Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Disabled System Fix but program still present


  • This topic is locked This topic is locked
19 replies to this topic

#1 chicken_little

chicken_little

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 11 December 2011 - 09:10 PM

First, I want to thank you for the incredible work you do. Frankly, I don't know why you volunteer your time to help strangers with their computer problems, but I really appreciate it. I've found your advice to be very helpful. In fact, to combat System Fix, I've followed the instructions on this BC post and on this BC post. In short, I've downloaded and run RKill, TDSSKiller, Malwarebytes' Anti-Malware, Unhide, Secunia PSI, TFC, and SUPERAntiSpyware.

System Fix seems to be disabled, but the icon is still on my desktop, in my taskbar, and in my Programs. I'm afraid that it's still lurking on my machine, and I'd very much appreciate your help with completely removing it. Interestingly, System Fix's icon has changed to a generic image.

I truly appreciate your assistance.

Edited by chicken_little, 11 December 2011 - 09:12 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:45 AM

Posted 18 December 2011 - 03:19 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:45 AM

Posted 21 December 2011 - 02:04 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 chicken_little

chicken_little
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 22 December 2011 - 08:46 PM

Hi Gringo,

Thanks very much for your assistance. I understood your instructions and encountered no problems. Please see below the DDS logs you requested.


DDS - Notepad.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Dominic at 20:42:55 on 2011-12-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1156 [GMT -5:00]
.
AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Secunia\PSI\PSIA.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dominic\Desktop\Defogger.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.drudgereport.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10x_ActiveX.exe -update activex
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Trend Micro Titanium] c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1316642261218
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.87.73.246 68.87.71.230
TCP: Interfaces\{C3FEC78F-80C8-41F6-B85B-670EB192EC5D} : DhcpNameServer = 68.87.73.246 68.87.71.230
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-6-14 188272]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-11 366152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-21 2253120]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-6-14 64080]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-11 22216]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
.
=============== Created Last 30 ================
.
2011-12-11 22:14:41 -------- d-----w- c:\documents and settings\dominic\application data\SUPERAntiSpyware.com
2011-12-11 22:13:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-11 22:13:44 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-12-11 21:56:29 -------- d-----w- c:\program files\iPod
2011-12-11 21:52:55 -------- d-----w- c:\program files\Bonjour
2011-12-11 20:12:06 -------- d-----w- c:\windows\pss
2011-12-11 13:22:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-12-11 13:22:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-12-11 13:22:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-12-11 13:22:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-12-11 13:22:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-12-11 13:22:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-12-11 13:22:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-12-11 13:07:13 -------- d-----w- c:\documents and settings\dominic\local settings\application data\Secunia PSI
2011-12-11 13:06:59 -------- d-----w- c:\program files\Secunia
2011-12-11 05:46:46 -------- d-----w- c:\documents and settings\dominic\application data\Malwarebytes
2011-12-11 05:46:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-11 05:46:29 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-11 05:46:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-11 05:15:42 -------- d-----w- c:\windows\system32\GroupPolicy
.
==================== Find3M ====================
.
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 02:36:09 285176 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-10-26 02:36:09 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-10-26 02:36:04 285176 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-14 22:38:00 456192 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 20:44:13.54 ===============



