1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved bogus AV, redirected URLs, and can't get Windows Updates

Discussion in 'Malware and Virus Removal Archive' started by joshcsmith13, 2010/07/31.

Page 1 of 2
  1. 2010/07/31
    joshcsmith13

    joshcsmith13 Inactive Thread Starter

    Joined:
    2010/07/30
    Messages:
    18
    Likes Received:
    0
    [Resolved] bogus AV, redirected URLs, and can't get Windows Updates

    First off, let me say how impressed I am with the support I've seen on this site, especially from Broni. As such, I'm hoping you can help me out. My story is basically the same as this guys: http://www.WindowsBBS.com/malware-v...-debugging-popups-windows-update-failure.html

    I can't get to the Microsoft Windows update site(s). Random web pages show up uninvited, and many URLs get redirected to random or obviously bogus web sites. Some times I get an infinite loop of Just-in-time debugging that I can't get rid of. To make things worse, and now I'm really worried, it seems that my previously uninfected work laptop (PC) has just started displaying a suspicious "Security Tool" pop-up, after I got on the same wi-fi network as my infected home PC. ???

    I've run MalwareBytes' quick scan, and it found and removed a Trojan. I'll inclue the log after my DDS outputs (captured after Malwarebytes). I've been running Avast AV for years, and this is at least the second time I've been hit by such a virus/malware. That's really disappointing! Last time I ended up reformatting and laying down a new copy of Windows. I really don't want to go that route this time.

    Thanks for you time!
    Josh
     
    joshcsmith13,
    #1
  2. 2010/07/31
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    Hi,

    Read this post as indicated at the top of this forum & follow the instructions.
     
    Admin.,
    #2


  3. to hide this advert.

  4. 2010/07/31
    joshcsmith13

    joshcsmith13 Inactive Thread Starter

    Joined:
    2010/07/30
    Messages:
    18
    Likes Received:
    0
    sorry Mr. Admin. I must have missed that part about new members being subject to message moderation. I thought I would be able to immediately follow my initial post with my logs, but apparently not. So, I waited for you to approve my post, instead of starting another thread.
    here we go... (this is after running Malwerebytes Quick Scan & removal)

    ed.
    Or not... It appears that I still have the mysterious "reset connection" error when I try to submit my log, indicating that my virus doesn't like something in the text. Is there a way I can send an e-mail or include an attachment?
     
    joshcsmith13,
    #3
  5. 2010/07/31
    joshcsmith13

    joshcsmith13 Inactive Thread Starter

    Joined:
    2010/07/30
    Messages:
    18
    Likes Received:
    0
    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Josh at 17:02:40.07 on Sat 07/31/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1827 [GMT -6:00]

    AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
    C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
    C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Starfield\Desktop Notifier\wben.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\WINDOWS\system32\MDM.EXE
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Josh\My Documents\My Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.bing.com/?pc=AVBR
    uSearch Page = hxxp://www.bing.com/?pc=AVBR
    uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
    uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html?p=DS
    uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [wben] "c:\program files\starfield\desktop notifier\wben.exe "
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe "
    uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe "
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [P17Helper] Rundll32 P17.dll,P17Helper
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [EPSON Stylus CX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800 "
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [D-Link AirPlus Xtreme G] c:\program files\d-link\airplus xtreme g\AirPlusCFG.exe
    mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r
    mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [ANIWZCSService] c:\program files\alpha networks\aniwzcs service\WZCSLDR.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: microsoft.com\*.update
    Trusted Zone: microsoft.com\update
    Trusted Zone: microsoft.com\win****up****
    Trusted Zone: win****up****.com\download
    DPF: Web-Based Email Tools - hxxp://email04.secureserver.net/Download.CAB
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://dcode.support.microsoft.com/dcode/ActiveX/MSDcode.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1280465641437
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/win****up****/v6/V5Controls/en/x86/client/wuweb_site.cab?1264394856500
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264396288828
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\josh\applic~1\mozilla\firefox\profiles\rjgydef4.default\
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-24 165456]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-24 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-24 40384]
    R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2003-10-22 547744]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-24 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-24 40384]

    =============== Created Last 30 ================

    2010-07-31 00:28:22 0 d-----w- c:\program files\Loaris
    2010-07-30 06:20:48 0 dc-h--w- c:\windows\ie8
    2010-07-30 05:29:43 0 d-----w- c:\docume~1\josh\applic~1\Malwarebytes
    2010-07-30 05:29:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-30 05:29:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-30 05:29:32 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-30 05:29:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-07-29 14:16:43 0 d-----w- c:\program files\Spybot - Search & Destroy
    2010-07-29 14:16:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2010-07-29 05:21:41 0 d-----w- c:\windows\system32\wbem\Repository
    2010-07-29 03:43:55 0 d-----w- c:\docume~1\josh\applic~1\Dropbox
    2010-07-23 02:19:36 0 d-----w- c:\program files\Amazon
    2010-07-21 00:29:41 38848 ----a-w- c:\windows\avastSS.scr
    2010-07-14 12:52:46 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2010-07-06 20:06:19 0 d-----w- c:\program files\Arithmemouse Times Tables Demo

    ==================== Find3M ====================

    2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
    2010-05-06 10:41:53 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2010-05-06 10:41:51 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
    2010-05-06 10:41:51 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-05-06 10:41:50 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2010-05-06 10:41:50 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
    2010-05-06 10:41:49 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
    2010-05-06 10:41:48 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2010-04-28 05:01:03 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010042720100428\index.dat

    ============= FINISH: 17:04:27.35 ===============
     
    joshcsmith13,
    #4
  6. 2010/08/01
    joshcsmith13

    joshcsmith13 Inactive Thread Starter

    Joined:
    2010/07/30
    Messages:
    18
    Likes Received:
    0
    cool...
    you may notice the win****up**** lines... I had to edit those or I couldn't post my log, presumably due to my "friendly" virus interfering.
     
