Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

'the connection has timed out'


  • This topic is locked This topic is locked
20 replies to this topic

#1 vmusher

vmusher

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 17 November 2010 - 03:01 AM

Hi. Each time I use a search engine I am redirected to an alternative website or the page loads as 'the connection has timed out'. The only way to bring up the correct page is by accessing the web address from the drop down menu. The computer is slower than usual and tabs close without warning. Also I have an anti-virus application named 'Internet Security Suit', which I'm worried might be a virus itself. It has annoying anti-virus warnings and that pop up on the screen and I am unable to uninstall it.

I scanned the system using Malwarebytes, which detected some infected objects. They were removed but I am still having problems.

Any help would be much appreciated. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:49 AM, on 11/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
C:\Flexlm\SolidWorks SolidNetWork License Manager\SW_D.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25467
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 173.236.107.247 www.google.com
O1 - Hosts: 173.236.107.247 google.com
O1 - Hosts: 173.236.107.247 google.com.au
O1 - Hosts: 173.236.107.247 www.google.com.au
O1 - Hosts: 173.236.107.247 google.be
O1 - Hosts: 173.236.107.247 www.google.be
O1 - Hosts: 173.236.107.247 google.com.br
O1 - Hosts: 173.236.107.247 www.google.com.br
O1 - Hosts: 173.236.107.247 google.ca
O1 - Hosts: 173.236.107.247 www.google.ca
O1 - Hosts: 173.236.107.247 google.ch
O1 - Hosts: 173.236.107.247 www.google.ch
O1 - Hosts: 173.236.107.247 google.de
O1 - Hosts: 173.236.107.247 www.google.de
O1 - Hosts: 173.236.107.247 google.dk
O1 - Hosts: 173.236.107.247 www.google.dk
O1 - Hosts: 173.236.107.247 google.fr
O1 - Hosts: 173.236.107.247 www.google.fr
O1 - Hosts: 173.236.107.247 google.ie
O1 - Hosts: 173.236.107.247 www.google.ie
O1 - Hosts: 173.236.107.247 google.it
O1 - Hosts: 173.236.107.247 www.google.it
O1 - Hosts: 173.236.107.247 google.co.jp
O1 - Hosts: 173.236.107.247 www.google.co.jp
O1 - Hosts: 173.236.107.247 google.nl
O1 - Hosts: 173.236.107.247 www.google.nl
O1 - Hosts: 173.236.107.247 google.no
O1 - Hosts: 173.236.107.247 www.google.no
O1 - Hosts: 173.236.107.247 google.co.nz
O1 - Hosts: 173.236.107.247 www.google.co.nz
O1 - Hosts: 173.236.107.247 google.pl
O1 - Hosts: 173.236.107.247 www.google.pl
O1 - Hosts: 173.236.107.247 google.se
O1 - Hosts: 173.236.107.247 www.google.se
O1 - Hosts: 173.236.107.247 google.co.uk
O1 - Hosts: 173.236.107.247 www.google.co.uk
O1 - Hosts: 173.236.107.247 google.co.za
O1 - Hosts: 173.236.107.247 www.google.co.za
O1 - Hosts: 173.236.107.247 www.google-analytics.com
O1 - Hosts: 173.236.107.247 www.bing.com
O1 - Hosts: 173.236.107.247 search.yahoo.com
O1 - Hosts: 173.236.107.247 www.search.yahoo.com
O1 - Hosts: 173.236.107.247 uk.search.yahoo.com
O1 - Hosts: 173.236.107.247 ca.search.yahoo.com
O1 - Hosts: 173.236.107.247 de.search.yahoo.com
O1 - Hosts: 173.236.107.247 fr.search.yahoo.com
O1 - Hosts: 173.236.107.247 au.search.yahoo.com
O1 - Hosts: 173.236.107.247 www.youtube.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: 4c48941d - {68F1586A-AAE8-87D1-99B7-8DE6FA55B6AC} - C:\WINDOWS\system32\FM20ENU32.dll (file missing)
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\Vid.exe" -bootmode
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\victoria usher\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MqtgSVC] C:\DOCUME~1\VICTOR~1\LOCALS~1\APPLIC~1\mqtgsvc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [MqtgSVC] C:\DOCUME~1\VICTOR~1\LOCALS~1\APPLIC~1\mqtgsvc.exe /waitservice (User 'Default user')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
O4 - Global Startup: ZyXEL G-202 Wireless Adapter Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\FM20ENU32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: 3c3bc448971 - C:\WINDOWS\system32\FM20ENU32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\Flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 12617 bytes

BC AdBot (Login to Remove)

 


#2 vmusher

vmusher
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 21 November 2010 - 04:43 AM

Any suggestions? Thanks.