Attach - Notepad
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/13/2011 11:18:59 PM
System Uptime: 12/17/2011 11:03:50 PM (117 hours ago)
.
Motherboard: Dell Inc. | | 0HJ054
Processor: Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 228 GiB total, 178.656 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP115: 9/24/2011 12:54:04 PM - Software Distribution Service 3.0
RP116: 9/25/2011 1:26:36 PM - System Checkpoint
RP117: 9/26/2011 3:00:16 AM - Software Distribution Service 3.0
RP118: 9/27/2011 3:38:14 AM - System Checkpoint
RP119: 9/27/2011 11:30:29 PM - Software Distribution Service 3.0
RP120: 9/28/2011 11:47:42 PM - System Checkpoint
RP121: 9/30/2011 12:20:11 AM - System Checkpoint
RP122: 10/1/2011 12:27:37 AM - System Checkpoint
RP123: 10/2/2011 1:21:20 AM - System Checkpoint
RP124: 10/3/2011 2:17:03 AM - System Checkpoint
RP125: 10/4/2011 3:12:40 AM - System Checkpoint
RP126: 10/5/2011 3:20:47 AM - System Checkpoint
RP127: 10/6/2011 4:15:07 AM - System Checkpoint
RP128: 10/7/2011 5:09:27 AM - System Checkpoint
RP129: 10/8/2011 6:03:59 AM - System Checkpoint
RP130: 10/9/2011 6:58:34 AM - System Checkpoint
RP131: 10/10/2011 7:55:08 AM - System Checkpoint
RP132: 10/11/2011 8:15:30 AM - System Checkpoint
RP133: 10/12/2011 9:14:25 AM - System Checkpoint
RP134: 10/12/2011 9:54:47 PM - Software Distribution Service 3.0
RP135: 10/14/2011 12:07:28 AM - System Checkpoint
RP136: 10/15/2011 12:14:39 AM - System Checkpoint
RP137: 10/16/2011 12:18:50 AM - System Checkpoint
RP138: 10/17/2011 1:04:19 AM - System Checkpoint
RP139: 10/18/2011 1:56:57 AM - System Checkpoint
RP140: 10/19/2011 2:54:47 AM - System Checkpoint
RP141: 10/20/2011 3:49:40 AM - System Checkpoint
RP142: 10/21/2011 4:45:10 AM - System Checkpoint
RP143: 10/22/2011 5:39:31 AM - System Checkpoint
RP144: 10/23/2011 6:35:16 AM - System Checkpoint
RP145: 10/24/2011 7:34:05 AM - System Checkpoint
RP146: 10/25/2011 8:28:20 AM - System Checkpoint
RP147: 10/26/2011 8:31:13 AM - System Checkpoint
RP148: 10/27/2011 9:30:16 AM - System Checkpoint
RP149: 10/28/2011 10:11:45 AM - System Checkpoint
RP150: 10/29/2011 11:06:17 AM - System Checkpoint
RP151: 10/30/2011 12:01:51 PM - System Checkpoint
RP152: 10/31/2011 12:40:46 PM - System Checkpoint
RP153: 11/1/2011 1:36:36 PM - System Checkpoint
RP154: 11/2/2011 2:31:22 PM - System Checkpoint
RP155: 11/3/2011 4:11:25 PM - System Checkpoint
RP156: 11/4/2011 4:26:00 PM - System Checkpoint
RP157: 11/5/2011 5:20:27 PM - System Checkpoint
RP158: 11/6/2011 5:15:57 PM - System Checkpoint
RP159: 11/7/2011 6:10:22 PM - System Checkpoint
RP160: 11/8/2011 7:03:15 PM - System Checkpoint
RP161: 11/9/2011 7:56:09 PM - System Checkpoint
RP162: 11/10/2011 3:00:34 AM - Software Distribution Service 3.0
RP163: 11/11/2011 3:00:16 AM - Software Distribution Service 3.0
RP164: 11/12/2011 3:49:53 AM - System Checkpoint
RP165: 11/13/2011 4:46:26 AM - System Checkpoint
RP166: 11/14/2011 5:40:57 AM - System Checkpoint
RP167: 11/15/2011 6:35:43 AM - System Checkpoint
RP168: 11/16/2011 7:31:38 AM - System Checkpoint
RP169: 11/17/2011 8:25:21 AM - System Checkpoint