    joshcsmith13,
    #5
  7. 2010/08/01
    joshcsmith13

    joshcsmith13 Inactive Thread Starter

    Joined:
    2010/07/30
    Messages:
    18
    Likes Received:
    0
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/24/2010 2:45:21 PM
    System Uptime: 7/31/2010 4:38:35 PM (1 hours ago)

    Motherboard: Dell Inc. | | 0M3918
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 71 GiB total, 30.781 GiB free.
    D: is CDROM ()
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) PRO/100 VE Network Connection
    Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_01811028&REV_03\4&10416D21&0&40F0
    Manufacturer: Intel
    Name: Intel(R) PRO/100 VE Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_01811028&REV_03\4&10416D21&0&40F0
    Service: E100B

    ==== System Restore Points ===================

    RP1: 7/29/2010 8:41:09 PM - System Checkpoint
    RP2: 7/29/2010 10:01:19 PM - Installed Microsoft Fix it 50202
    RP3: 7/29/2010 10:08:02 PM - Installed Microsoft Fix it 50202
    RP4: 7/30/2010 12:21:59 AM - Installed Windows Internet Explorer 8.
    RP5: 7/31/2010 8:00:53 AM - System Checkpoint

    ==== Installed Programs ======================

    7-Zip 9.13 beta
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.3.3
    Adobe Shockwave Player 11.5
    AirPlus Xtreme G
    ALShow
    ALTools Update
    Amazon MP3 Downloader 1.0.10
    ANIO Service
    ANIWZCS Service
    Apple Application Support
    Apple Software Update
    Arithmemouse Times Tables Demo 1.13
    ATI Control Panel
    ATI Display Driver
    avast! Free Antivirus
    Banctec Service Agreement
    Carbonite
    Compatibility Pack for the 2007 Office system
    Creative MediaSource
    Dell Driver Reset Tool
    Dell Picture Studio v3.0
    Dell Support 5.0.0 (630)
    Dell System Restore
    Desktop Notifier
    EPSON CX 4200 4800 Guide
    EPSON Printer Software
    EPSON Scan
    Hawaiian Explorer Pearl Harbor 1.0.0.30
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) PRO Network Adapters and Drivers
    Intel(R) PROSet for Wired Connections
    Internet Explorer Default Page
    Jasc Paint Shop Photo Album 5
    Jasc Paint Shop Pro Studio, Dell Editon
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 17
    Loaris Trojan Remover 1.2
    Macromedia Flash Player
    Malwarebytes' Anti-Malware
    Map To Atlantis
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Encarta Encyclopedia Standard 2005
    Microsoft Money 2005
    Microsoft Office 2000 Professional
    Microsoft Outlook 2002
    Microsoft Picture It! Library 10
    Microsoft Picture It! Premium 10
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft Streets and Trips 2005
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Word 2002
    Microsoft Works
    Microsoft Works 2005 Setup Launcher
    Microsoft Works Suite Add-in for Microsoft Word
    Mozilla Firefox (3.6.8)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    My Way Search Assistant
    Paint.NET v3.5.5
    Picasa 3
    PrimoPDF -- by Nitro PDF Software
    QuickTime
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Shockwave
    Sonic DLA
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Sound Blaster Live! 24-bit
    Spybot - Search & Destroy
    StarFlyers Alien Space Chase
    TEAM MANAGER 5.0 for Swimming
    Unlocker 1.8.8
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB978207)
    WebFldrs XP
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows XP Service Pack 3
    Works Upgrade
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    Zoombinis Island Odyssey

    ==== Event Viewer Messages From Past Week ========

    7/30/2010 12:45:20 AM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    7/30/2010 12:11:44 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    7/30/2010 12:11:44 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
    7/30/2010 12:11:35 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
    7/30/2010 12:10:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    7/29/2010 11:44:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service CarboniteService with arguments " " in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
    7/29/2010 11:15:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    ==== End Of File ===========================
     
    joshcsmith13,
    #6
  8. 2010/08/01
    joshcsmith13

    joshcsmith13 Inactive Thread Starter

    Joined:
    2010/07/30
    Messages:
    18
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4368

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    7/31/2010 4:37:40 PM
    mbam-log-2010-07-31 (16-37-40).txt

    Scan type: Quick scan
    Objects scanned: 188318
    Time elapsed: 16 minute(s), 45 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
     
    joshcsmith13,
    #7
  9. 2010/08/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE. If Combofix asks you to install Recovery Console, please allow it.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #8
  10. 2010/08/01
    joshcsmith13

    joshcsmith13 Inactive Thread Starter

    Joined:
    2010/07/30
    Messages:
    18
    Likes Received:
    0
    here's the ComboFix log. I had to let it install the Recovery Console hte first time, then it stalled when scanning. I let it sit for an hour before rebooting, then started it again and it went right to scanning.

    ComboFix 10-07-31.04 - Josh 08/01/2010 13:30:17.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.2100 [GMT -6:00]
    Running from: c:\documents and settings\Josh\Desktop\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Boys\Application Data\.#
    c:\documents and settings\Toni\Application Data\.#
    c:\windows\Downloaded Program Files\ODCTOOLS
    c:\windows\settings.reg
    c:\windows\system32\Data
    c:\windows\usp10.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-07-01 to 2010-08-01 )))))))))))))))))))))))))))))))
    .

