktop\sdasetup_aff.exe
[2010/03/14 22:45:57 | 004,004,912 | ---- | C] (Uniblue Systems Ltd ) -- C:\Documents and Settings\Compaq_Owner\Desktop\registrybooster.exe
[2010/03/10 20:06:51 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/01 12:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/03/01 12:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/02/13 16:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2010/02/06 15:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/06 15:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/06 15:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/07/22 03:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/07/01 08:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/06/08 23:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/04/16 22:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/06/15 08:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2008/06/15 08:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008/06/15 08:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
[2008/06/15 08:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\ICQ Toolbar
[2007/01/07 22:33:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/11/09 21:26:06 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/06/29 19:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2005/06/28 12:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/09 14:16:47 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/04/09 13:58:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/08 20:58:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/08 01:36:27 | 010,747,904 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\NTUSER.DAT
[2010/04/05 23:30:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/05 13:44:06 | 000,047,289 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\LabelDesign1.jpg
[2010/04/05 10:11:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/05 10:09:10 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/04/05 10:08:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/05 10:08:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/05 10:08:48 | 527,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/05 02:51:20 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2010/04/04 00:48:08 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
[2010/04/04 00:46:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\defogger_reenable
[2010/04/04 00:45:24 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Defogger.exe
[2010/04/03 14:14:39 | 008,499,200 | ---- | M] (Luis Cobian) -- C:\Documents and Settings\Compaq_Owner\Desktop\cbSetup8.exe
[2010/04/03 13:42:24 | 000,000,435 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/03 10:31:47 | 000,000,544 | ---- | M] () -- C:\WINDOWS\_delis32.ini
[2010/04/02 13:22:59 | 000,037,925 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcts3.htm
[2010/04/02 13:22:18 | 000,035,895 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcts2.htm
[2010/04/02 13:22:03 | 000,035,895 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcts1.htm
[2010/04/02 13:07:06 | 000,001,504 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/04/02 13:05:27 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix.exe
[2010/04/01 15:05:44 | 000,029,950 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcguardresults3.htm
[2010/04/01 15:05:32 | 000,029,950 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcguardresults2.htm
[2010/04/01 15:04:43 | 000,029,950 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcguardresults1.htm
[2010/04/01 15:01:46 | 000,029,950 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcguardresults.htm
[2010/04/01 02:06:49 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\je6k0hji.exe
[2010/03/30 14:17:38 | 000,212,862 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\TcpView.zip
[2010/03/30 14:17:27 | 001,748,234 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ProcessExplorer.zip
[2010/03/30 04:47:15 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/30 04:25:00 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/30 04:09:21 | 010,517,102 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SAS_599B90D9.COM
[2010/03/30 04:07:01 | 007,976,992 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SUPERAntiSpyware.exe
[2010/03/30 04:04:39 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Owner\Desktop\mbam-setup-1.45.exe
[2010/03/30 04:02:34 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Compaq_Owner\Desktop\ATF-Cleaner.exe
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/27 12:01:02 | 000,595,499 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Autoruns.zip
[2010/03/24 21:29:22 | 000,001,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/03/20 13:29:24 | 000,000,859 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/20 13:21:40 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2010/03/19 00:36:27 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\magicJack.lnk
[2010/03/16 12:42:19 | 000,079,472 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/15 03:33:45 | 034,870,008 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Compaq_Owner\Desktop\sdasetup_aff.exe
[2010/03/14 23:31:36 | 000,445,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 23:31:35 | 000,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 23:31:35 | 000,072,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 23:28:18 | 000,289,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/14 22:53:47 | 000,000,757 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2010/03/14 22:46:10 | 004,004,912 | ---- | M] (Uniblue Systems Ltd ) -- C:\Documents and Settings\Compaq_Owner\Desktop\registrybooster.exe
[2010/03/11 08:38:54 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/03/11 08:38:54 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/03/11 08:38:54 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2010/03/11 08:38:53 | 003,599,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/03/11 08:38:53 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/03/11 08:38:53 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/03/11 08:38:53 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/03/11 08:38:53 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/03/11 08:38:53 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/03/11 08:38:53 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2010/03/11 08:38:53 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2010/03/11 08:38:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2010/03/11 08:38:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010/03/11 08:38:53 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/03/11 08:38:53 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/03/11 08:38:53 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/03/11 08:38:53 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2010/03/11 08:38:53 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010/03/11 08:38:52 | 006,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/03/11 08:38:52 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/03/11 08:38:52 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/03/11 08:38:52 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/03/11 08:38:52 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/03/11 08:38:52 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/03/11 08:38:52 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/03/11 08:38:52 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/03/11 08:38:52 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2010/03/11 08:38:52 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2010/03/11 08:38:52 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/03/11 08:38:52 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/03/11 08:38:51 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/03/11 08:38:51 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/03/11 08:38:51 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2010/03/11 08:38:51 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/03/11 08:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2010/03/11 08:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010/03/11 08:38:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2010/03/11 08:38:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2010/03/11 08:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2010/03/11 08:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010/03/11 08:38:51 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2010/03/11 08:38:51 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2010/03/11 08:38:51 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2010/03/11 08:38:51 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010/03/11 08:38:51 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/03/11 08:38:51 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2010/03/11 08:38:51 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2010/03/11 04:03:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/05 13:44:06 | 000,047,289 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\LabelDesign1.jpg
[2010/04/04 00:48:08 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
[2010/04/04 00:46:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\defogger_reenable
[2010/04/04 00:45:24 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Defogger.exe
[2010/04/02 13:22:59 | 000,037,925 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcts3.htm
[2010/04/02 13:22:18 | 000,035,895 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcts2.htm
[2010/04/02 13:22:03 | 000,035,895 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcts1.htm
[2010/04/02 13:07:04 | 000,001,504 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/04/02 13:05:19 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix.exe
[2010/04/01 15:05:44 | 000,029,950 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcguardresults3.htm
[2010/04/01 15:05:32 | 000,029,950 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcguardresults2.htm
[2010/04/01 15:04:43 | 000,029,950 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcguardresults1.htm
[2010/04/01 15:01:46 | 000,029,950 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcguardresults.htm
[2010/04/01 02:06:46 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\je6k0hji.exe
[2010/03/30 14:17:37 | 000,212,862 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\TcpView.zip
[2010/03/30 14:17:15 | 001,748,234 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ProcessExplorer.zip
[2010/03/30 09:13:35 | 527,814,656 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/30 04:47:15 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/30 04:25:00 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/30 04:09:21 | 010,517,102 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SAS_599B90D9.COM
[2010/03/30 04:06:51 | 007,976,992 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SUPERAntiSpyware.exe
[2010/03/27 12:00:57 | 000,595,499 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Autoruns.zip
[2010/03/24 21:35:27 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/03/24 21:35:27 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/03/24 21:35:27 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/03/24 21:35:27 | 000,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/03/24 21:35:27 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/03/24 21:30:19 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/03/24 21:29:53 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/03/24 21:29:53 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/03/24 21:29:22 | 000,001,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/03/24 21:29:10 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/03/20 13:21:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/03/14 22:53:47 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2010/02/28 13:54:26 | 000,000,544 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/08/19 17:07:40 | 000,017,395 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\uqopily.dat
[2009/08/19 17:07:40 | 000,016,853 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\guqejemir._sy
[2009/08/19 17:07:40 | 000,016,685 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\iqovuxi.ban
[2009/08/19 17:07:40 | 000,016,408 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ixajar._dl
[2009/08/19 17:07:40 | 000,013,848 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\rugobety.bin
[2009/08/19 17:07:40 | 000,011,967 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\zicemova.dat
[2009/08/19 10:48:13 | 000,016,695 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\iduwucog.bat
[2009/08/19 10:48:13 | 000,015,028 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\erumyjun.db
[2009/08/19 10:48:12 | 000,016,760 | ---- | C] () -- C:\WINDOWS\ilekaso.sys
[2009/08/19 10:48:12 | 000,014,354 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\asaqajafyv.lib
[2008/12/03 15:47:31 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/04/26 10:35:57 | 000,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2007/11/02 04:27:42 | 000,001,028 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\WavCodec.wff
[2006/12/14 01:27:30 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/09/05 10:31:03 | 000,000,903 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/06/20 13:35:20 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\DEFE13C748.sys
[2006/06/06 04:04:09 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/05/16 22:58:00 | 000,005,655 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/05/16 22:58:00 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/22 10:15:47 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/02/04 09:33:26 | 000,001,432 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2006/01/01 20:59:56 | 000,000,995 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/30 01:14:53 | 000,000,051 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/12/10 11:18:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/11/27 13:25:16 | 000,000,017 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2005/11/26 19:52:35 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Tasswin.INI
[2005/11/26 19:35:46 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\CETNUASM.DLL
[2005/11/09 22:38:24 | 000,000,077 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\FASTWiz.log
[2005/06/28 12:29:14 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\LuResult.txt
[2005/06/27 21:51:51 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\plugin131_02.trace
[2005/06/03 13:23:58 | 000,000,094 | -H-- | C] () -- C:\WINDOWS\System32\zbq_Q1swg.ini
[2005/05/23 19:52:19 | 000,000,909 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2005/05/18 16:28:57 | 000,000,719 | ---- | C] () -- C:\WINDOWS\XMLEditor3.INI
[2005/05/16 22:18:59 | 000,091,136 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/05/13 23:43:39 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/05/13 23:25:20 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2005/05/13 23:25:19 | 000,010,448 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\tempdiff.txt
[2005/05/13 23:25:19 | 000,010,011 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\ml1.srt
[2005/05/13 23:25:19 | 000,009,789 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\ml2.srt
[2005/05/13 23:25:18 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat.LOG
[2005/05/13 23:25:18 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2005/05/13 23:25:17 | 010,747,904 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\NTUSER.DAT
[2005/05/13 23:24:27 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2005/05/13 23:24:27 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2004/10/22 06:16:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/22 02:09:10 | 000,013,948 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/22 02:08:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/22 01:57:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/22 01:38:10 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/10/22 01:38:10 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/10/22 01:38:10 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/10/22 01:38:10 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/10/22 01:38:10 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/10/22 01:38:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/10/22 01:18:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/10/22 01:05:35 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/10/22 00:28:28 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/22 00:28:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/22 00:27:01 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/22 00:13:11 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/21 23:48:55 | 000,000,572 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/09/14 02:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 06:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 06:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/02/26 02:18:04 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/04/11 02:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