RP170: 11/18/2011 9:20:16 AM - System Checkpoint
RP171: 11/19/2011 10:11:59 AM - System Checkpoint
RP172: 11/20/2011 11:09:27 AM - System Checkpoint
RP173: 11/21/2011 12:04:05 PM - System Checkpoint
RP174: 11/22/2011 12:58:47 PM - System Checkpoint
RP175: 11/23/2011 1:53:27 PM - System Checkpoint
RP176: 11/24/2011 2:00:07 PM - System Checkpoint
RP177: 11/25/2011 2:42:48 PM - System Checkpoint
RP178: 11/26/2011 3:37:43 PM - System Checkpoint
RP179: 11/27/2011 4:33:23 PM - System Checkpoint
RP180: 11/28/2011 5:27:36 PM - System Checkpoint
RP181: 11/29/2011 6:23:10 PM - System Checkpoint
RP182: 11/30/2011 7:18:53 PM - System Checkpoint
RP183: 12/1/2011 8:14:29 PM - System Checkpoint
RP184: 12/2/2011 9:10:10 PM - System Checkpoint
RP185: 12/3/2011 10:38:34 PM - System Checkpoint
RP186: 12/4/2011 11:02:05 PM - System Checkpoint
RP187: 12/6/2011 12:13:22 AM - System Checkpoint
RP188: 12/7/2011 12:52:10 AM - System Checkpoint
RP189: 12/8/2011 1:46:56 AM - System Checkpoint
RP190: 12/9/2011 2:41:41 AM - System Checkpoint
RP191: 12/10/2011 3:36:20 AM - System Checkpoint
RP192: 12/11/2011 8:27:51 AM - System Checkpoint
RP193: 12/11/2011 4:54:11 PM - Installed iTunes
RP194: 12/11/2011 5:07:21 PM - Removed Java™ 6 Update 26
RP195: 12/11/2011 5:08:20 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP196: 12/12/2011 5:46:06 PM - System Checkpoint
RP197: 12/13/2011 6:45:06 PM - System Checkpoint
RP198: 12/14/2011 7:40:49 PM - System Checkpoint
RP199: 12/14/2011 8:18:43 PM - Software Distribution Service 3.0
RP200: 12/15/2011 8:27:45 PM - System Checkpoint
RP201: 12/16/2011 9:23:03 PM - System Checkpoint
RP202: 12/17/2011 11:52:47 PM - System Checkpoint
RP203: 12/19/2011 12:32:05 AM - System Checkpoint
RP204: 12/20/2011 12:53:30 AM - System Checkpoint
RP205: 12/21/2011 1:16:29 AM - System Checkpoint
RP206: 12/22/2011 2:11:16 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.1)
Amateur Invest
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Creative MediaSource
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support 3.1
Dell System Restore
Digital Content Portal
doPDF 7.2 printer
ELIcon
GemMaster Mystic
Google Desktop
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
iTunes
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Office Basic Edition 2003
Microsoft Office File Validation Add-In
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch for Windows Media Player
NVIDIA Control Panel 285.58
NVIDIA Graphics Driver 285.58
NVIDIA Install Application
NVIDIA nView 135.95
NVIDIA nView Desktop Manager
NVIDIA Update 1.5.20
NVIDIA Update Components
Otto
QuickTime
RealPlayer Basic
Roxio DLA
Roxio Express Labeler
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Search Assist
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Sound Blaster X-Fi
Spotify
SUPERAntiSpyware
System Requirements Lab
Trend Micro Titanium Maximum Security
Trend Micro™ Titanium™ Maximum Security
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs XP
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
.
==== End Of File ===========================