#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:50 PM

Posted 21 November 2010 - 08:27 AM

Hi

Please do the following:

  • Open HiJackThis
  • Click on Do a system scan only
  • Check the boxes next to ONLY the entries listed below (if still present):


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25467
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 173.236.107.247 www.google.com
O1 - Hosts: 173.236.107.247 google.com
O1 - Hosts: 173.236.107.247 google.com.au
O1 - Hosts: 173.236.107.247 www.google.com.au
O1 - Hosts: 173.236.107.247 google.be
O1 - Hosts: 173.236.107.247 www.google.be
O1 - Hosts: 173.236.107.247 google.com.br
O1 - Hosts: 173.236.107.247 www.google.com.br
O1 - Hosts: 173.236.107.247 google.ca
O1 - Hosts: 173.236.107.247 www.google.ca
O1 - Hosts: 173.236.107.247 google.ch
O1 - Hosts: 173.236.107.247 www.google.ch
O1 - Hosts: 173.236.107.247 google.de
O1 - Hosts: 173.236.107.247 www.google.de
O1 - Hosts: 173.236.107.247 google.dk
O1 - Hosts: 173.236.107.247 www.google.dk
O1 - Hosts: 173.236.107.247 google.fr
O1 - Hosts: 173.236.107.247 www.google.fr
O1 - Hosts: 173.236.107.247 google.ie
O1 - Hosts: 173.236.107.247 www.google.ie
O1 - Hosts: 173.236.107.247 google.it
O1 - Hosts: 173.236.107.247 www.google.it
O1 - Hosts: 173.236.107.247 google.co.jp
O1 - Hosts: 173.236.107.247 www.google.co.jp
O1 - Hosts: 173.236.107.247 google.nl
O1 - Hosts: 173.236.107.247 www.google.nl
O1 - Hosts: 173.236.107.247 google.no
O1 - Hosts: 173.236.107.247 www.google.no
O1 - Hosts: 173.236.107.247 google.co.nz
O1 - Hosts: 173.236.107.247 www.google.co.nz
O1 - Hosts: 173.236.107.247 google.pl
O1 - Hosts: 173.236.107.247 www.google.pl
O1 - Hosts: 173.236.107.247 google.se
O1 - Hosts: 173.236.107.247 www.google.se
O1 - Hosts: 173.236.107.247 google.co.uk
O1 - Hosts: 173.236.107.247 www.google.co.uk
O1 - Hosts: 173.236.107.247 google.co.za
O1 - Hosts: 173.236.107.247 www.google.co.za
O1 - Hosts: 173.236.107.247 www.google-analytics.com
O1 - Hosts: 173.236.107.247 www.bing.com
O1 - Hosts: 173.236.107.247 search.yahoo.com
O1 - Hosts: 173.236.107.247 www.search.yahoo.com
O1 - Hosts: 173.236.107.247 uk.search.yahoo.com
O1 - Hosts: 173.236.107.247 ca.search.yahoo.com
O1 - Hosts: 173.236.107.247 de.search.yahoo.com
O1 - Hosts: 173.236.107.247 fr.search.yahoo.com
O1 - Hosts: 173.236.107.247 au.search.yahoo.com
O1 - Hosts: 173.236.107.247 www.youtube.com
O2 - BHO: 4c48941d - {68F1586A-AAE8-87D1-99B7-8DE6FA55B6AC} - C:\WINDOWS\system32\FM20ENU32.dll (file missing)
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\FM20ENU32.dll
O20 - Winlogon Notify: 3c3bc448971 - C:\WINDOWS\system32\FM20ENU32.dll (file missing)

  • Close all windows except Hijackthis and click Fix Checked
  • Click Yes when prompted
  • Close HijackThis.