    2010-07-31 13:44 . 2010-07-31 13:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-07-31 00:28 . 2010-07-31 00:28 -------- d-----w- c:\program files\Loaris
    2010-07-30 06:20 . 2010-07-30 06:22 -------- dc-h--w- c:\windows\ie8
    2010-07-30 05:29 . 2010-07-30 05:29 -------- d-----w- c:\documents and settings\Josh\Application Data\Malwarebytes
    2010-07-30 05:29 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-30 05:29 . 2010-07-30 05:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-30 05:29 . 2010-07-30 05:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-07-30 05:29 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-30 02:13 . 2010-07-30 02:13 0 ----a-w- c:\windows\nsreg.dat
    2010-07-30 02:13 . 2010-07-30 02:13 -------- d-sh--w- c:\documents and settings\Boys\IECompatCache
    2010-07-30 00:40 . 2010-07-30 00:40 -------- d-sh--w- c:\documents and settings\Admin\IETldCache
    2010-07-29 14:16 . 2010-07-29 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-07-29 14:16 . 2010-07-29 14:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-07-29 05:21 . 2010-07-29 05:21 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-07-29 04:54 . 2010-07-29 04:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-07-29 03:43 . 2010-07-29 05:01 -------- d-----w- c:\documents and settings\Josh\Application Data\Dropbox
    2010-07-23 02:21 . 2010-07-23 02:21 -------- d-----w- c:\documents and settings\Josh\Application Data\Amazon
    2010-07-23 02:19 . 2010-07-23 02:19 -------- d-----w- c:\program files\Amazon
    2010-07-21 00:29 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
    2010-07-14 12:52 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2010-07-11 03:30 . 2010-07-11 03:30 -------- d-----w- c:\documents and settings\Toni\Local Settings\Application Data\Deployment
    2010-07-07 04:08 . 2010-07-07 04:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2010-07-06 20:06 . 2010-07-06 20:06 -------- d-----w- c:\program files\Arithmemouse Times Tables Demo

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-01 18:44 . 2010-06-14 02:12 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-08-01 04:16 . 2010-01-31 15:59 4110 ----a-w- c:\documents and settings\Toni\Application Data\wklnhst.dat
    2010-07-30 02:16 . 2008-09-06 02:27 65688 ----a-w- c:\documents and settings\Boys\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-07-18 04:18 . 2010-01-28 23:33 -------- d-----w- c:\program files\Paint.NET
    2010-06-28 20:57 . 2010-01-25 02:37 165032 ----a-w- c:\windows\system32\aswBoot.exe
    2010-06-28 20:37 . 2010-01-25 02:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-06-28 20:37 . 2010-01-25 02:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-06-28 20:33 . 2010-01-25 02:37 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-06-28 20:32 . 2010-01-25 02:37 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-06-28 20:32 . 2010-01-25 02:37 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-06-28 20:32 . 2010-01-25 02:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-06-28 20:32 . 2010-01-25 02:37 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-06-14 14:31 . 2004-08-10 18:02 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-09 04:58 . 2010-06-09 04:57 -------- d-----w- c:\documents and settings\Toni\Application Data\ESTsoft
    2010-06-09 04:57 . 2010-06-09 04:57 -------- d-----w- c:\program files\ESTsoft
    2010-06-06 12:03 . 2010-01-27 23:43 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
    2010-05-25 19:38 . 2010-05-25 19:38 503808 ----a-w- c:\documents and settings\Toni\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-23401353-n\msvcp71.dll
    2010-05-25 19:38 . 2010-05-25 19:38 348160 ----a-w- c:\documents and settings\Toni\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-23401353-n\msvcr71.dll
    2010-05-25 19:38 . 2010-05-25 19:38 499712 ----a-w- c:\documents and settings\Toni\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-23401353-n\jmc.dll
    2010-05-24 01:05 . 2010-05-24 01:05 503808 ----a-w- c:\documents and settings\Boys\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5328313a-n\msvcp71.dll
    2010-05-24 01:05 . 2010-05-24 01:05 499712 ----a-w- c:\documents and settings\Boys\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5328313a-n\jmc.dll
    2010-05-24 01:05 . 2010-05-24 01:05 348160 ----a-w- c:\documents and settings\Boys\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5328313a-n\msvcr71.dll
    2010-05-23 01:47 . 2010-05-23 01:47 503808 ----a-w- c:\documents and settings\Josh\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-30cabc58-n\msvcp71.dll
    2010-05-23 01:47 . 2010-05-23 01:47 499712 ----a-w- c:\documents and settings\Josh\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-30cabc58-n\jmc.dll
    2010-05-23 01:47 . 2010-05-23 01:47 348160 ----a-w- c:\documents and settings\Josh\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-30cabc58-n\msvcr71.dll
    2010-05-20 02:17 . 2010-01-25 02:27 65688 ----a-w- c:\documents and settings\Josh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-05-09 04:55 . 2010-05-09 04:55 65688 ----a-w- c:\documents and settings\Toni\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @= "{95A27763-F62A-4114-9072-E81D87DE3B68} "
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2009-12-03 23:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @= "{E300CD91-100F-4E67-9AF3-1384A6124015} "
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2009-12-03 23:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @= "{5E529433-B50E-4bef-A63B-16A6B71B071A} "
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2009-12-03 23:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "wben "= "c:\program files\Starfield\Desktop Notifier\wben.exe" [2009-09-24 338456]
    "SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "Messenger (Yahoo!) "= "c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-04-29 5248312]
    "DellSupport "= "c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast5 "= "c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
    "UpdReg "= "c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "UnlockerAssistant "= "c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2010-03-24 149280]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
    "P17Helper "= "P17.dll" [2005-05-03 64512]
    "ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "EPSON Stylus CX4800 Series "= "c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-01 98304]
    "dla "= "c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "D-Link AirPlus Xtreme G "= "c:\program files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe" [2003-11-05 2502656]
    "CTSysVol "= "c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
    "Carbonite Backup "= "c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-12-03 670864]
    "ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
    "ANIWZCSService "= "c:\program files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 32768]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/24/2010 8:37 PM 165456]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/24/2010 8:37 PM 17744]
    R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [10/22/2003 4:27 PM 547744]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bing.com/?pc=AVBR
    uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    Trusted Zone: microsoft.com\*.update
    Trusted Zone: microsoft.com\update
    Trusted Zone: microsoft.com\windowsupdate
    Trusted Zone: windowsupdate.com\download
    DPF: Web-Based Email Tools - hxxp://email04.secureserver.net/Download.CAB
    FF - ProfilePath - c:\documents and settings\Josh\Application Data\Mozilla\Firefox\Profiles\rjgydef4.default\
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-01 13:40
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    Completion time: 2010-08-01 13:42:32
    ComboFix-quarantined-files.txt 2010-08-01 19:42

    Pre-Run: 32,843,390,976 bytes free
    Post-Run: 33,416,368,128 bytes free

    - - End Of File - - AB9418A5126463C64BB43E92BBAE61E6
     
    joshcsmith13,
    #9
  11. 2010/08/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Combofix log looks good now :)

    How are the issues?