< MD5 for: AGP440.SYS >
[2004/08/04 00:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/13 08:15:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/03 17:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/09/13 08:15:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 00:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/13 08:15:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/03 17:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/09/13 08:15:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 02:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 17:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 17:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 17:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:833F31B3
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9171F21
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >


Extras Report:

OTL Extras logfile created on: 4/9/2010 2:17:47 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 97.00 Mb Available Physical Memory | 19.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 26.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.77 Gb Total Space | 38.28 Gb Free Space | 26.62% Space Free | Partition Type: NTFS
Drive D: | 5.26 Gb Total Space | 0.68 Gb Free Space | 13.02% Space Free | Partition Type: FAT32
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RED
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\7.0\ACDSee7.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Compaq_Owner\Desktop\incredimail_install.exe" = C:\Documents and Settings\Compaq_Owner\Desktop\incredimail_install.exe:*:Enabled:IncrediMail Installer -- File not found
"C:\Program Files\IncrediMail\bin\IMApp.exe" = C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\ICQLite\ICQLite.exe" = C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"C:\Program Files\IncrediMail\bin\ImLc.exe" = C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, Inc.)
"C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe" = C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\McAfee\MPF\MpfSrv.exe" = C:\Program Files\McAfee\MPF\MpfSrv.exe:*:Enabled:MPFSrv -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger -- File not found
"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Disabled:BackWeb for Presario -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- File not found
"C:\Documents and Settings\Compaq_Owner\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Compaq_Owner\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:LocalSubNet:Enabled:MSN Messenger 7.0 -- File not found
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:LocalSubNet:Enabled:MySpaceIM -- File not found
"C:\WINDOWS\LMI25E.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI25E.tmp\lmi_rescue.exe:*:Disabled:LogMeIn Rescue -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{18E0918E-1060-48f3-925C-56C82E88551B}" = HP PSC & OfficeJet 3.5
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{22988B2A-374A-4A7B-B795-A1AFF2046BE9}" = PhotoGallery
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2C6D03AC-02ED-4417-9F40-6A0CB55CEF2B}" = ACDSee Photo Editor
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{47C25360-AEBC-4B21-B233-87CE653B3369}" = AIOMinimal
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{4C58EC19-B0B5-4328-9FDC-134C21515F38}" = ACD FotoSlate 3.0
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{55DCBED7-5710-4939-A928-4CBD9AB09EBB}" = 1310_Help
"{5786D2C8-A4C4-4DDB-B671-8ED2A53310EC}" = 1310Tour
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{6304CCF6-3343-4DA5-96B6-84B3A644B93B}" = USB Driver for Panasonic DVC
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6864A62D-3EF3-415F-9922-240EED34B4C0}" = Fax
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{760B29F2-8663-419B-A025-5A55066E130B}" = Ulead Photo Express 6

"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B6FC947-8168-4086-915B-F71392823473}" = Paint.NET v2.63
"{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87}" = Microsoft Location Finder
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{99D48FBB-2DEF-49A9-BCC9-C5AF63DD2643}" = AiOSoftware
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEC20FEC-47D8-4DEA-85D7-0B7E5D905D11}" = AiO_Scan
"{AEEB3643-71DE-414d-9E3F-1159177FE211}" = Office Animation Runtime
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{C531F248-1EC0-4C5D-A32C-A16672929B42}" = ACD Media Support Package 1.0
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E443F067-3345-482C-BD7A-12675A53D292}" = Readme
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{ECE0113B-23D0-4DD8-89E6-D2F026CABF03}" = ACDSee 7.0
"{F730A60D-F6DA-4653-9C6E-548F7A3A5EE0}" = 1310Trb
"{F9B0968A-810E-484C-B81D-7F19DC2CBBF5}" = 1310
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Audio Conversion Studio_is1" = Audio Conversion Studio
"Austin Powers Pinball_is1" = Austin Powers Pinball
"Browser Defender_is1" = Browser Defender 2.0.6.11
"CCleaner" = CCleaner
"Chuzzle Deluxe 1.0" = Chuzzle Deluxe 1.0
"CobBackup8" = Cobian Backup 8
"Cubis Gold 2" = Cubis Gold 2
"EfntSSDSL" = Efficient Networks SpeedStream DSL
"ESET Online Scanner" = ESET Online Scanner v3
"getPlus®_ocx" = getPlus®_ocx
"G-Force" = G-Force
"Help and Support Additions" = Help and Support Additions
"HP Photo & Imaging" = HP Image Zone 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IncrediMail" = IncrediMail
"InstallShield_{6304CCF6-3343-4DA5-96B6-84B3A644B93B}" = USB Driver for Panasonic DVC
"JRE 1.3.1_02" = Java 2 Runtime Environment Standard Edition v1.3.1_02
"kSolo" = kSolo Recorder
"LimeWire" = LimeWire 4.10.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixPad" = MixPad
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"QBeez™ 2" = QBeez™ 2
"RealPlayer 12.0" = RealPlayer
"Security Task Manager" = Security Task Manager 1.7h
"Speed Racer - The Great Plan" = Speed Racer - The Great Plan
"Spyware Doctor" = Spyware Doctor 7.0
"Switch" = Switch
"The Lost City of Gold" = The Lost City of Gold (remove only)
"ToolbarICQToolbar.ICQToolbarObjectIEToolbar" = ICQ Toolbar
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Windows Live Safety Scanner" = Windows Live Safety Scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordWeb" = WordWeb Pro
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xara3D3" = Xara3D3
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/8/2010 6:58:08 PM | Computer Name = RED | Source = Google Update | ID = 20
Description =

Error - 4/8/2010 7:58:17 PM | Computer Name = RED | Source = Google Update | ID = 20
Description =

Error - 4/9/2010 3:01:13 AM | Computer Name = RED | Source = MsiInstaller | ID = 11402
Description = Product: Microsoft Office Word Viewer 2003 -- Error 1402. Setup cannot
open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS.
Verify that you have sufficient permissions to access the registry or contact
Microsoft Product Support Services (PSS) for assistance. For information about
how to contact PSS, see .