NEXT


Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT


Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
  • Double click the exe file.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Edited by CatByte, 21 November 2010 - 08:29 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 vmusher

vmusher
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 21 November 2010 - 11:37 AM

Thanks for the advice.

I have attached the results from the DDS and GMER Rootkit Scanner.

Attached File  DDS.txt   12.67KB   3 downloads
Attached File  Attach.txt   13.82KB   4 downloads
Attached File  Gmer.txt   12.83KB   1 downloads

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:50 PM

Posted 21 November 2010 - 11:47 AM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 vmusher

vmusher
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 21 November 2010 - 01:25 PM

I have disabled the firewall, but Combofix has detected the 'Internet Security Suit' software, which I originally thought might be a virus. It does not appear under my installed programs and when I try to edit it's options under the start menu I get the following message:

The name 'C:/Documents and Settings\All Users\Application Data\1bac80\IS1ba_231.exe' specified in the Target box is not valid. Make sure the path and file name are correct.

Should I continue with Combofix?

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:50 PM

Posted 21 November 2010 - 01:29 PM

Yes, please do

we can remove that afterwards

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 vmusher

vmusher
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 21 November 2010 - 01:59 PM

I completed the scan with Combofix, but it did not produce a log.

The computer did not boot normally in 2 seconds; maybe that was the problem?

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:50 PM

Posted 21 November 2010 - 02:02 PM

he computer did not boot normally in 2 seconds; maybe that was the problem?


I'm not sure I know what you mean

Please look for a log at c:\combofix.txt

If one doesn't exist there, then please re-run ComboFix in safe mode and wait for it to produce a log.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 vmusher

vmusher
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 21 November 2010 - 02:38 PM

I re-ran Combofix and this time the computer restarted correctly.

Here is the Combofix log:

Attached File  Cobofix_log.txt   19.06KB   2 downloads

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:50 PM

Posted 21 November 2010 - 03:10 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

SecCenter::
AV: Internet Security Suite *On-access scanning enabled* (Updated) {EFE03E6D-4747-4EF9-AD53-D142BB97DDAD}
FW: Internet Security Suite *enabled* {1D774B16-26DA-40E2-AF2A-98954FDD6385}

Folder::
c:\documents and settings\victoria usher\Application Data\Internet Security Suite
c:\documents and settings\All Users\Application Data\ISXOCCS

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT

Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 vmusher

vmusher
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 22 November 2010 - 01:06 AM

I have completed a scan for Cobofix, Malwarebytes' Anti-Malware and Eset. Here are the logs:

Attached File  Cobofix_log2.txt   13.56KB   1 downloads
Attached File  mbam-log-2010-11-21 (21-34-04).txt   1.19KB   1 downloads
Attached File  Eset_log.txt   5.6KB   1 downloads

I can now access web addresses from Moxilla Firefox, Google Chrome and Internet Explorer. Everything appears to be working normally, but Malwarebytes' Anti-Malware and Eset still detected threats.

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:50 PM

Posted 22 November 2010 - 08:30 AM

Hi

Please do the following

Navigate to and delete this file as it's infected:

C:\Program Files\eMule\Incoming\SolidWorks Office Pro 2010 Crack Keygen.zip


NEXT


  • Download OTL and save it to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.



P2P - I see you have P2P software eMule installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Please see this topic for more information:
Perils of P2P File Sharing.
I would strongly recommend that you uninstall this now. You can do so via Control Panel >> Add or Remove Programs.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 vmusher

vmusher
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 22 November 2010 - 02:56 PM

Thanks. Here are the results of the OTL:

OTL logfile created on: 11/22/2010 8:49:44 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\victoria usher\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.30 Gb Total Space | 65.92 Gb Free Space | 45.68% Space Free | Partition Type: NTFS

Computer Name: TOOTS-1D9D8491F | User Name: victoria usher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/22 20:47:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\victoria usher\Desktop\OTL.exe
PRC - [2010/05/11 15:43:48 | 006,061,400 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2010/04/12 08:39:05 | 002,010,864 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/02/18 22:27:13 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/02/16 09:44:56 | 001,358,384 | ---- | M] (Linksys, LLC) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/14 14:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/05 02:41:44 | 010,891,264 | ---- | M] (ZyXEL Communications Corp.) -- C:\Program Files\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe
PRC - [2005/03/23 02:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/04/09 15:34:02 | 000,958,464 | ---- | M] () -- C:\Flexlm\SolidWorks SolidNetWork License Manager\SW_D.exe
PRC - [2003/03/26 09:00:00 | 000,630,272 | ---- | M] (Macrovision Corporation) -- C:\Flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
PRC - [2002/12/17 00:51:24 | 000,036,864 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
PRC - [2001/05/06 19:14:22 | 000,020,549 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe