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Click OK (Vista users - press Enter).
    Restart computer.

    ============================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #10
  12. 2010/08/01
    joshcsmith13

    joshcsmith13 Inactive Thread Starter

    Joined:
    2010/07/30
    Messages:
    18
    Likes Received:
    0
    that went well. BTW, I am now getting a notice to install Windows Updates, and I can properly access the site!

    here's the OTL.txt

    OTL logfile created on: 8/1/2010 8:56:40 PM - Run 1
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Josh\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 70.59 Gb Total Space | 31.50 Gb Free Space | 44.62% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: D4700
    Current User Name: Josh
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/08/01 20:42:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh\Desktop\OTL.exe
    PRC - [2010/06/28 14:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/06/28 14:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
    PRC - [2009/12/03 17:52:32 | 000,670,864 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    PRC - [2009/10/26 01:33:41 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
    PRC - [2009/09/24 15:51:56 | 000,338,456 | ---- | M] (Starfield Technologies, Inc.) -- C:\Program Files\Starfield\Desktop Notifier\wben.exe
    PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/04/13 18:12:43 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scrnsave.scr
    PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/11/13 14:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    PRC - [2006/11/13 14:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
    PRC - [2005/02/01 13:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIADA.EXE
    PRC - [2004/07/27 15:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    PRC - [2004/07/19 06:51:24 | 000,306,688 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
    PRC - [2003/11/04 18:00:16 | 002,502,656 | ---- | M] (D-Link) -- C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
    PRC - [2003/09/17 09:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
    PRC - [2003/08/21 17:12:02 | 000,032,768 | ---- | M] (Alpha Networks Inc.) -- C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
    PRC - [1998/09/04 00:09:08 | 000,119,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MDM.EXE


    ========== Modules (SafeList) ==========

    MOD - [2010/08/01 20:42:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh\Desktop\OTL.exe
    MOD - [2008/04/13 18:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/06/28 14:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/06/28 14:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/06/28 14:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
    SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Josh\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/06/28 14:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/06/28 14:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/06/28 14:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/06/28 14:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/06/28 14:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/06/28 14:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2007/06/15 03:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
    DRV - [2007/05/23 05:15:00 | 000,547,744 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
    DRV - [2005/01/10 11:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2005/01/10 11:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2004/12/22 12:58:14 | 000,008,704 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Pfmodnt.sys -- (PfModNT)
    DRV - [2004/12/06 00:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
    DRV - [2004/12/06 00:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
    DRV - [2004/12/06 00:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
    DRV - [2004/12/06 00:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
    DRV - [2004/12/06 00:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
    DRV - [2004/12/06 00:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
    DRV - [2004/12/06 00:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
    DRV - [2004/12/06 00:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
    DRV - [2004/12/06 00:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
    DRV - [2004/12/01 02:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
    DRV - [2004/11/23 01:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
    DRV - [2004/08/25 17:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2004/07/14 10:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
    DRV - [2004/07/14 10:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
    DRV - [2003/05/05 19:25:48 | 000,028,205 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
    DRV - [2002/11/08 18:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
    DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=AVBR
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/29 07:52:40 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/29 07:52:20 | 000,000,000 | ---D | M]

    [2010/07/29 07:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Mozilla\Extensions
    [2010/07/29 18:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\rjgydef4.default\extensions
    [2010/07/29 18:54:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\rjgydef4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/07/29 07:52:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/08/01 13:39:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe (Alpha Networks Inc.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe (D-Link)
    O4 - HKLM..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
    O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
    O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
    O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [wben] C:\Program Files\Starfield\Desktop Notifier\wben.exe (Starfield Technologies, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://dcode.support.microsoft.com/dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1280465641437 (MUCatalogWebControl Class)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264394856500 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1264396288828 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Web-Based Email Tools http://email04.secureserver.net/Download.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.168.0.1
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\itss.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Josh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Josh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2005/02/23 13:39:12 | 000,000,398 | ---- | M] () - C:\AUTOEXEC.UP -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
    Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Error starting restore point: System Restore is disabled.
    Error closing restore point: System Restore is disabled.