Error - 4/9/2010 3:01:15 AM | Computer Name = RED | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Word Viewer 2003 - Update 'Security Update
for Office 2003 (KB972580): GDIPLUS' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 4/9/2010 3:01:32 AM | Computer Name = RED | Source = MsiInstaller | ID = 11402
Description = Product: Microsoft Office Word Viewer 2003 -- Error 1402. Setup cannot
open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS.
Verify that you have sufficient permissions to access the registry or contact
Microsoft Product Support Services (PSS) for assistance. For information about
how to contact PSS, see .

Error - 4/9/2010 3:01:34 AM | Computer Name = RED | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Word Viewer 2003 - Update 'Security Update
for Word Viewer 2003 (KB973866): WORDVIEW' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 4/9/2010 3:01:46 AM | Computer Name = RED | Source = MsiInstaller | ID = 11402
Description = Product: Microsoft Office Word Viewer 2003 -- Error 1402. Setup cannot
open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS.
Verify that you have sufficient permissions to access the registry or contact
Microsoft Product Support Services (PSS) for assistance. For information about
how to contact PSS, see .

Error - 4/9/2010 3:01:48 AM | Computer Name = RED | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Word Viewer 2003 - Update 'Update for Office
2003 (KB978558): WORDVIEW' could not be installed. Error code 1603. Windows Installer
can create logs to help troubleshoot issues with installing software packages.
Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 4/9/2010 12:38:57 PM | Computer Name = RED | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17023, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/9/2010 1:07:37 PM | Computer Name = RED | Source = Application Hang | ID = 1001
Description = Fault bucket 1780371397.

[ System Events ]
Error - 4/7/2010 3:02:36 AM | Computer Name = RED | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for PowerPoint Viewer 2003 (KB969615).

Error - 4/8/2010 3:01:28 AM | Computer Name = RED | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office 2003 (KB972580).

Error - 4/8/2010 3:01:43 AM | Computer Name = RED | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Word Viewer 2003 (KB973866).

Error - 4/8/2010 3:02:00 AM | Computer Name = RED | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Word Viewer 2003 (KB978558).

Error - 4/8/2010 3:02:58 AM | Computer Name = RED | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for PowerPoint Viewer 2003 (KB969615).

Error - 4/8/2010 7:54:31 PM | Computer Name = RED | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/9/2010 3:01:21 AM | Computer Name = RED | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office 2003 (KB972580).

Error - 4/9/2010 3:01:39 AM | Computer Name = RED | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Word Viewer 2003 (KB973866).

Error - 4/9/2010 3:02:49 AM | Computer Name = RED | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Word Viewer 2003 (KB978558).

Error - 4/9/2010 3:02:49 AM | Computer Name = RED | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070005: Security Update for PowerPoint Viewer 2003 (KB969615).


< End of report >

I'd give my right arm to be ambidextrous.

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:27 PM

Posted 09 April 2010 - 02:12 PM

Your welcome and thanks for you sig, I had a good laugh at that laugh.gif

You still have some leftovers from an incomplete uninstallation of Norton security products on your computer.
To remove the leftovers please download and run the Norton Removal Tool.

Note: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer.
If you use ACT! or WinFAX, back up those databases before you proceed.




Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
    IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Value error. File not found
    FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
    FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
    FF - prefs.js..browser.search.order.1: "Fast Browser Search"
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Value error. File not found
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Value error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Value error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - Reg Error: Value error. File not found
    O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
    O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
    O32 - AutoRun File - [2004/04/30 22:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
    [2009/08/19 17:07:40 | 000,017,395 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\uqopily.dat
    [2009/08/19 17:07:40 | 000,016,853 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\guqejemir._sy
    [2009/08/19 17:07:40 | 000,016,685 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\iqovuxi.ban
    [2009/08/19 17:07:40 | 000,016,408 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ixajar._dl
    [2009/08/19 17:07:40 | 000,013,848 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\rugobety.bin
    [2009/08/19 17:07:40 | 000,011,967 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\zicemova.dat
    [2009/08/19 10:48:13 | 000,016,695 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\iduwucog.bat
    [2009/08/19 10:48:13 | 000,015,028 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\erumyjun.db
    [2009/08/19 10:48:12 | 000,016,760 | ---- | C] () -- C:\WINDOWS\ilekaso.sys
    [2009/08/19 10:48:12 | 000,014,354 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\asaqajafyv.lib
    @Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:833F31B3
    @Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9171F21
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\msnmsgr.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Documents and Settings\Compaq_Owner\Desktop\incredimail_install.exe"=-
    "C:\Program Files\ICQLite\ICQLite.exe"=-
    "C:\Program Files\Yahoo!\Messenger\YPager.exe"=-
    "C:\Program Files\Yahoo!\Messenger\YServer.exe"=-
    "C:\Program Files\McAfee\MPF\MpfSrv.exe"=-
    "C:\Program Files\AIM\aim.exe"=-
    "C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe"=-
    "C:\Program Files\Mozilla Firefox\firefox.exe"=-
    "C:\Program Files\MSN Messenger\msnmsgr.exe"=-
    "C:\Program Files\MySpace\IM\MySpaceIM.exe"=-
    "C:\WINDOWS\LMI25E.tmp\lmi_rescue.exe"=-
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.



Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box
    "%userprofile%\desktop\mbr.exe" -t

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe
  • Copy and paste the contents of mbr.log on your next reply.



Please click this link-->Virustotal
When the Virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\ua2.dll

Please post back with the link to the scan results, in your next post.
If Virustotal is busy, try the same at Jotti: http://virusscan.jotti.org/


Then please post back here with the following logs:
  • OTL results
  • New OTL log
  • mbr.log
  • Virustotal link

Thanks

unite.jpg


#5 redsteroo

redsteroo
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Charles Town, WV
  • Local time:12:27 PM

Posted 09 April 2010 - 05:04 PM

Glad you liked the sig. Made me laugh, too. laugh.gif

Getting started on all of your instructions but I should have known with my luck that I'd run into a snag right off the bat.

When I ran the Norton Removal tool, it did something but then it popped up an error message and said that there was still some instance of it running "somewhere" and that I needed to close it and then run the tool again. I have no idea where or what it is that is running so I can't close it??? wacko.gif

Do you want me to just go ahead with all of the other stuff or what next? Sorry. *grrrrrrrrrr*

Edited by redsteroo, 09 April 2010 - 05:06 PM.

I'd give my right arm to be ambidextrous.

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:27 PM

Posted 09 April 2010 - 05:18 PM

Yea just go ahead with the rest of the instructions for now, I don't see it running I only saw a few leftovers we I can script out later on if we need to.

unite.jpg


#7 redsteroo

redsteroo
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Charles Town, WV
  • Local time:12:27 PM

Posted 09 April 2010 - 05:24 PM

It's working now. I'll post everything as soon as I can. Gotta go between the computer and my wild Indian boys who are outside. LOL

Sorry about the extra posts. I don't know how I managed to do that but I didn't mean to. LOL



Mod edit:Removed extra posts ~~boopme

Edited by boopme, 10 April 2010 - 07:29 PM.