========== Modules (SafeList) ==========

MOD - [2010/11/22 20:47:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\victoria usher\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/02/18 22:27:45 | 000,118,784 | ---- | M] (RealPlayer) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2009/08/13 14:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/02/06 20:17:50 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/09/06 06:25:04 | 000,204,800 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2003/03/26 09:00:00 | 000,630,272 | ---- | M] (Macrovision Corporation) [Auto | Running] -- C:\Flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe -- (SolidWorks SolidNetWork License Manager)
SRV - [2002/08/01 18:22:40 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\VICTOR~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/03/26 10:30:51 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/26 10:30:51 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/26 10:30:51 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/11 08:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/02/06 17:50:48 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/07 09:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 09:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 200(UVC)
DRV - [2009/10/07 09:47:55 | 000,266,008 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 09:46:12 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/12/12 18:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 18:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/12/04 13:17:16 | 000,627,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/04/14 07:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/04/03 21:05:48 | 000,019,072 | ---- | M] (ZDC., Inc. (ZDC)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\ZDCndis5.sys -- (ZDCNDIS5)
DRV - [2005/11/17 00:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2001/08/22 16:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [1999/09/10 12:06:00 | 000,025,244 | R--- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.bak -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 14 C0 2D 11 CC 13 4B 46 96 66 A1 D9 77 DA 80 AC [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.daemon-search.com/startpage|resource:/browserconfig.properties"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.63
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.21.3
FF - prefs.js..keyword.URL: "http://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_uk&p="
FF - prefs.js..network.proxy.backup.ftp: "94.76.202.146"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "94.76.202.146"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "94.76.202.146"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "94.76.202.146"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "94.76.202.146"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "94.76.202.146"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "94.76.202.146"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "94.76.202.146"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "94.76.202.146"
FF - prefs.js..network.proxy.ssl_port: 3128


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/02/18 22:27:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/18 14:49:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/18 14:49:00 | 000,000,000 | ---D | M]

[2010/07/19 16:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria usher\Application Data\Mozilla\Extensions
[2010/07/19 16:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria usher\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/11/21 19:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria usher\Application Data\Mozilla\Firefox\Profiles\uuwiwvl8.default\extensions
[2010/02/09 21:34:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\victoria usher\Application Data\Mozilla\Firefox\Profiles\uuwiwvl8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/19 09:31:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\victoria usher\Application Data\Mozilla\Firefox\Profiles\uuwiwvl8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/13 09:55:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\victoria usher\Application Data\Mozilla\Firefox\Profiles\uuwiwvl8.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/05/25 13:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria usher\Application Data\Mozilla\Firefox\Profiles\uuwiwvl8.default\extensions\browserhighlighter@ebay.com
[2010/08/19 10:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria usher\Application Data\Mozilla\Firefox\Profiles\uuwiwvl8.default\extensions\foxyproxy@eric.h.jung
[2010/02/06 17:51:07 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\victoria usher\Application Data\Mozilla\Firefox\Profiles\uuwiwvl8.default\searchplugins\daemon-search.xml
[2010/11/20 10:10:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/17 20:21:41 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