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/08/01 20:50:29 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2010/08/01 20:42:19 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Josh\Desktop\OTL.exe
    [2010/08/01 12:43:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/08/01 12:34:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/07/31 16:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\My Documents\stuipdVirus
    [2010/07/31 07:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2010/07/31 07:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2010/07/30 18:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\Loaris
    [2010/07/30 00:20:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2010/07/29 23:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Application Data\Malwarebytes
    [2010/07/29 23:29:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/07/29 23:29:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/07/29 23:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/07/29 23:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/07/29 08:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2010/07/29 08:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2010/07/29 07:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\My Documents\Downloads
    [2010/07/29 07:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010/07/28 23:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/07/28 23:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/07/28 21:45:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Josh\My Documents\My Dropbox
    [2010/07/28 21:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Application Data\Dropbox
    [2010/07/22 20:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Application Data\Amazon
    [2010/07/22 20:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
    [2010/07/20 18:29:41 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
    [2010/07/06 22:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2010/07/06 14:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\Arithmemouse Times Tables Demo
    [2010/06/08 22:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESTsoft
    [2010/05/22 16:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2010/05/03 22:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2010/05/03 21:53:05 | 000,000,000 | ---D | C] -- C:\ST_Temp
    [2005/06/07 18:39:16 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
    [2005/06/07 18:39:08 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
    [1996/11/17 17:00:00 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\IMPLODE.DLL
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/08/01 20:55:01 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\wklnhst.dat
    [2010/08/01 20:42:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh\Desktop\OTL.exe
    [2010/08/01 15:06:43 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Josh\ntuser.dat
    [2010/08/01 13:42:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/08/01 13:40:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/08/01 13:39:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/08/01 13:19:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/08/01 13:19:32 | 2682,408,960 | -HS- | M] () -- C:\hiberfil.sys
    [2010/08/01 12:44:07 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/08/01 12:43:30 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/08/01 12:30:40 | 000,003,183 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\ComboFix.rtf
    [2010/07/31 17:08:51 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Josh\ntuser.ini
    [2010/07/31 16:37:53 | 004,846,358 | -H-- | M] () -- C:\Documents and Settings\Josh\Local Settings\Application Data\IconCache.db
    [2010/07/30 00:25:04 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/07/30 00:12:04 | 000,000,122 | ---- | M] () -- C:\WINDOWS\mdm.ini
    [2010/07/29 23:02:40 | 000,610,436 | ---- | M] () -- C:\Documents and Settings\Josh\My Documents\MSSystemStats2EFF_result.cab
    [2010/07/29 22:26:21 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/07/29 22:26:11 | 000,522,982 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/07/29 22:26:11 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/07/29 22:26:11 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/07/29 21:18:02 | 000,004,305 | ---- | M] () -- C:\Documents and Settings\Josh\My Documents\MSSupport.htm
    [2010/07/29 21:13:52 | 000,595,577 | ---- | M] () -- C:\Documents and Settings\Josh\My Documents\MSSystemStats_result.cab
    [2010/07/29 20:37:32 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/07/29 20:37:32 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/07/29 20:13:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
    [2010/07/29 07:52:31 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/07/27 22:36:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/07/20 18:29:42 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/07/06 14:06:23 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Arithmemouse Times Tables Demo.lnk
    [2010/06/29 20:21:42 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/06/28 14:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
    [2010/06/28 14:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/06/28 14:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/06/28 14:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/06/28 14:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/06/28 14:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/06/28 14:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/06/28 14:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/06/28 14:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/06/12 21:58:08 | 000,246,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/06/08 22:57:54 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ALShow.lnk
    [2010/05/19 20:17:18 | 000,065,688 | ---- | M] () -- C:\Documents and Settings\Josh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/05/03 22:05:54 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
    [2010/05/03 22:05:54 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/08/01 12:43:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/08/01 12:43:26 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/08/01 12:30:39 | 000,003,183 | ---- | C] () -- C:\Documents and Settings\Josh\Desktop\ComboFix.rtf
    [2010/07/30 00:11:15 | 2682,408,960 | -HS- | C] () -- C:\hiberfil.sys
    [2010/07/29 23:03:56 | 000,610,436 | ---- | C] () -- C:\Documents and Settings\Josh\My Documents\MSSystemStats2EFF_result.cab
    [2010/07/29 22:26:08 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/07/29 21:18:02 | 000,004,305 | ---- | C] () -- C:\Documents and Settings\Josh\My Documents\MSSupport.htm
    [2010/07/29 21:14:33 | 000,595,577 | ---- | C] () -- C:\Documents and Settings\Josh\My Documents\MSSystemStats_result.cab
    [2010/07/29 20:37:29 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    [2010/07/29 20:13:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/07/29 07:52:31 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/07/28 20:20:15 | 007,864,320 | ---- | C] () -- C:\Documents and Settings\Josh\ntuser.dat
    [2010/07/06 14:06:23 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Arithmemouse Times Tables Demo.lnk
    [2010/06/13 20:12:55 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/06/08 22:57:54 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ALShow.lnk
    [2010/05/03 22:05:54 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
    [2010/05/03 22:05:54 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
    [2010/02/06 13:54:20 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
    [2010/02/01 16:35:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
    [2010/01/28 17:20:53 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2010/01/28 17:15:10 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4800.ini
    [2010/01/24 23:07:16 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
    [2010/01/24 23:07:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
    [2009/07/30 19:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
    [2005/06/07 19:09:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/06/07 19:05:23 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2005/06/07 19:02:26 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/06/07 18:58:28 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
    [2005/06/07 18:58:19 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
    [2005/06/07 18:58:19 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2005/06/07 18:58:13 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
    [2005/06/07 18:39:16 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
    [2005/06/07 18:39:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
    [2005/06/07 18:39:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
    [2005/06/07 18:38:58 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
    [2005/06/07 18:38:36 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/04/09 16:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

    ========== LOP Check ==========

    [2010/01/24 20:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/01/28 13:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
    [2010/07/22 20:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Amazon
    [2010/02/06 12:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Copy of Avant Profiles
    [2010/01/28 18:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\DriveHQ
    [2010/01/28 18:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\DriveHQHOOK
    [2010/07/28 23:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Dropbox
    [2010/01/28 18:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\eFax Messenger
    [2010/04/27 21:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\EPSON
    [2010/01/28 18:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\j2 Global
    [2010/01/28 18:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Juniper Networks
    [2010/01/28 17:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Leadertech
    [2010/02/06 15:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\PrimoPDF
    [2010/01/28 18:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\RapidTyping
    [2010/01/28 18:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\TaxCut

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2005/02/23 13:39:12 | 000,000,398 | ---- | M] () -- C:\AUTOEXEC.UP
    [2010/07/29 20:37:32 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/08/01 12:43:30 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2010/08/01 13:42:33 | 000,016,148 | ---- | M] () -- C:\ComboFix.txt
    [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2005/02/23 13:39:20 | 000,000,077 | ---- | M] () -- C:\CONFIG.UP
    [2005/02/23 13:39:20 | 000,000,085 | ---- | M] () -- C:\COPYUP.BAT
    [2005/06/07 18:44:34 | 000,004,883 | RH-- | M] () -- C:\dell.sdr
    [2005/02/23 13:39:36 | 000,002,613 | ---- | M] () -- C:\Dellboot.exe
    [2010/08/01 13:19:32 | 2682,408,960 | -HS- | M] () -- C:\hiberfil.sys
    [2010/01/24 20:30:16 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010/01/24 23:42:09 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/08/01 13:19:30 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2010/01/19 10:58:52 | 040,146,416 | ---- | M] () -- C:\setup_av50_free_eng.exe
    [2010/01/21 22:51:10 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\spybotsd162.exe