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:45 AM

Posted 23 December 2011 - 09:15 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 chicken_little

chicken_little
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 27 December 2011 - 12:28 AM

Hi Gringo,

When first running Combofix, I received a Blue Screen of Death error. I retried, and it ran successfully. Please see below the log. Interestingly, System Fix is still on my desktop and taskbar.


ComboFix 11-12-26.03 - Dominic 12/26/2011 23:32:13.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1312 [GMT -5:00]
Running from: c:\documents and settings\Dominic\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\~dXUJRcTz9JJa39
c:\documents and settings\All Users\Application Data\~dXUJRcTz9JJa39r
c:\documents and settings\All Users\Application Data\dXUJRcTz9JJa39
c:\documents and settings\Dominic\Start Menu\Programs\System Fix
c:\documents and settings\Dominic\Start Menu\Programs\System Fix\System Fix.lnk
c:\documents and settings\Dominic\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\windows\kb913800.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-27 to 2011-12-27 )))))))))))))))))))))))))))))))
.
.
2011-12-11 22:14 . 2011-12-11 22:14 -------- d-----w- c:\documents and settings\Dominic\Application Data\SUPERAntiSpyware.com
2011-12-11 22:13 . 2011-12-16 02:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-11 22:13 . 2011-12-11 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-12-11 21:56 . 2011-12-11 21:56 -------- d-----w- c:\program files\iPod
2011-12-11 21:53 . 2011-12-11 21:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-12-11 21:52 . 2011-12-11 21:52 -------- d-----w- c:\program files\Bonjour
2011-12-11 13:25 . 2011-12-11 13:25 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-12-11 13:22 . 2011-12-11 13:22 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-12-11 13:22 . 2011-12-11 13:22 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-12-11 13:22 . 2011-12-11 13:22 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-12-11 13:22 . 2011-12-11 13:22 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-12-11 13:22 . 2011-12-11 13:22 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-12-11 13:22 . 2011-12-11 13:22 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-12-11 13:22 . 2011-12-11 13:22 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-12-11 13:22 . 2011-12-11 13:22 -------- d-----w- c:\program files\QuickTime
2011-12-11 13:07 . 2011-12-11 13:07 -------- d-----w- c:\documents and settings\Dominic\Local Settings\Application Data\Secunia PSI
2011-12-11 13:06 . 2011-12-11 13:06 -------- d-----w- c:\program files\Secunia
2011-12-11 05:46 . 2011-12-11 05:46 -------- d-----w- c:\documents and settings\Dominic\Application Data\Malwarebytes
2011-12-11 05:46 . 2011-12-11 05:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-11 05:46 . 2011-12-11 05:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-11 05:46 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-11 05:15 . 2011-12-11 05:15 -------- d-----w- c:\windows\system32\GroupPolicy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2005-08-16 09:18 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2005-08-16 09:18 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2005-08-16 09:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2005-08-16 09:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2005-08-16 09:18 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2005-08-16 09:18 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2005-08-16 09:18 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2005-08-16 09:18 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 03:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-14 22:38 . 2005-08-16 09:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2005-08-16 09:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-08 04:50 . 2011-09-21 23:39 220992 ----a-w- c:\windows\system32\nvcolor.exe
2011-10-08 04:50 . 2011-09-21 23:39 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-08 04:50 . 2011-09-21 23:38 65536 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-08 04:50 . 2011-09-21 23:38 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-08 04:50 . 2011-09-21 23:38 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-08 04:50 . 2011-09-21 23:38 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-08 04:50 . 2011-09-21 23:38 5595136 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-08 04:50 . 2011-09-21 23:38 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-08 04:50 . 2011-09-21 23:38 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-08 04:50 . 2006-04-17 12:08 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-10-08 04:50 . 2006-04-17 12:08 298304 ----a-w- c:\windows\system32\nvsvc32.exe
2011-10-08 04:50 . 2006-04-17 12:08 2449408 ----a-w- c:\windows\system32\nvapi.dll
2011-10-08 04:50 . 2006-04-17 12:08 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-08 04:50 . 2006-04-17 12:08 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
2011-10-08 04:50 . 2006-04-17 12:08 16744256 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-08 04:50 . 2005-08-16 09:35 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-10-08 04:50 . 2005-08-16 09:35 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
2011-09-28 07:06 . 2005-08-16 09:18 599040 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-04-17 26112]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-04-17 169472]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
"DLCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2006-10-20 73728]
"dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2005-11-08 25600]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlcgcoms.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [6/14/2011 8:09 PM 188272]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/11/2011 12:46 AM 366152]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [9/21/2011 6:39 PM 2253120]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 1:01 AM 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/14/2011 1:01 AM 399416]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [6/14/2011 8:10 PM 64080]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/11/2011 12:46 AM 22216]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.drudgereport.com/
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 68.87.73.246 68.87.71.230
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-27 00:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-12-27 00:19:36
ComboFix-quarantined-files.txt 2011-12-27 05:19
.
Pre-Run: 191,977,390,080 bytes free
Post-Run: 192,211,099,648 bytes free
.
- - End Of File - - 7F831F6437FBA9EAED43F516FCBCC15B

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:45 AM

Posted 27 December 2011 - 12:33 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 chicken_little

chicken_little
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 27 December 2011 - 10:51 PM