I'd give my right arm to be ambidextrous.

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:27 PM

Posted 09 April 2010 - 05:32 PM

Haha, no worries. it will be tomorrow when I get back to you because im off to sleep soon. Don't worry about the extra post, BC seems to be lagging a bit at the moment so im guessing you may have pressed the button again thinking it hadn't work but it doesn't matter anyway.

unite.jpg


#9 redsteroo

redsteroo
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Charles Town, WV
  • Local time:12:27 PM

Posted 09 April 2010 - 09:49 PM

Ah...that's right. You Brits are a few hours ahead of us critters across the great pond. LOL

Ok. Down to business.

OTL FIX results:
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Prev Search Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
Prefs.js: "Fast Browser Search" removed from browser.search.defaultenginename
Prefs.js: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=" removed from browser.search.defaulturl
Prefs.js: "Fast Browser Search" removed from browser.search.order.1
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
D:\Autorun.inf moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\uqopily.dat moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\guqejemir._sy moved successfully.
C:\Documents and Settings\All Users\Application Data\iqovuxi.ban moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ixajar._dl moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\rugobety.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\zicemova.dat moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\iduwucog.bat moved successfully.
C:\Documents and Settings\All Users\Application Data\erumyjun.db moved successfully.
C:\WINDOWS\ilekaso.sys moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\asaqajafyv.lib moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:833F31B3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A9171F21 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Compaq_Owner\Desktop\incredimail_install.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ICQLite\ICQLite.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPager.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\McAfee\MPF\MpfSrv.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MySpace\IM\MySpaceIM.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\LMI25E.tmp\lmi_rescue.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 475 bytes

User: All Users

User: Compaq_Owner
->Temp folder emptied: 12162435 bytes
->Temporary Internet Files folder emptied: 36074505 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 33719780 bytes
->Flash cache emptied: 1137835 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 33678 bytes
->FireFox cache emptied: 21395351 bytes
->Flash cache emptied: 565 bytes

User: NetworkService
->Temp folder emptied: 29507447 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 1111 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2675729 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 63064 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23934974 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33180 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 153.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Compaq_Owner
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04092010_221746

Files\Folders moved on Reboot...
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\ZCJA1II4\opensearch_videos[1].xml moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\TVY4S44N\iframe[3].htm moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\AREWOV3S\opensearch_images[1].xml moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7X39LVEV\favicon[2].ico moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7X39LVEV\opensearch_people[1].xml moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7X39LVEV\topic307229[1].htm moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFA2VJEK\AAAAAAAAAADypYEidI0AAAAAAIAAAAAAADgcaUAAAAAAAAAAAAAAAAAfAOJ0jQAAAA%3D%2C%2Chttp%253A%252F%252Fchinaontv.com%252Fvideos%252F5084[1].php%2C%7C307898%7C25;sz=728x90;ord=1265505619 not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Temporary Internet Files\Content.IE5\3W6AW9TS\AAAAAAAAAADypYEOZIxAAAAAAIAAAAAAADgcaUAAAAAAAAAAAAAAAAAfAM5kjEAAAA%3D%2C%2Chttp%253A%252F%252Fchinaontv.com%252Fvideos%252F5084[1].php%2C%7C307898%7C25;sz=728x90;ord=1265505616 not found!

Registry entries deleted on Reboot...

Second OTL Scan withOUT bold text:

OTL logfile created on: 4/9/2010 10:25:52 PM - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 265.00 Mb Available Physical Memory | 53.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.77 Gb Total Space | 38.42 Gb Free Space | 26.73% Space Free | Partition Type: NTFS
Drive D: | 5.26 Gb Total Space | 0.68 Gb Free Space | 13.02% Space Free | Partition Type: FAT32
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RED
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/09 14:16:47 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/27 12:37:12 | 000,499,200 | ---- | M] (Luis Cobian) -- C:\Program Files\Cobian Backup 8\cbService.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\hpzipm12.exe
PRC - [2005/04/06 18:57:12 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/01/12 14:54:56 | 000,135,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe


========== Modules (SafeList) ==========

MOD - [2010/04/09 14:16:47 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MDM)
SRV - [2010/02/02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2007/09/27 12:37:12 | 000,499,200 | ---- | M] (Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 8\cbService.exe -- (CobBMService)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/02/02 10:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/02/02 10:13:54 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/02/02 10:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/08/19 11:02:22 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 14:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 14:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/08/21 20:25:39 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/04/15 18:05:42 | 002,564,032 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/03/04 12:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/09/30 01:55:50 | 000,229,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/09/24 13:38:40 | 000,012,928 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/08/04 02:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/09/11 03:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/07/18 19:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 14:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/04 20:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/08/23 10:31:36 | 000,026,381 | ---- | M] (Efficient Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enethusb.sys -- (ENETHUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...age={startPage}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.myspace.com/redfox25430"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/07 05:59:32 | 000,000,000 | ---D | M]

[2009/08/19 19:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2010/03/27 07:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\wqh7e3mn.default\extensions
[2009/11/22 09:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\wqh7e3mn.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}-trash
[2009/09/02 09:45:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\wqh7e3mn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/23 22:41:18 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\wqh7e3mn.default\searchplugins\icqplugin.xml
[2008/12/12 14:23:54 | 000,002,158 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\wqh7e3mn.default\searchplugins\MySpace.xml
[2008/08/09 16:22:17 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\wqh7e3mn.default\searchplugins\MyStart Search.xml
[2009/08/19 19:49:24 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\wqh7e3mn.default\searchplugins\siteadvisor.xml
[2009/11/21 10:00:39 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\wqh7e3mn.default\searchplugins\sweetim.xml
[2010/03/27 07:23:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/10/26 11:42:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\realplayer@partners.mozilla.com
[2009/10/03 02:29:17 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/10/03 02:29:18 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

O1 HOSTS File: ([2004/08/04 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Cobian Backup 8 interface] C:\Program Files\Cobian Backup 8\cbInterface.exe (Luis Cobian)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Compaq_Owner\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O8 - Extra context menu item: &WordWeb... - C:\WINDOWS\wweb32.dll (Antony Lewis)
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...swflash5r42.cab (Shockwave Flash Object)
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} http://apps.corel.com/nos_dl_manager/plugi...NetOpPlugin.ocx (Get_ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/22 00:07:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/09 22:17:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/09 17:55:44 | 000,854,064 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Compaq_Owner\Desktop\Norton_Removal_Tool.exe
[2010/04/09 14:16:43 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/04/03 21:33:20 | 000,000,000 | ---D | C] -- C:\backup
[2010/04/03 21:31:25 | 000,000,000 | ---D | C] -- C:\New Folder (2)
[2010/04/03 21:30:59 | 000,000,000 | ---D | C] -- C:\New Folder
[2010/04/03 14:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 8
[2010/04/03 14:14:38 | 008,499,200 | ---- | C] (Luis Cobian) -- C:\Documents and Settings\Compaq_Owner\Desktop\cbSetup8.exe
[2010/04/03 13:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\TcpView
[2010/04/03 13:42:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/04/02 13:05:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix
[2010/03/31 23:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/03/30 14:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\ProcessExplorer
[2010/03/30 04:46:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/03/30 04:24:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 04:24:53 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/30 04:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/30 04:04:38 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Owner\Desktop\mbam-setup-1.45.exe
[2010/03/30 04:02:33 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Compaq_Owner\Desktop\ATF-Cleaner.exe
[2010/03/27 12:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Autoruns
[2010/03/24 22:50:08 | 000,059,664 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2010/03/24 22:50:08 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2010/03/24 22:50:08 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2010/03/24 21:35:27 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/03/24 21:35:26 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/03/24 21:35:26 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/03/24 21:30:19 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/03/24 21:29:53 | 000,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/03/24 21:29:53 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/03/24 21:29:10 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/03/24 21:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/03/24 21:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/03/23 10:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Threat Expert
[2010/03/15 03:32:14 | 034,870,008 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Compaq_Owner\Desktop\sdasetup_aff.exe
[2010/03/14 22:45:57 | 004,004,912 | ---- | C] (Uniblue Systems Ltd ) -- C:\Documents and Settings\Compaq_Owner\Desktop\registrybooster.exe
[2010/03/01 12:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/03/01 12:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/02/13 16:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2010/02/06 15:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/06 15:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/06 15:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/07/22 03:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/07/01 08:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/06/08 23:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/04/16 22:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/06/15 08:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2008/06/15 08:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008/06/15 08:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
[2008/06/15 08:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\ICQ Toolbar
[2007/01/07 22:33:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/11/09 21:26:06 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/06/29 19:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2005/06/28 12:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec

========== Files - Modified Within 30 Days ==========

[2010/04/09 22:20:23 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/04/09 22:19:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/09 22:19:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/09 22:19:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/09 22:19:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/09 22:19:25 | 527,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/09 22:18:41 | 010,747,904 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\NTUSER.DAT
[2010/04/09 22:18:41 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2010/04/09 21:58:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/09 17:55:47 | 000,854,064 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Compaq_Owner\Desktop\Norton_Removal_Tool.exe
[2010/04/09 17:53:44 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\mbr.exe
[2010/04/09 14:16:47 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/04/05 23:30:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/05 13:44:06 | 000,047,289 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\LabelDesign1.jpg
[2010/04/04 00:48:08 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
[2010/04/04 00:46:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\defogger_reenable
[2010/04/04 00:45:24 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Defogger.exe
[2010/04/03 14:14:39 | 008,499,200 | ---- | M] (Luis Cobian) -- C:\Documents and Settings\Compaq_Owner\Desktop\cbSetup8.exe
[2010/04/03 13:42:24 | 000,000,435 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/03 10:31:47 | 000,000,544 | ---- | M] () -- C:\WINDOWS\_delis32.ini
[2010/04/02 13:22:59 | 000,037,925 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcts3.htm
[2010/04/02 13:22:18 | 000,035,895 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcts2.htm
[2010/04/02 13:22:03 | 000,035,895 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcts1.htm
[2010/04/02 13:07:06 | 000,001,504 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/04/02 13:05:27 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix.exe
[2010/04/01 15:05:44 | 000,029,950 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcguardresults3.htm
[2010/04/01 15:05:32 | 000,029,950 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcguardresults2.htm
[2010/04/01 15:04:43 | 000,029,950 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcguardresults1.htm
[2010/04/01 15:01:46 | 000,029,950 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcguardresults.htm
[2010/04/01 02:06:49 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\je6k0hji.exe
[2010/03/30 14:17:38 | 000,212,862 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\TcpView.zip
[2010/03/30 14:17:27 | 001,748,234 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ProcessExplorer.zip
[2010/03/30 04:47:15 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/30 04:25:00 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/30 04:09:21 | 010,517,102 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SAS_599B90D9.COM
[2010/03/30 04:07:01 | 007,976,992 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SUPERAntiSpyware.exe
[2010/03/30 04:04:39 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Owner\Desktop\mbam-setup-1.45.exe
[2010/03/30 04:02:34 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Compaq_Owner\Desktop\ATF-Cleaner.exe
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/27 12:01:02 | 000,595,499 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Autoruns.zip
[2010/03/24 21:29:22 | 000,001,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/03/20 13:29:24 | 000,000,859 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/20 13:21:40 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2010/03/19 00:36:27 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\magicJack.lnk
[2010/03/16 12:42:19 | 000,079,472 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/15 03:33:45 | 034,870,008 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Compaq_Owner\Desktop\sdasetup_aff.exe
[2010/03/14 23:31:36 | 000,445,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 23:31:35 | 000,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 23:31:35 | 000,072,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 23:28:18 | 000,289,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/14 22:53:47 | 000,000,757 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2010/03/14 22:46:10 | 004,004,912 | ---- | M] (Uniblue Systems Ltd ) -- C:\Documents and Settings\Compaq_Owner\Desktop\registrybooster.exe
[2010/03/11 08:38:54 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/03/11 08:38:54 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/03/11 08:38:54 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2010/03/11 08:38:53 | 003,599,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/03/11 08:38:53 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/03/11 08:38:53 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/03/11 08:38:53 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/03/11 08:38:53 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/03/11 08:38:53 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/03/11 08:38:53 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2010/03/11 08:38:53 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2010/03/11 08:38:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2010/03/11 08:38:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010/03/11 08:38:53 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/03/11 08:38:53 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/03/11 08:38:53 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/03/11 08:38:53 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2010/03/11 08:38:53 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010/03/11 08:38:52 | 006,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/03/11 08:38:52 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/03/11 08:38:52 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/03/11 08:38:52 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/03/11 08:38:52 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/03/11 08:38:52 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/03/11 08:38:52 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/03/11 08:38:52 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/03/11 08:38:52 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2010/03/11 08:38:52 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2010/03/11 08:38:52 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/03/11 08:38:52 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/03/11 08:38:51 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/03/11 08:38:51 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/03/11 08:38:51 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2010/03/11 08:38:51 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/03/11 08:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2010/03/11 08:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010/03/11 08:38:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2010/03/11 08:38:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2010/03/11 08:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2010/03/11 08:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010/03/11 08:38:51 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2010/03/11 08:38:51 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2010/03/11 08:38:51 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2010/03/11 08:38:51 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010/03/11 08:38:51 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/03/11 08:38:51 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2010/03/11 08:38:51 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2010/03/11 04:03:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2010/04/09 17:53:44 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\mbr.exe
[2010/04/05 13:44:06 | 000,047,289 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\LabelDesign1.jpg
[2010/04/04 00:48:08 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
[2010/04/04 00:46:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\defogger_reenable
[2010/04/04 00:45:24 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Defogger.exe
[2010/04/02 13:22:59 | 000,037,925 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcts3.htm
[2010/04/02 13:22:18 | 000,035,895 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcts2.htm
[2010/04/02 13:22:03 | 000,035,895 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcts1.htm
[2010/04/02 13:07:04 | 000,001,504 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/04/02 13:05:19 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix.exe
[2010/04/01 15:05:44 | 000,029,950 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcguardresults3.htm
[2010/04/01 15:05:32 | 000,029,950 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcguardresults2.htm
[2010/04/01 15:04:43 | 000,029,950 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcguardresults1.htm
[2010/04/01 15:01:46 | 000,029,950 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\pcguardresults.htm
[2010/04/01 02:06:46 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\je6k0hji.exe
[2010/03/30 14:17:37 | 000,212,862 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\TcpView.zip
[2010/03/30 14:17:15 | 001,748,234 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ProcessExplorer.zip
[2010/03/30 09:13:35 | 527,814,656 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/30 04:47:15 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/30 04:25:00 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/30 04:09:21 | 010,517,102 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SAS_599B90D9.COM
[2010/03/30 04:06:51 | 007,976,992 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SUPERAntiSpyware.exe
[2010/03/27 12:00:57 | 000,595,499 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Autoruns.zip
[2010/03/24 21:35:27 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/03/24 21:35:27 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/03/24 21:35:27 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/03/24 21:35:27 | 000,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/03/24 21:35:27 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/03/24 21:30:19 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/03/24 21:29:53 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/03/24 21:29:53 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/03/24 21:29:22 | 000,001,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/03/24 21:29:10 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/03/20 13:21:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/03/14 22:53:47 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2010/02/28 13:54:26 | 000,000,544 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/12/03 15:47:31 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/04/26 10:35:57 | 000,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2007/11/02 04:27:42 | 000,001,028 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\WavCodec.wff
[2006/12/14 01:27:30 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/09/05 10:31:03 | 000,000,903 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/06/20 13:35:20 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\DEFE13C748.sys
[2006/06/06 04:04:09 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/05/16 22:58:00 | 000,005,655 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/05/16 22:58:00 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/22 10:15:47 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/02/04 09:33:26 | 000,001,432 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2006/01/01 20:59:56 | 000,000,995 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/30 01:14:53 | 000,000,051 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/12/10 11:18:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/11/27 13:25:16 | 000,000,017 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2005/11/26 19:52:35 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Tasswin.INI
[2005/11/26 19:35:46 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\CETNUASM.DLL
[2005/11/09 22:38:24 | 000,000,077 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\FASTWiz.log
[2005/06/28 12:29:14 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\LuResult.txt
[2005/06/27 21:51:51 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\plugin131_02.trace
[2005/06/03 13:23:58 | 000,000,094 | -H-- | C] () -- C:\WINDOWS\System32\zbq_Q1swg.ini
[2005/05/23 19:52:19 | 000,000,909 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2005/05/18 16:28:57 | 000,000,719 | ---- | C] () -- C:\WINDOWS\XMLEditor3.INI
[2005/05/16 22:18:59 | 000,091,136 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/05/13 23:43:39 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/05/13 23:25:20 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2005/05/13 23:25:19 | 000,010,448 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\tempdiff.txt
[2005/05/13 23:25:19 | 000,010,011 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\ml1.srt
[2005/05/13 23:25:19 | 000,009,789 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\ml2.srt
[2005/05/13 23:25:18 | 000,294,912 | -H-- | C] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat.LOG
[2005/05/13 23:25:18 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2005/05/13 23:25:17 | 010,747,904 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\NTUSER.DAT
[2005/05/13 23:24:27 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2005/05/13 23:24:27 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2004/10/22 06:16:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/22 02:09:10 | 000,013,948 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/22 02:08:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/22 01:57:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/22 01:38:10 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/10/22 01:38:10 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/10/22 01:38:10 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/10/22 01:38:10 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/10/22 01:38:10 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/10/22 01:38:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/10/22 01:18:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/10/22 01:05:35 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/10/22 00:28:28 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/22 00:28:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/22 00:27:01 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/22 00:13:11 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/21 23:48:55 | 000,000,572 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/09/14 02:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 06:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 06:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/02/26 02:18:04 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/04/11 02:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