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\*. /mp /s >


    < %systemroot%\system32\*.dll /lockedfiles >
    [2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
    [2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
    [2009/03/08 04:31:56 | 000,183,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
    [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2004/08/10 11:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/10 11:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/10 11:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\user32.dll /md5 >
    [2008/04/13 18:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
    [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008/04/13 18:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
    [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2help.dll /md5 >
    [2008/04/13 18:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
    [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
    < End of report >
     
    joshcsmith13,
    #11
  13. 2010/08/01
    joshcsmith13

    joshcsmith13 Inactive Thread Starter

    Joined:
    2010/07/30
    Messages:
    18
    Likes Received:
    0
    OTL Extras logfile created on: 8/1/2010 8:56:40 PM - Run 1
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Josh\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 70.59 Gb Total Space | 31.50 Gb Free Space | 44.62% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: D4700
    Current User Name: Josh
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
    "{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
    "{05410044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{1214875C-89CF-4C0C-4944-F4D23A4D1995}" = Map To Atlantis
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
    "{29988DC6-9C4A-49B2-AC86-5C380B29ADB9}_is1" = Loaris Trojan Remover 1.2
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
    "{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
    "{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
    "{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
    "{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
    "{5698635D-8EA2-4964-B962-98173827D2AD}_is1" = Arithmemouse Times Tables Demo 1.13
    "{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
    "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{74FCFEA6-7447-4BDB-BFEC-FF195AA62A13}" = ANIWZCS Service
    "{7736FD0A-9BF4-40F3-AF12-2E95D65D964F}" = TEAM MANAGER 5.0 for Swimming
    "{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
    "{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
    "{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus Xtreme G
    "{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{911A0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Outlook 2002
    "{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
    "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
    "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
    "{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
    "{D61F7835-65DF-4662-9A71-CD51F8FC0CE4}" = Desktop Notifier
    "{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
    "{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
    "7-Zip" = 7-Zip 9.13 beta
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "ALShow_is1" = ALShow
    "ALUpdate_is1" = ALTools Update
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
    "ATI Display Driver" = ATI Display Driver
    "avast5" = avast! Free Antivirus
    "Carbonite Backup" = Carbonite
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "com.lego.atlantis.map.378F106BB385931F5AB093715910D3DE0DE5652E.1" = Map To Atlantis
    "DellSupport" = Dell Support 5.0.0 (630)
    "EPSON Printer and Utilities" = EPSON Printer Software
    "EPSON Scanner" = EPSON Scan
    "Hawaiian Explorer Pearl Harbor_is1" = Hawaiian Explorer Pearl Harbor 1.0.0.30
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus Xtreme G
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Money2005b" = Microsoft Money 2005
    "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MyWaySearchAssistantDE" = My Way Search Assistant
    "Picasa 3" = Picasa 3
    "PictureItPrem_v10" = Microsoft Picture It! Premium 10
    "PrimoPDF" = PrimoPDF -- by Nitro PDF Software
    "PROSet" = Intel(R) PRO Network Adapters and Drivers
    "Shockwave" = Shockwave
    "Silent Package Run-Time Sample" = EPSON CX 4200 4800 Guide
    "StarFlyers Alien Space Chase" = StarFlyers Alien Space Chase
    "Unlocker" = Unlocker 1.8.8
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Works2005Setup" = Microsoft Works 2005 Setup Launcher
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update
    "Zoombinis Island Odyssey" = Zoombinis Island Odyssey

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 6/9/2010 2:48:09 AM | Computer Name = D4700 | Source = VSS | ID = 12305
    Description = Volume Shadow Copy Service error: Volume/disk not connected or not
    found. Error context: CreateFileW(\\?\Volume{391c906a-0931-11df-9a8e-806d6172696f},0xc0000000,0x00000003,...).

    Error - 6/9/2010 4:20:12 AM | Computer Name = D4700 | Source = VSS | ID = 12305
    Description = Volume Shadow Copy Service error: Volume/disk not connected or not
    found. Error context: CreateFileW(\\?\Volume{391c906a-0931-11df-9a8e-806d6172696f},0xc0000000,0x00000003,...).

    Error - 7/1/2010 10:34:16 AM | Computer Name = D4700 | Source = MsiInstaller | ID = 11706
    Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
    source could be found for product Microsoft Office 2000 Professional. The Windows
    installer cannot continue.

    Error - 7/1/2010 10:34:31 AM | Computer Name = D4700 | Source = MsiInstaller | ID = 11706
    Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
    source could be found for product Microsoft Office 2000 Professional. The Windows
    installer cannot continue.

    Error - 7/12/2010 8:50:43 AM | Computer Name = D4700 | Source = MsiInstaller | ID = 11706
    Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
    source could be found for product Microsoft Office 2000 Professional. The Windows
    installer cannot continue.

    Error - 7/12/2010 8:53:39 AM | Computer Name = D4700 | Source = MsiInstaller | ID = 11706
    Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
    source could be found for product Microsoft Office 2000 Professional. The Windows
    installer cannot continue.

    Error - 7/12/2010 10:14:45 AM | Computer Name = D4700 | Source = MsiInstaller | ID = 11706
    Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
    source could be found for product Microsoft Office 2000 Professional. The Windows
    installer cannot continue.

    Error - 7/12/2010 10:14:55 AM | Computer Name = D4700 | Source = MsiInstaller | ID = 11706
    Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
    source could be found for product Microsoft Office 2000 Professional. The Windows
    installer cannot continue.

    Error - 7/12/2010 10:16:04 AM | Computer Name = D4700 | Source = MsiInstaller | ID = 11706
    Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
    source could be found for product Microsoft Office 2000 Professional. The Windows
    installer cannot continue.

    Error - 7/12/2010 10:16:11 AM | Computer Name = D4700 | Source = MsiInstaller | ID = 11706
    Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
    source could be found for product Microsoft Office 2000 Professional. The Windows
    installer cannot continue.

    [ System Events ]
    Error - 7/31/2010 6:03:48 PM | Computer Name = D4700 | Source = Ftdisk | ID = 262193
    Description = Configuring the Page file for crash dump failed. Make sure there is
    a page file on the boot partition and that is large enough to contain all physical
    memory.