Hi Gringo,

Please see below the OTL.txt log:

OTL logfile created on: 12/27/2011 10:44:32 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Dominic\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.45% Memory free
3.85 Gb Paging File | 3.09 Gb Available in Paging File | 80.36% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.03 Gb Total Space | 178.95 Gb Free Space | 78.47% Space Free | Partition Type: NTFS

Computer Name: DHDR9T91 | User Name: Dominic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dominic\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\dlcgcoms.exe ( )
PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\WINDOWS\system32\encdec.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll ()
MOD - C:\Program Files\Trend Micro\AMSP\libprotobuf.dll ()
MOD - C:\Program Files\Trend Micro\AMSP\sqlite3.dll ()
MOD - C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll ()
MOD - C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\dlcgcfg.dll ()
MOD - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll ()
MOD - C:\WINDOWS\system32\VBICodec.ax ()
MOD - C:\WINDOWS\system32\mpg2splt.ax ()
MOD - C:\WINDOWS\system32\dlcgcnv4.dll ()
MOD - C:\WINDOWS\system32\EzRating.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.)
SRV - (dlcg_device) -- C:\WINDOWS\System32\dlcgcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (Angel2) -- C:\WINDOWS\system32\drivers\Angel2.sys (Lumanate, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2338603519-2566714639-3554146953-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
IE - HKU\S-1-5-21-2338603519-2566714639-3554146953-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2338603519-2566714639-3554146953-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-2338603519-2566714639-3554146953-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE - HKU\S-1-5-21-2338603519-2566714639-3554146953-1007\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-21-2338603519-2566714639-3554146953-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
IE - HKU\S-1-5-21-2338603519-2566714639-3554146953-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
IE - HKU\S-1-5-21-2338603519-2566714639-3554146953-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE - HKU\S-1-5-21-2338603519-2566714639-3554146953-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2011/06/14 20:10:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\firefoxextension\ [2011/10/18 01:15:13 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/12/27 00:15:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKU\S-1-5-21-2338603519-2566714639-3554146953-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2338603519-2566714639-3554146953-1007\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCGCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.DLL ()
O4 - HKLM..\Run: [dlcgmon.exe] C:\Program Files\Dell AIO 810\dlcgmon.exe (Dell)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-2338603519-2566714639-3554146953-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2338603519-2566714639-3554146953-1007..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2338603519-2566714639-3554146953-1007..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" File not found
O4 - HKU\.DEFAULT..\RunOnce: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2338603519-2566714639-3554146953-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2338603519-2566714639-3554146953-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2338603519-2566714639-3554146953-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2338603519-2566714639-3554146953-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2338603519-2566714639-3554146953-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2338603519-2566714639-3554146953-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1316642261218 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3FEC78F-80C8-41F6-B85B-670EB192EC5D}: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Dominic\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dominic\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/27 22:43:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dominic\Desktop\OTL.exe
[2011/12/26 23:19:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/26 23:17:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/26 23:17:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/26 23:17:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/26 23:17:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/26 23:17:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/26 23:17:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/26 23:16:05 | 004,352,855 | R--- | C] (Swearware) -- C:\Documents and Settings\Dominic\Desktop\ComboFix.exe
[2011/12/22 20:42:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dominic\Start Menu\Programs\Administrative Tools
[2011/12/22 20:41:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Dominic\Desktop\dds.scr
[2011/12/11 17:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominic\Application Data\SUPERAntiSpyware.com
[2011/12/11 17:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/12/11 17:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/12/11 17:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/11 17:13:11 | 013,474,504 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Dominic\Desktop\SUPERAntiSpyware.exe
[2011/12/11 16:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/11 16:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/11 16:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/12/11 16:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/12/11 16:25:56 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dominic\Desktop\TFC.exe
[2011/12/11 15:12:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/12/11 08:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/12/11 08:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/12/11 08:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/12/11 08:22:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/12/11 08:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/12/11 08:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominic\Local Settings\Application Data\Secunia PSI