MBR RESULTS:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

Link to VirusTotal scan results for file requested:

http://www.virustotal.com/reanalisis.html?...4f9d-1270867214


weight_lift.gif



I'd give my right arm to be ambidextrous.

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:27 PM

Posted 10 April 2010 - 11:23 AM

Yep us Brits are always one step ahead of the yanks lol.

That's looking ok, can you tell me how the computer is running and if you are having any more problems?

The Virustotal link you posted is not working, can you either do that step again or just let me know if any of the scanners
detected it as malware, thanks.


Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 19 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u19-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push


Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • ESET report
  • New DDS log

Thanks

unite.jpg


#11 redsteroo

redsteroo
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Charles Town, WV
  • Local time:12:27 PM

Posted 11 April 2010 - 11:28 PM

Been busy over the weekend. Sorry for the delayed response.

No, the file I uploaded to Virus Total did not report it as malware. Before I came to BC, I had found Virus Total and was testing several files but since I'm not that knowledgeable about what to look for, I didn't find anything. *laughing at self*

I have been reading several of the tutorials here on BC and am trying to educate myself a little more so that I can not only better my prevention but also teach myself how to fix stuff when it goes wrong. This one was over my head though so that's how I ended up here begging for help. ohmy.gif)

I did download a program from sysinternals called TCPView because I wanted to see why I had so many svchosts.exe things open and try to figure out what ports were being used and so on. I am beginning to understand a little but still don't know precisely how to determine what I am looking at. I know the UDP is the receiving address and I was reading that higher number ports are not normal and to be suspicious of them.

I have not received any new viruses in the last week or so since BoopMe had me reset my router and do some other stuff but I still have these ports open that I am suspicious of and my computer is still using unusually high resources compared to what it was using before the initial virus.

Wondering if you can spot anything on this TCP stuff? I will follow your other instructions and get them posted Monday morning. Technically, it's already Monday morning but just barely over here in the US. LOL Thanks for your help and your patience. I will definitely be making a donation. icon_thumb.gif

alg.exe:548 TCP Red:1026 Red:0 LISTENING
iTunes.exe:3852 TCP Red:1061 localhost:5354 ESTABLISHED
iTunes.exe:3852 TCP Red:1062 localhost:5354 ESTABLISHED
iTunes.exe:3852 TCP Red:1058 localhost:5354 ESTABLISHED
iTunes.exe:3852 TCP Red:1063 localhost:5354 ESTABLISHED
iTunes.exe:3852 TCP Red:1059 localhost:5354 ESTABLISHED
iTunes.exe:3852 TCP Red:1060 localhost:5354 ESTABLISHED
iTunes.exe:3852 TCP Red:3689 Red:0 LISTENING
lsass.exe:644 UDP Red:isakmp *:*
lsass.exe:644 UDP Red:4500 *:*

mDNSResponder.exe:1280 TCP Red:5354 localhost:1061 ESTABLISHED
mDNSResponder.exe:1280 TCP Red:5354 localhost:1062 ESTABLISHED
mDNSResponder.exe:1280 TCP Red:5354 localhost:1058 ESTABLISHED
mDNSResponder.exe:1280 TCP Red:5354 localhost:1063 ESTABLISHED
mDNSResponder.exe:1280 TCP Red:5354 localhost:1059 ESTABLISHED
mDNSResponder.exe:1280 TCP Red:5354 localhost:1060 ESTABLISHED
mDNSResponder.exe:1280 TCP Red:5354 Red:0 LISTENING
mDNSResponder.exe:1280 UDP red.domain.invalid:5353 *:*
mDNSResponder.exe:1280 UDP Red:1025 *:*
mDNSResponder.exe:1280 UDP Red:64533 *:*
pctsSvc.exe:1472 TCP red.domain.invalid:1086 c6.59.85ae.static.theplanet.com:http CLOSE_WAIT
svchost.exe:1076 UDP red.domain.invalid:1900 *:*
svchost.exe:1076 UDP Red:1900 *:*
svchost.exe:876 TCP Red:epmap Red:0 LISTENING
svchost.exe:916 UDP red.domain.invalid:ntp *:*
svchost.exe:916 UDP Red:ntp *:*
System:4 TCP Red:microsoft-ds Red:0 LISTENING
System:4 TCP red.domain.invalid:netbios-ssn Red:0 LISTENING
System:4 UDP red.domain.invalid:netbios-dgm *:*
System:4 UDP red.domain.invalid:netbios-ns *:*
System:4 UDP Red:microsoft-ds *:*
I'd give my right arm to be ambidextrous.

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:27 PM

Posted 12 April 2010 - 12:42 PM

Hi redsteroo,

No problem about the delay, I don't expect people to reply rite away, I only put the 5 day notice their because usually if I
haven't had a response in that time it means the person has abandoned the topic.

It sounds like you have done a lot of reading, high numbered port could be a sign of something bad but they can also
be completely normal you really have to look at the whole picture, as far as I can tell your TCPView log looks fine.