    Error - 7/31/2010 6:39:12 PM | Computer Name = D4700 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    IntelIde

    Error - 7/31/2010 6:39:24 PM | Computer Name = D4700 | Source = Ftdisk | ID = 262189
    Description = The system could not sucessfully load the crash dump driver.

    Error - 7/31/2010 6:39:24 PM | Computer Name = D4700 | Source = Ftdisk | ID = 262193
    Description = Configuring the Page file for crash dump failed. Make sure there is
    a page file on the boot partition and that is large enough to contain all physical
    memory.

    Error - 7/31/2010 11:21:39 PM | Computer Name = D4700 | Source = Ftdisk | ID = 262189
    Description = The system could not sucessfully load the crash dump driver.

    Error - 7/31/2010 11:21:39 PM | Computer Name = D4700 | Source = Ftdisk | ID = 262193
    Description = Configuring the Page file for crash dump failed. Make sure there is
    a page file on the boot partition and that is large enough to contain all physical
    memory.

    Error - 7/31/2010 11:22:50 PM | Computer Name = D4700 | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    Error - 8/1/2010 2:21:55 PM | Computer Name = D4700 | Source = Ftdisk | ID = 262189
    Description = The system could not sucessfully load the crash dump driver.

    Error - 8/1/2010 2:21:55 PM | Computer Name = D4700 | Source = Ftdisk | ID = 262193
    Description = Configuring the Page file for crash dump failed. Make sure there is
    a page file on the boot partition and that is large enough to contain all physical
    memory.

    Error - 8/1/2010 3:40:01 PM | Computer Name = D4700 | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system
    without first being prepared for removal.


    < End of report >
     
    joshcsmith13,
    #12
  14. 2010/08/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good news :)

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ==============================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email04.secureserver.net/Download.CAB (Reg Error: Key error.)
[2010/08/01 20:50:29 | 000,000,000 | --SD | C] -- C:\ComboFix
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
    broni,
    #13
  15. 2010/08/01
    joshcsmith13

    joshcsmith13 Inactive Thread Starter

    Joined:
    2010/07/30
    Messages:
    18
    Likes Received:
    0
    OTL RunFix Log...

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UpdReg deleted successfully.
    C:\WINDOWS\Updreg.EXE moved successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Starting removal of ActiveX control Web-Based Email Tools
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Web-Based Email Tools\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Web-Based Email Tools\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Web-Based Email Tools\ not found.
    C:\ComboFix folder moved successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\System32\SET2D.tmp deleted successfully.
    C:\WINDOWS\002435_.tmp deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Admin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 38103571 bytes
    ->Flash cache emptied: 44827 bytes

    User: All Users

    User: Boys
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 294871 bytes
    ->Java cache emptied: 77699633 bytes
    ->FireFox cache emptied: 6818482 bytes
    ->Flash cache emptied: 126241 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 41620 bytes

    User: Guest
    ->Flash cache emptied: 916 bytes

    User: Josh
    ->Temp folder emptied: 10107637 bytes
    ->Temporary Internet Files folder emptied: 15461383 bytes
    ->Java cache emptied: 93346370 bytes
    ->FireFox cache emptied: 54157928 bytes
    ->Flash cache emptied: 43147 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 26440 bytes
    ->Flash cache emptied: 8645 bytes

    User: Owner

    User: Toni
    ->Temp folder emptied: 142685 bytes
    ->Temporary Internet Files folder emptied: 72665801 bytes
    ->Java cache emptied: 34915360 bytes
    ->Flash cache emptied: 23823 bytes

    User: Toni.D4700
    ->Java cache emptied: 54366743 bytes
    ->Flash cache emptied: 33321 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 49152 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 437.00 mb


    [EMPTYFLASH]

    User: Admin
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Boys
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Josh
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Owner

    User: Toni
    ->Flash cache emptied: 0 bytes

    User: Toni.D4700
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.9.1 log created on 08012010_223607

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_a94.dat not found!

    Registry entries deleted on Reboot...
     
    joshcsmith13,
    #14
  16. 2010/08/01
    joshcsmith13

    joshcsmith13 Inactive Thread Starter

    Joined:
    2010/07/30
    Messages:
    18
    Likes Received:
    0
    OTL Quick Scan Log...

    OTL logfile created on: 8/1/2010 10:44:13 PM - Run 2
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Josh\My Documents\stuipdVirus
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 70.59 Gb Total Space | 31.80 Gb Free Space | 45.05% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: D4700
    Current User Name: Josh
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/08/01 20:42:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh\My Documents\stuipdVirus\OTL.exe
    PRC - [2010/06/28 14:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/06/28 14:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
    PRC - [2009/12/03 17:52:32 | 000,670,864 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    PRC - [2009/10/26 01:33:41 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
    PRC - [2009/09/24 15:51:56 | 000,338,456 | ---- | M] (Starfield Technologies, Inc.) -- C:\Program Files\Starfield\Desktop Notifier\wben.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/04/21 06:08:15 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
    PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/11/13 14:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    PRC - [2006/11/13 14:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
    PRC - [2005/02/01 13:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIADA.EXE
    PRC - [2004/07/27 15:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    PRC - [2004/07/19 06:51:24 | 000,306,688 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
    PRC - [2003/11/04 18:00:16 | 002,502,656 | ---- | M] (D-Link) -- C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
    PRC - [2003/09/17 09:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
    PRC - [2003/08/21 17:12:02 | 000,032,768 | ---- | M] (Alpha Networks Inc.) -- C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
    PRC - [1998/09/04 00:09:08 | 000,119,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MDM.EXE