[2011/12/11 08:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/12/11 08:06:00 | 001,754,456 | ---- | C] (Secunia) -- C:\Documents and Settings\Dominic\Desktop\PSISetup.exe
[2011/12/11 00:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominic\Application Data\Malwarebytes
[2011/12/11 00:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/11 00:46:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/11 00:46:29 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/11 00:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/11 00:45:23 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dominic\Desktop\mbam-setup.exe
[2011/12/11 00:39:05 | 001,577,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dominic\Desktop\iexplore.com.exe
[2011/12/11 00:28:51 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/12/11 00:15:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/12/10 23:29:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dominic\Recent
[2006/11/03 10:28:22 | 000,537,480 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgcoms.exe
[2006/11/03 10:28:22 | 000,385,928 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgih.exe
[2006/11/03 10:28:20 | 000,381,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgcfg.exe
[2006/10/11 17:01:40 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgpmui.dll
[2006/10/11 16:59:56 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgserv.dll
[2006/10/11 16:54:10 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgcomm.dll
[2006/10/11 16:52:34 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcglmpm.dll
[2006/10/11 16:51:16 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgiesc.dll
[2006/10/11 16:48:58 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgpplc.dll
[2006/10/11 16:48:14 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgcomc.dll
[2006/10/11 16:47:42 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgprox.dll
[2006/10/11 16:41:42 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcginpa.dll
[2006/10/11 16:41:04 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgusb1.dll
[2006/10/11 16:37:14 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcghbn3.dll
[2006/04/17 07:09:22 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[2006/04/17 07:09:20 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2011/12/27 22:43:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dominic\Desktop\OTL.exe
[2011/12/27 00:15:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/26 23:26:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/26 23:26:32 | 2145,538,048 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/26 23:19:31 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/12/26 23:16:07 | 004,352,855 | R--- | M] (Swearware) -- C:\Documents and Settings\Dominic\Desktop\ComboFix.exe
[2011/12/22 21:37:14 | 000,999,261 | ---- | M] () -- C:\Documents and Settings\Dominic\Desktop\Survey Salary.pdf
[2011/12/22 21:36:08 | 001,684,945 | ---- | M] () -- C:\Documents and Settings\Dominic\Desktop\Survey_Salary.pdf
[2011/12/22 21:35:40 | 001,852,663 | ---- | M] () -- C:\Documents and Settings\Dominic\Desktop\Survey_Salary_Report.pdf
[2011/12/22 20:41:34 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Dominic\Desktop\dds.scr
[2011/12/22 20:40:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dominic\defogger_reenable
[2011/12/22 20:40:15 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Dominic\Desktop\Defogger.exe
[2011/12/22 13:39:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/22 07:44:00 | 000,024,249 | ---- | M] () -- C:\Documents and Settings\Dominic\Desktop\Dominic Mammarella Resume Philly Dec 2011.pdf
[2011/12/18 23:30:49 | 001,844,461 | ---- | M] () -- C:\Documents and Settings\Dominic\Desktop\MTM0Mzg4ZTdlYTFhMGZjZXwwLjE=.pdf
[2011/12/18 20:41:11 | 000,096,661 | ---- | M] () -- C:\Documents and Settings\Dominic\Desktop\TD.pdf
[2011/12/14 21:28:29 | 000,135,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/14 21:27:49 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx
[2011/12/14 21:27:49 | 000,055,476 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx
[2011/12/14 21:27:49 | 000,055,476 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx
[2011/12/14 21:27:49 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/12/14 21:27:49 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/12/14 20:28:43 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/12 22:29:36 | 000,859,084 | ---- | M] () -- C:\Documents and Settings\Dominic\Desktop\oia-brochure.pdf
[2011/12/11 17:13:48 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/11 17:13:23 | 013,474,504 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Dominic\Desktop\SUPERAntiSpyware.exe
[2011/12/11 16:25:57 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dominic\Desktop\TFC.exe
[2011/12/11 08:07:03 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/12/11 08:06:02 | 001,754,456 | ---- | M] (Secunia) -- C:\Documents and Settings\Dominic\Desktop\PSISetup.exe
[2011/12/11 07:50:21 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Dominic\Desktop\unhide.exe
[2011/12/11 00:46:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/11 00:45:28 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dominic\Desktop\mbam-setup.exe
[2011/12/11 00:39:09 | 001,577,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dominic\Desktop\iexplore.com.exe
[2011/12/11 00:33:41 | 001,008,120 | ---- | M] () -- C:\Documents and Settings\Dominic\Desktop\iExplore.exe
[2011/12/11 00:32:51 | 001,008,120 | ---- | M] () -- C:\Documents and Settings\Dominic\Desktop\rkill.com
[2011/12/10 23:30:02 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Dominic\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/10 23:30:02 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\Dominic\Desktop\System Fix.lnk