If you want to do some more looking and reading then you may find this of interest smile.gif

unite.jpg


#13 redsteroo

redsteroo
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Charles Town, WV
  • Local time:12:27 PM

Posted 12 April 2010 - 01:10 PM

I will certainly read the link you provided for me! Thanks. I sincerely appreciate it. I honestly tried everything I could figure out before I came here for help. *laughing at self* I find myself not trusting a lot of these anti-virus programs now because they let a bunch of them through in the first place. I'll bet I have had 30-35 different infections since early February. Most of them trojans/keyloggers which really freaked me out since I do all my banking online as well as pay my bills.

I know one of the viruses seemed to come through an icq toolbar file according to this older ESET scan (but I haven't used ICQ in eons!) C:\Program Files\ICQToolbar\toolbaru.dll a variant of Win32/Adware.Softomate.AE application cleaned by deleting - quarantined

BoopMe told me to uninstall those toolbars because there were security issues with them. WELL....I tried to go to add/remove programs to uninstall them (there are 2 of them and I have no idea why) and when I click on "remove"....nothing happens. Just a quick flash and they stay right where they are. I don't know how to get rid of them. *grrrrrrrrrrrrrrrrrrrrr* Got any helpful hints for this? wacko.gif

Another place that a lot of the viruses seemed to be coming in was through Infection - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa, Notification Packages = %system%\newwin.tmp with a different file name being after the "system" part.

I haven't been using this machine much since having the infections because I don't trust it. I just have a bad feeling in my stomach that there is still something hiding somewhere. LOL I guess because when I look at my task manager, the processes running are using a lot more resources than they were before any of this started. I'm probably paranoid, at this point, but after all of these viruses and me not knowing how they were getting in.....can anybody blame me? crazy.gif

I just want to learn how to be positive that nobody else is in my system and how I can see if they are. I have been reading some of the tutorials and am beginning to get a grasp on it but I need to dig further.


Ok. New stuff you asked for.


ESET came back clean.

DDS Log

DDS (Ver_10-03-17.01) - NTFSx86
Run by Compaq_Owner at 7:08:20.93 on Mon 04/12/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.230 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Cobian Backup 8\cbService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.myspace.com
uSearch Page =
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=CATS2_Printer&application=303&prodOS=011&gwCountry=US&product_full_name=psc%201310%20series&modelID=Q5765A&PROD_SERIAL_ID=MY4B6CD10CO2
uSearchAssistant = hxxp://www.google.com
mSearchAssistant =
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [cdloader] "c:\documents and settings\compaq_owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Cobian Backup 8 interface] "c:\program files\cobian backup 8\cbInterface.exe" -service
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [RunNarrator] Narrator.exe
IE: &Add animation to IncrediMail Style Box
IE: &ICQ Toolbar Search - c:\program files\icqtoolbar\toolbaru.dll/SEARCH.HTML
IE: &Search
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\compaq_owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab
DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} - hxxp://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli puwareda.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-3-24 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-3-24 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-3-24 59664]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-3-24 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-3-24 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-3-24 365280]
S2 gupdate1c9bf064f310e36;Google Update Service (gupdate1c9bf064f310e36);c:\program files\google\update\GoogleUpdate.exe [2009-4-16 133104]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-3-24 70408]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-3-24 1141712]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-3-24 33552]
S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]

=============== Created Last 30 ================

2010-04-12 04:47:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-12 04:47:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-10 02:17:46 0 d-----w- C:\_OTL
2010-04-04 04:46:31 0 ------w- c:\documents and settings\compaq_owner\defogger_reenable
2010-04-04 01:33:20 0 d-----w- C:\backup
2010-04-04 01:31:25 0 d-----w- C:\New Folder (2)
2010-04-04 01:30:59 0 d-----w- C:\New Folder
2010-04-03 18:36:35 0 d-----w- c:\program files\Cobian Backup 8
2010-04-03 17:42:18 0 d--h--w- c:\windows\PIF
2010-04-02 17:07:04 1504 ------w- c:\windows\system32\tmp.reg
2010-04-01 18:34:09 4194330 ----a-w- c:\windows\pfirewall.log.old
2010-04-01 03:27:13 0 d-----w- c:\program files\ESET
2010-03-30 08:46:23 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-03-30 08:24:56 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 08:24:53 20824 ------w- c:\windows\system32\drivers\mbam.sys
2010-03-30 08:24:53 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-25 02:50:08 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-03-25 02:50:08 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-03-25 02:50:08 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-03-25 01:35:27 882 ------w- c:\windows\RegSDImport.xml
2010-03-25 01:35:27 880 ------w- c:\windows\RegISSImport.xml
2010-03-25 01:35:27 767952 ------w- c:\windows\BDTSupport.dll
2010-03-25 01:35:27 149456 ------w- c:\windows\SGDetectionTool.dll
2010-03-25 01:35:27 131 ------w- c:\windows\IDB.zip
2010-03-25 01:35:27 1152444 ------w- c:\windows\UDB.zip
2010-03-25 01:35:26 165840 ------w- c:\windows\PCTBDRes.dll
2010-03-25 01:35:26 1640400 ------w- c:\windows\PCTBDCore.dll
2010-03-25 01:30:19 7387 ------w- c:\windows\system32\drivers\pctgntdi.cat
2010-03-25 01:30:19 233136 ------w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-25 01:29:53 87784 ------w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-25 01:29:53 7412 ------w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-03-25 01:29:53 7383 ------w- c:\windows\system32\drivers\pctcore.cat
2010-03-25 01:29:53 207280 ------w- c:\windows\system32\drivers\PCTCore.sys
2010-03-25 01:29:10 7383 ------w- c:\windows\system32\drivers\pctplsg.cat
2010-03-25 01:29:10 70408 ------w- c:\windows\system32\drivers\pctplsg.sys
2010-03-25 01:28:54 0 d-----w- c:\program files\common files\PC Tools
2010-03-25 01:28:53 0 d-----w- c:\program files\Spyware Doctor
2010-03-20 17:21:40 2 ------w- c:\windows\msoffice.ini

==================== Find3M ====================

2010-03-11 12:38:54 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ------w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ------w- c:\windows\system32\corpol.dll
2010-03-02 20:02:59 1432 ------w- c:\docume~1\compaq~1\applic~1\wklnhst.dat
2010-02-13 21:14:05 77312 ------w- c:\windows\ua2.dll
2006-09-11 18:27:27 88 --sh--r- c:\windows\system32\DEFE13C748.sys
2006-09-11 18:27:30 3766 --sh--w- c:\windows\system32\KGyGaAvL.sys
2008-09-13 21:01:02 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091320080914\index.dat

============= FINISH: 7:08:49.90 ===============


I'd give my right arm to be ambidextrous.

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:27 PM

Posted 12 April 2010 - 02:05 PM

You need to try and be more careful what sites you visit and what you allow to install especially since you do banking
on your machine. I know it is sometimes easier said than done, I myself have found myself on some rather suspicious
site. Unfortunately with the amount of malware that is being produced on a daily basis it is impossible for security
software to catch everything, hopefully my final prevention tips will help you with this smile.gif

I know you mentioned about your svchosts earlier and I forgot to mention about this, I think this is a very common
question, why so many of them, but this is completely normal, at the time of writing this I have 7 (more than you tongue.gif ) of
them in TaskManger. It is basically a process that has other processes running under it, if you are interested to see what
exactly is running under it, you could use this program to see, this is a little more in depth than TM and you can actually
use it to replace TM wink.gif

If your that interested about all this and want to know what is going on in your machine maybe you should consider join
the malware removal training, although it does take a lot of time and effort to get through it all, it sounds like you would
enjoy it if you have the time to spare.

QUOTE
I don't know how to get rid of them. *grrrrrrrrrrrrrrrrrrrrr* Got any helpful hints for this?


You should find that this program will do the job smile.gif


I thought I was going to be able to send you on your way but unfortunately I still see an infection lurking their and a few bit
we can clean up, strange that it didn't show under OTL, anyway lets get that removed.