O1 HOSTS File: ([2010/11/21 21:21:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZyXEL G-202 Wireless Adapter Utility.lnk = C:\Program Files\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe (ZyXEL Communications Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\victoria usher\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\victoria usher\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/24 19:37:06 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/09/21 03:58:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/22 20:47:12 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\victoria usher\Desktop\OTL.exe
[2010/11/22 20:46:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/21 21:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/21 21:14:36 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/11/21 19:50:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/11/21 19:38:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/21 19:34:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/21 19:34:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/21 19:34:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/21 19:34:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/21 19:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/21 19:05:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/18 14:48:22 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/11/18 14:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/11/18 14:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/11/18 14:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\victoria usher\Local Settings\Application Data\Apple
[2010/11/18 14:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/11/18 14:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/11/18 14:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\victoria usher\Local Settings\Application Data\Apple Computer
[2010/11/18 14:47:09 | 034,452,784 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\victoria usher\Desktop\QuickTimeInstaller.exe
[2010/11/18 14:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\victoria usher\Desktop\KNS
[2010/11/14 15:24:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/14 15:24:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/14 15:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/14 15:22:51 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\victoria usher\Desktop\mbam-setup-1.46.exe
[2010/11/07 12:54:11 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/11/07 12:54:11 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/11/07 12:53:38 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\victoria usher\Desktop\*.tmp files -> C:\Documents and Settings\victoria usher\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\victoria usher\*.tmp files -> C:\Documents and Settings\victoria usher\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/22 20:49:35 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-2000478354-682003330-1004.job
[2010/11/22 20:49:35 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-602162358-2000478354-682003330-1004.job
[2010/11/22 20:47:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\victoria usher\Desktop\OTL.exe
[2010/11/22 20:10:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-2000478354-682003330-1004UA.job
[2010/11/22 18:10:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-2000478354-682003330-1004Core.job
[2010/11/22 16:55:11 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DC78BDDC-D62E-41F2-AB93-830EEB0FFF14}.job
[2010/11/21 21:39:03 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\victoria usher\Desktop\esetsmartinstaller_enu.exe
[2010/11/21 21:35:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/21 21:21:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/21 19:38:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/21 19:04:56 | 003,913,086 | R--- | M] () -- C:\Documents and Settings\victoria usher\Desktop\ComboFix.exe
[2010/11/21 17:20:44 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\victoria usher\Desktop\bl2tjpi2.exe
[2010/11/21 17:18:20 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\victoria usher\Desktop\dds.com
[2010/11/21 17:17:11 | 000,001,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
[2010/11/21 04:14:01 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\PC Medkit.job
[2010/11/20 20:35:38 | 009,334,845 | ---- | M] () -- C:\Documents and Settings\victoria usher\Desktop\1 - The Different Story (World Of Lust And Crime).mp3
[2010/11/20 13:20:20 | 011,327,285 | ---- | M] () -- C:\Documents and Settings\victoria usher\Desktop\03 - Miko Mission - The World Is You.mp3
[2010/11/20 12:54:53 | 007,815,324 | ---- | M] () -- C:\Documents and Settings\victoria usher\Desktop\F.R. David - Words - 02 - Pick Up The Phone.mp3
[2010/11/20 11:47:19 | 012,044,288 | ---- | M] () -- C:\Documents and Settings\victoria usher\Desktop\2 - Major Tom (Coming Home).mp3
[2010/11/20 09:57:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/18 14:48:48 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/11/18 14:47:43 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/18 14:47:16 | 034,452,784 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\victoria usher\Desktop\QuickTimeInstaller.exe
[2010/11/18 14:43:42 | 039,345,812 | ---- | M] () -- C:\Documents and Settings\victoria usher\Desktop\KNS.zip
[2010/11/18 09:08:48 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/11/14 15:25:13 | 000,012,135 | ---- | M] () -- C:\WINDOWS\hplj1010.his
[2010/11/14 15:25:13 | 000,002,406 | ---- | M] () -- C:\WINDOWS\hplj1010.ini
[2010/11/14 15:24:22 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\victoria usher\Desktop\mbam-setup-1.46.exe
[2010/11/14 15:24:20 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/08 13:10:42 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\victoria usher\Desktop\Google Chrome.lnk
[2010/11/08 13:10:42 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\victoria usher\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/08 07:31:09 | 001,543,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/07 22:17:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/07 22:14:04 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 22:14:04 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\victoria usher\Desktop\*.tmp files -> C:\Documents and Settings\victoria usher\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\victoria usher\*.tmp files -> C:\Documents and Settings\victoria usher\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/21 21:39:02 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\victoria usher\Desktop\esetsmartinstaller_enu.exe
[2010/11/21 19:38:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/21 19:38:26 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/21 19:34:58 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/21 19:34:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/21 19:34:58 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/21 19:34:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/21 19:34:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/21 19:04:48 | 003,913,086 | R--- | C] () -- C:\Documents and Settings\victoria usher\Desktop\ComboFix.exe
[2010/11/21 17:20:44 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\victoria usher\Desktop\bl2tjpi2.exe
[2010/11/21 17:18:20 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\victoria usher\Desktop\dds.com
[2010/11/20 13:14:23 | 009,334,845 | ---- | C] () -- C:\Documents and Settings\victoria usher\Desktop\1 - The Different Story (World Of Lust And Crime).mp3
[2010/11/20 10:08:09 | 011,327,285 | ---- | C] () -- C:\Documents and Settings\victoria usher\Desktop\03 - Miko Mission - The World Is You.mp3
[2010/11/20 10:08:04 | 007,815,324 | ---- | C] () -- C:\Documents and Settings\victoria usher\Desktop\F.R. David - Words - 02 - Pick Up The Phone.mp3
[2010/11/20 10:07:58 | 012,044,288 | ---- | C] () -- C:\Documents and Settings\victoria usher\Desktop\2 - Major Tom (Coming Home).mp3
[2010/11/18 14:48:48 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/11/18 14:47:43 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/18 14:43:33 | 039,345,812 | ---- | C] () -- C:\Documents and Settings\victoria usher\Desktop\KNS.zip
[2010/11/14 15:24:20 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/14 15:24:17 | 000,249,460 | ---- | C] () -- C:\WINDOWS\hplj1010.hi1
[2010/11/14 15:24:17 | 000,018,112 | ---- | C] () -- C:\WINDOWS\hplj1010.bu1
[2010/11/07 22:08:24 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-2000478354-682003330-1004.job
[2010/11/07 22:08:24 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-602162358-2000478354-682003330-1004.job
[2010/07/08 16:54:48 | 000,000,540 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/07/07 17:25:12 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/06/25 20:34:14 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/06/08 18:38:22 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI
[2010/05/11 10:49:18 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/03/27 12:02:54 | 000,002,406 | ---- | C] () -- C:\WINDOWS\hplj1010.ini
[2010/03/26 12:24:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\victoria usher\Local Settings\Application Data\prvlcl.dat
[2010/03/21 11:21:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/07 12:56:40 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\victoria usher\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/06 20:51:28 | 000,000,565 | ---- | C] () -- C:\WINDOWS\solvermfc.INI
[2010/02/06 20:21:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010/02/06 17:50:47 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/09/21 04:05:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2009/09/21 04:05:00 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2009/09/21 04:04:57 | 000,001,162 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2009/09/20 20:48:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/08/22 05:46:34 | 000,059,160 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2003/01/07 23:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/31 19:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== LOP Check ==========