========== Files Created - No Company Name ==========

[2011/12/26 23:19:31 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/12/26 23:19:27 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/26 23:17:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/26 23:17:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/26 23:17:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/26 23:17:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/26 23:17:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/22 21:37:13 | 000,999,261 | ---- | C] () -- C:\Documents and Settings\Dominic\Desktop\Survey Salary.pdf
[2011/12/22 21:36:05 | 001,684,945 | ---- | C] () -- C:\Documents and Settings\Dominic\Desktop\Survey_Salary.pdf
[2011/12/22 21:35:40 | 001,852,663 | ---- | C] () -- C:\Documents and Settings\Dominic\Desktop\Survey_Salary_Report.pdf
[2011/12/22 20:40:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dominic\defogger_reenable
[2011/12/22 20:40:15 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Dominic\Desktop\Defogger.exe
[2011/12/22 07:43:57 | 000,024,249 | ---- | C] () -- C:\Documents and Settings\Dominic\Desktop\Dominic Mammarella Resume Philly Dec 2011.pdf
[2011/12/18 23:30:37 | 001,844,461 | ---- | C] () -- C:\Documents and Settings\Dominic\Desktop\MTM0Mzg4ZTdlYTFhMGZjZXwwLjE=.pdf
[2011/12/18 20:41:08 | 000,096,661 | ---- | C] () -- C:\Documents and Settings\Dominic\Desktop\TD.pdf
[2011/12/12 22:29:36 | 000,859,084 | ---- | C] () -- C:\Documents and Settings\Dominic\Desktop\oia-brochure.pdf
[2011/12/11 18:02:06 | 2145,538,048 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/11 17:13:48 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/11 08:07:03 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/12/11 08:07:03 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/12/11 07:59:03 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Dominic\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/11 07:59:03 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Dominic\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/12/11 07:59:03 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Dominic\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/12/11 07:59:01 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/11 07:59:01 | 000,001,934 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Plus! Photo Story 2 LE.lnk
[2011/12/11 07:59:01 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/12/11 07:59:01 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/12/11 07:59:01 | 000,001,370 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Center.lnk
[2011/12/11 07:59:01 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/12/11 07:59:01 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/12/11 07:50:21 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Dominic\Desktop\unhide.exe
[2011/12/11 00:46:33 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/11 00:33:41 | 001,008,120 | ---- | C] () -- C:\Documents and Settings\Dominic\Desktop\iExplore.exe
[2011/12/11 00:32:50 | 001,008,120 | ---- | C] () -- C:\Documents and Settings\Dominic\Desktop\rkill.com
[2011/12/10 23:30:02 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\Dominic\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/10 23:30:02 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\Dominic\Desktop\System Fix.lnk
[2011/09/28 20:50:29 | 000,049,212 | ---- | C] () -- C:\WINDOWS\System32\claptn32.ini
[2011/09/28 19:56:59 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2011/09/23 12:33:32 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Dominic\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/21 18:39:32 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/09/21 18:39:32 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/09/21 18:39:32 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/09/21 18:38:44 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/06/19 16:21:08 | 000,024,304 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/14 19:21:06 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/06/13 22:19:58 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Dominic\Local Settings\Application Data\fusioncache.dat
[2006/12/19 06:15:20 | 000,065,154 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2006/12/12 09:39:02 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2006/10/28 09:31:44 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcgcoin.dll
[2006/10/20 03:51:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcginsr.dll
[2006/10/20 03:51:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcgcur.dll
[2006/10/20 03:50:34 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcgjswr.dll
[2006/10/20 03:45:26 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcginsb.dll
[2006/10/20 03:45:16 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcgcub.dll
[2006/10/20 03:45:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcgcu.dll
[2006/10/20 03:44:54 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\dlcgins.dll
[2006/10/20 03:42:56 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\dlcgutil.dll
[2006/09/06 04:27:28 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcgcfg.dll
[2006/04/17 07:51:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/17 07:45:16 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/17 07:42:10 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/04/17 07:38:59 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/04/17 07:37:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/17 07:09:22 | 000,366,255 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2006/04/17 07:09:22 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2006/04/17 07:09:22 | 000,265,066 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
[2006/04/17 07:09:22 | 000,231,821 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2006/04/17 07:09:22 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2006/04/17 07:09:22 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2006/04/17 07:09:22 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2006/04/17 07:09:22 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/04/17 07:09:22 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2006/04/17 07:09:22 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/04/17 07:09:22 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/04/17 07:09:20 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2006/04/17 07:09:16 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini
[2006/04/17 07:08:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/04/17 07:08:10 | 000,102,480 | ---- | C] () -- C:\WINDOWS\System32\EzRating.dll
[2006/04/17 07:08:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EzdCoIns.dll
[2006/04/17 07:07:36 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/18 05:26:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcgvs.dll
[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 04:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:27:59 | 000,135,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 04:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 04:18:33 | 000,453,878 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 04:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 04:18:33 | 000,075,484 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 04:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 04:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 04:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 04:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 04:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 04:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 04:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/05 09:32:24 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcgcnv4.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:45 AM