You still have some leftovers from an incomplete uninstallation of Norton security products on your computer.
To remove the leftovers please download and run the Norton Removal Tool.

Note: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer.
If you use ACT! or WinFAX, back up those databases before you proceed.




We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the icon on your desktop.
  • Paste the following code under the area. Do not include the word "Code".
    CODE
    :Reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
    "{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars]
    "{4528BBE0-4E08-11D5-AD55-00010333D0AD}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    "{4528BBE0-4E08-11D5-AD55-00010333D0AD}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}]
    :Commands
    [Purity]
    [EmptyTemp]
  • Push the large button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Then please post back here with the following logs:
  • OTM results
  • New DDS log

Thanks

unite.jpg


#15 redsteroo

redsteroo
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Charles Town, WV
  • Local time:12:27 PM

Posted 14 April 2010 - 10:35 PM

Ok. FINALLY! *laughing* Ran the Norton removal tool and it said all files had been removed. I don't know why it didn't get them all the first time. I'm thinking it crashed during the process or something. Anyway, let's hope it shows them gone now!

I had read a couple of months ago about the svchost processes and that it was normal for a few instances of them to be running at one time. It's figuring out which ones are good and which ones are not that is still a little perplexing for me. I had already downloaded Process Explorer and run it a few weeks back but I couldn't determine exactly what I was looking at. It didn't all look legitimate to me but eventually I will get it figured out. I don't have all of the time that I would like to research all of this stuff so it might take me a while but step by step.....I'll reach the goal. ohmy.gif)

I still can't understand why my computer is using so many resources compared to before the virus problem. Sometimes, it is slower than a turtle and practically freezes. I can hear the hard drive grinding away when I don't even have any applications open. I was using the Uniblue registry booster program and it kept coming up with new registry errors and then supposedly fixing them and yadda, yadda.....but BoopMe said it would probably be best to get rid of that one as it wasn't that helpful and could cause problems. I haven't deleted it yet but will as soon as we get this other stuff resolved.

Now....OTM RESULTS:

All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Compaq_Owner
->Temp folder emptied: 36873516 bytes
->Temporary Internet Files folder emptied: 99561663 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 849 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66083 bytes
->Temporary Internet Files folder emptied: 33666 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 93847 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 19461104 bytes

Total Files Cleaned = 149.00 mb


OTM by OldTimer - Version 3.1.10.1 log created on 04142010_231031

Files moved on Reboot...
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\TY42RFQK\opensearch_videos[1].xml moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\MFSYU17R\iframe[1].htm moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\MFSYU17R\opensearch_images[1].xml moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\2OVELGHV\favicon[3].ico moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\2OVELGHV\opensearch_people[1].xml moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\2OVELGHV\topic307229[1].htm moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_500.dat moved successfully.

Registry entries deleted on Reboot...

**********************************************************************

New DDS log

DDS (Ver_10-03-17.01) - NTFSx86
Run by Compaq_Owner at 23:27:07.32 on Wed 04/14/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.258 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Cobian Backup 8\cbService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\notepad.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.myspace.com
uSearch Page =
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=CATS2_Printer&application=303&prodOS=011&gwCountry=US&product_full_name=psc%201310%20series&modelID=Q5765A&PROD_SERIAL_ID=MY4B6CD10CO2
uSearchAssistant = hxxp://www.google.com
mSearchAssistant =
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [cdloader] "c:\documents and settings\compaq_owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Cobian Backup 8 interface] "c:\program files\cobian backup 8\cbInterface.exe" -service
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRunOnce: [RunNarrator] Narrator.exe
IE: &Add animation to IncrediMail Style Box
IE: &ICQ Toolbar Search - c:\program files\icqtoolbar\toolbaru.dll/SEARCH.HTML
IE: &Search
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\compaq_owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab
DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} - hxxp://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-3-24 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-3-24 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-3-24 59664]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-3-24 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-3-24 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-3-24 365280]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-3-24 1141712]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-3-24 70408]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-3-24 33552]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S2 gupdate1c9bf064f310e36;Google Update Service (gupdate1c9bf064f310e36);c:\program files\google\update\GoogleUpdate.exe [2009-4-16 133104]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

=============== Created Last 30 ================

2010-04-15 03:10:31 0 d-----w- C:\_OTM
2010-04-12 04:47:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-12 04:47:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-10 02:17:46 0 d-----w- C:\_OTL
2010-04-04 04:46:31 0 ------w- c:\documents and settings\compaq_owner\defogger_reenable
2010-04-04 01:33:20 0 d-----w- C:\backup
2010-04-04 01:31:25 0 d-----w- C:\New Folder (2)
2010-04-04 01:30:59 0 d-----w- C:\New Folder
2010-04-03 18:36:35 0 d-----w- c:\program files\Cobian Backup 8
2010-04-03 17:42:18 0 d--h--w- c:\windows\PIF
2010-04-02 17:07:04 1504 ------w- c:\windows\system32\tmp.reg
2010-04-01 18:34:09 4194330 ----a-w- c:\windows\pfirewall.log.old
2010-04-01 03:27:13 0 d-----w- c:\program files\ESET
2010-03-30 08:46:23 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-03-30 08:24:56 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 08:24:53 20824 ------w- c:\windows\system32\drivers\mbam.sys
2010-03-30 08:24:53 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-25 02:50:08 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-03-25 02:50:08 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-03-25 02:50:08 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-03-25 01:35:27 882 ------w- c:\windows\RegSDImport.xml
2010-03-25 01:35:27 880 ------w- c:\windows\RegISSImport.xml
2010-03-25 01:35:27 767952 ------w- c:\windows\BDTSupport.dll
2010-03-25 01:35:27 149456 ------w- c:\windows\SGDetectionTool.dll
2010-03-25 01:35:27 131 ------w- c:\windows\IDB.zip
2010-03-25 01:35:27 1152444 ------w- c:\windows\UDB.zip
2010-03-25 01:35:26 165840 ------w- c:\windows\PCTBDRes.dll
2010-03-25 01:35:26 1640400 ------w- c:\windows\PCTBDCore.dll
2010-03-25 01:30:19 7387 ------w- c:\windows\system32\drivers\pctgntdi.cat
2010-03-25 01:30:19 233136 ------w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-25 01:29:53 87784 ------w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-25 01:29:53 7412 ------w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-03-25 01:29:53 7383 ------w- c:\windows\system32\drivers\pctcore.cat
2010-03-25 01:29:53 207280 ------w- c:\windows\system32\drivers\PCTCore.sys
2010-03-25 01:29:10 7383 ------w- c:\windows\system32\drivers\pctplsg.cat
2010-03-25 01:29:10 70408 ------w- c:\windows\system32\drivers\pctplsg.sys
2010-03-25 01:28:54 0 d-----w- c:\program files\common files\PC Tools
2010-03-25 01:28:53 0 d-----w- c:\program files\Spyware Doctor
2010-03-20 17:21:40 2 ------w- c:\windows\msoffice.ini

==================== Find3M ====================

2010-03-11 12:38:54 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ------w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ------w- c:\windows\system32\corpol.dll
2010-03-02 20:02:59 1432 ------w- c:\docume~1\compaq~1\applic~1\wklnhst.dat
2010-02-13 21:14:05 77312 ------w- c:\windows\ua2.dll
2006-09-11 18:27:27 88 --sh--r- c:\windows\system32\DEFE13C748.sys
2006-09-11 18:27:30 3766 --sh--w- c:\windows\system32\KGyGaAvL.sys
2008-09-13 21:01:02 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091320080914\index.dat

============= FINISH: 23:29:51.59 ===============

***********************************************************************************

Ta-DAH!!! dance.gif


I'd give my right arm to be ambidextrous.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users