[2009/11/24 19:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alias
[2010/08/11 20:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/09 21:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2010/02/06 17:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/02/07 13:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2010/02/07 13:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MentorGraphics
[2009/11/24 19:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/24 19:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria usher\Application Data\Autodesk
[2010/02/09 21:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria usher\Application Data\Babylon
[2010/03/21 12:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria usher\Application Data\Blitware
[2010/04/29 10:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria usher\Application Data\Canon
[2010/02/06 18:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria usher\Application Data\DAEMON Tools Lite
[2010/02/07 13:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria usher\Application Data\DassaultSystemes
[2010/02/07 13:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria usher\Application Data\DWGeditor
[2010/05/11 10:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria usher\Application Data\Leadertech
[2010/02/07 14:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria usher\Application Data\Luxology
[2010/02/07 13:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria usher\Application Data\MaxwellDotNET
[2010/07/07 17:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\victoria usher\Application Data\Uniblue
[2010/11/21 04:14:01 | 000,000,336 | ---- | M] () -- C:\WINDOWS\Tasks\PC Medkit.job
[2010/11/22 16:55:11 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{DC78BDDC-D62E-41F2-AB93-830EEB0FFF14}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD

< End of report >

OTL Extras logfile created on: 11/22/2010 8:49:44 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\victoria usher\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.30 Gb Total Space | 65.92 Gb Free Space | 45.68% Space Free | Partition Type: NTFS