Posted 28 December 2011 - 05:13 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O4 - HKU\S-1-5-21-2338603519-2566714639-3554146953-1007..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2011/12/10 23:30:02 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Dominic\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
    [2011/12/10 23:30:02 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\Dominic\Desktop\System Fix.lnk
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 chicken_little

chicken_little
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 28 December 2011 - 08:00 PM

Gringo,

It looks like your suggestion did the trick. I posted the log below, but I don't see remnants of System Fix. Thanks so much!

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2338603519-2566714639-3554146953-1007\Software\Microsoft\Windows\CurrentVersion\Run\\OE_OEM deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\Dominic\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk moved successfully.
C:\Documents and Settings\Dominic\Desktop\System Fix.lnk moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Dominic\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Dominic\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dominic
->Temp folder emptied: 53248 bytes
->Temporary Internet Files folder emptied: 22539537 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 186168 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 22.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Dominic
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Dominic
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12282011_195428

Files\Folders moved on Reboot...
C:\Documents and Settings\Dominic\Local Settings\Temporary Internet Files\Content.IE5\YK1O8QNR\mail[1].htm moved successfully.
C:\Documents and Settings\Dominic\Local Settings\Temporary Internet Files\Content.IE5\W8AAX3DC\ifr[1].htm moved successfully.
C:\Documents and Settings\Dominic\Local Settings\Temporary Internet Files\Content.IE5\VKPN6X8M\page__p__2505843__fromsearch__1[1].htm moved successfully.
C:\Documents and Settings\Dominic\Local Settings\Temporary Internet Files\Content.IE5\5CSCN830\ifr[1].htm moved successfully.
C:\Documents and Settings\Dominic\Local Settings\Temporary Internet Files\Content.IE5\2I07Z32Q\ifr[2].htm moved successfully.
C:\Documents and Settings\Dominic\Local Settings\Temporary Internet Files\Content.IE5\2I07Z32Q\mail[1].htm moved successfully.
C:\Documents and Settings\Dominic\Local Settings\Temporary Internet Files\Content.IE5\2I07Z32Q\mail[3].htm moved successfully.
C:\Documents and Settings\Dominic\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7f0.dat not found!

Registry entries deleted on Reboot...

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:45 AM

Posted 28 December 2011 - 08:24 PM

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:45 AM

Posted 01 January 2012 - 09:49 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:45 AM

Posted 04 January 2012 - 11:16 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:45 AM

Posted 08 January 2012 - 08:15 PM

This topic has been re-opened at the request of the person who originally posted.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:45 AM

Posted 10 January 2012 - 11:28 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users