Computer Name: TOOTS-1D9D8491F | User Name: victoria usher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\victoria usher\My Documents\Downloads\VLC_Player_Setup.exe" = C:\Documents and Settings\victoria usher\My Documents\Downloads\VLC_Player_Setup.exe:*:Enabled:VLC Media Player -- ()
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 21
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{292C47B2-8DB7-47BF-896C-C3C5EE8108C4}" = hp LaserJet 1010 Series
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54F6C98F-94A0-421C-B90E-0B6A2A96A9CF}" = Pure Networks Platform
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{C5D78EFC-A9C1-44F3-81CB-D42C5DF8EA09}" = ZyXEL G-202 Wireless Adapter Utility
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"ESET Online Scanner" = ESET Online Scanner v3
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"Linksys Wireless Manager" = Linksys Wireless Manager
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/18/2010 4:26:49 AM | Computer Name = TOOTS-1D9D8491F | Source = STacSV | ID = 268435455
Description =

Error - 11/18/2010 4:27:01 AM | Computer Name = TOOTS-1D9D8491F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 11/20/2010 4:57:43 AM | Computer Name = TOOTS-1D9D8491F | Source = STacSV | ID = 268435455
Description =

Error - 11/20/2010 4:57:48 AM | Computer Name = TOOTS-1D9D8491F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 11/20/2010 5:07:39 AM | Computer Name = TOOTS-1D9D8491F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 11/20/2010 5:07:42 AM | Computer Name = TOOTS-1D9D8491F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/21/2010 2:50:48 PM | Computer Name = TOOTS-1D9D8491F | Source = STacSV | ID = 268435455
Description =

Error - 11/21/2010 2:52:02 PM | Computer Name = TOOTS-1D9D8491F | Source = Application Hang | ID = 1002
Description = Hanging application eReg.exe, version 1.37.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/21/2010 3:30:12 PM | Computer Name = TOOTS-1D9D8491F | Source = STacSV | ID = 268435455
Description =

Error - 11/21/2010 4:36:21 PM | Computer Name = TOOTS-1D9D8491F | Source = STacSV | ID = 268435455
Description =

[ System Events ]
Error - 11/15/2010 4:00:00 AM | Computer Name = TOOTS-1D9D8491F | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 11/17/2010 4:00:00 AM | Computer Name = TOOTS-1D9D8491F | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 11/20/2010 4:57:59 AM | Computer Name = TOOTS-1D9D8491F | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/21/2010 4:00:00 AM | Computer Name = TOOTS-1D9D8491F | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 11/21/2010 2:05:08 PM | Computer Name = TOOTS-1D9D8491F | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/21/2010 2:40:21 PM | Computer Name = TOOTS-1D9D8491F | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 11/21/2010 2:51:27 PM | Computer Name = TOOTS-1D9D8491F | Source = System Error | ID = 1003
Description = Error code 000000ca, parameter1 00000004, parameter2 8a2e0ba0, parameter3
00000000, parameter4 00000000.

Error - 11/21/2010 3:22:20 PM | Computer Name = TOOTS-1D9D8491F | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/21/2010 4:14:16 PM | Computer Name = TOOTS-1D9D8491F | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:50 PM

Posted 22 November 2010 - 07:05 PM

hi

Please do the following:

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\victoria usher\Desktop\*.tmp files -> C:\Documents and Settings\victoria usher\Desktop\*.tmp -> ]
    [1 C:\Documents and Settings\victoria usher\*.tmp files -> C:\Documents and Settings\victoria usher\*.tmp -> ]
    [2010/11/21 17:17:11 | 000,001,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
    [2010/03/26 12:24:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\victoria usher\Local Settings\Application Data\prvlcl.dat
    
    
    :Commands
    [resethosts]
    [emptyflash]
    [purity]
    [emptytemp]
    [Reboot]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.


NEXT


Visit ADOBEand download the latest version of Acrobat Reader (version 9.4)
Having the latest updates ensures there are no security vulnerabilities in your system.



NEXT



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Download the latest version of Java Runtime Environment (JRE) 22 and save it to your desktop.
Scroll down to where it says JDK 6 Update 22 (JDK or JRE)
Click the Download JRE button to the right
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u22 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u22-windows-i586-p.exe to install the newest version.
After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
On the General tab, under Temporary Internet Files, click the Settings button.
Next, click on the Delete Files button
There are two options in the window to clear the cache - Leave BOTH Checked
Applications and Applets
Trace and Log Files

Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel. [/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users