    ========== Modules (SafeList) ==========

    MOD - [2010/08/01 20:42:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh\My Documents\stuipdVirus\OTL.exe
    MOD - [2009/10/26 01:33:32 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
    MOD - [2008/04/13 18:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/06/28 14:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/06/28 14:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/06/28 14:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
    SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Josh\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/06/28 14:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/06/28 14:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/06/28 14:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/06/28 14:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/06/28 14:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/06/28 14:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2007/06/15 03:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
    DRV - [2007/05/23 05:15:00 | 000,547,744 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
    DRV - [2005/01/10 11:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2005/01/10 11:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2004/12/22 12:58:14 | 000,008,704 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Pfmodnt.sys -- (PfModNT)
    DRV - [2004/12/06 00:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
    DRV - [2004/12/06 00:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
    DRV - [2004/12/06 00:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
    DRV - [2004/12/06 00:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
    DRV - [2004/12/06 00:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
    DRV - [2004/12/06 00:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
    DRV - [2004/12/06 00:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
    DRV - [2004/12/06 00:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
    DRV - [2004/12/06 00:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
    DRV - [2004/12/01 02:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
    DRV - [2004/11/23 01:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
    DRV - [2004/08/25 17:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2004/07/14 10:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
    DRV - [2004/07/14 10:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
    DRV - [2003/05/05 19:25:48 | 000,028,205 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
    DRV - [2002/11/08 18:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
    DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=AVBR
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/29 07:52:40 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/01 22:13:32 | 000,000,000 | ---D | M]

    [2010/07/29 07:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Mozilla\Extensions
    [2010/07/29 18:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\rjgydef4.default\extensions
    [2010/07/29 18:54:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\rjgydef4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/08/01 22:13:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/08/01 22:13:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2010/08/01 13:39:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe (Alpha Networks Inc.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe (D-Link)
    O4 - HKLM..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
    O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
    O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
    O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [wben] C:\Program Files\Starfield\Desktop Notifier\wben.exe (Starfield Technologies, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://dcode.support.microsoft.com/dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1280465641437 (MUCatalogWebControl Class)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264394856500 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1264396288828 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: Web-Based Email Tools Reg Error: Value error. (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.168.0.1
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\itss.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Josh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Josh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2005/02/23 13:39:12 | 000,000,398 | ---- | M] () - C:\AUTOEXEC.UP -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/08/01 22:38:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/08/01 22:36:07 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/08/01 22:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/08/01 12:43:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/08/01 12:34:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/07/31 16:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\My Documents\stuipdVirus
    [2010/07/31 07:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2010/07/31 07:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2010/07/30 18:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\Loaris
    [2010/07/30 00:20:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2010/07/29 23:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Application Data\Malwarebytes
    [2010/07/29 23:29:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/07/29 23:29:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/07/29 23:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/07/29 23:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/07/29 08:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2010/07/29 08:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2010/07/29 07:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\My Documents\Downloads
    [2010/07/29 07:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010/07/28 23:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/07/28 23:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/07/28 21:45:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Josh\My Documents\My Dropbox
    [2010/07/28 21:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Application Data\Dropbox
    [2010/07/22 20:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Application Data\Amazon
    [2010/07/22 20:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
    [2010/07/20 18:29:41 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
    [2010/07/06 22:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2010/07/06 14:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\Arithmemouse Times Tables Demo
    [2010/06/08 22:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESTsoft
    [2010/05/22 16:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2005/06/07 18:39:16 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
    [2005/06/07 18:39:08 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
    [1996/11/17 17:00:00 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\IMPLODE.DLL

    ========== Files - Modified Within 90 Days ==========

    [2010/08/01 22:39:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/08/01 22:39:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/08/01 22:39:23 | 2682,408,960 | -HS- | M] () -- C:\hiberfil.sys
    [2010/08/01 22:38:49 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Josh\ntuser.dat
    [2010/08/01 22:38:42 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Josh\ntuser.ini
    [2010/08/01 22:33:42 | 000,001,972 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\wklnhst.dat
    [2010/08/01 13:40:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/08/01 13:39:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/08/01 12:44:07 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/08/01 12:43:30 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/08/01 12:30:40 | 000,003,183 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\ComboFix.rtf
    [2010/07/31 16:37:53 | 004,846,358 | -H-- | M] () -- C:\Documents and Settings\Josh\Local Settings\Application Data\IconCache.db
    [2010/07/30 00:25:04 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/07/30 00:12:04 | 000,000,122 | ---- | M] () -- C:\WINDOWS\mdm.ini
    [2010/07/29 23:02:40 | 000,610,436 | ---- | M] () -- C:\Documents and Settings\Josh\My Documents\MSSystemStats2EFF_result.cab
    [2010/07/29 22:26:21 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/07/29 22:26:11 | 000,522,982 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/07/29 22:26:11 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/07/29 22:26:11 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/07/29 21:18:02 | 000,004,305 | ---- | M] () -- C:\Documents and Settings\Josh\My Documents\MSSupport.htm
    [2010/07/29 21:13:52 | 000,595,577 | ---- | M] () -- C:\Documents and Settings\Josh\My Documents\MSSystemStats_result.cab
    [2010/07/29 20:37:32 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/07/29 20:37:32 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/07/29 20:13:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
    [2010/07/29 07:52:31 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/07/27 22:36:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/07/20 18:29:42 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/07/06 14:06:23 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Arithmemouse Times Tables Demo.lnk
    [2010/06/29 20:21:42 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/06/28 14:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
    [2010/06/28 14:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/06/28 14:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/06/28 14:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/06/28 14:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/06/28 14:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/06/28 14:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/06/28 14:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/06/28 14:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/06/12 21:58:08 | 000,246,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/06/08 22:57:54 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ALShow.lnk
    [2010/05/19 20:17:18 | 000,065,688 | ---- | M] () -- C:\Documents and Settings\Josh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

    ========== Files Created - No Company Name ==========

    [2010/08/01 12:43:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/08/01 12:43:26 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/08/01 12:30:39 | 000,003,183 | ---- | C] () -- C:\Documents and Settings\Josh\Desktop\ComboFix.rtf
    [2010/07/30 00:11:15 | 2682,408,960 | -HS- | C] () -- C:\hiberfil.sys
    [2010/07/29 23:03:56 | 000,610,436 | ---- | C] () -- C:\Documents and Settings\Josh\My Documents\MSSystemStats2EFF_result.cab
    [2010/07/29 22:26:08 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/07/29 21:18:02 | 000,004,305 | ---- | C] () -- C:\Documents and Settings\Josh\My Documents\MSSupport.htm
    [2010/07/29 21:14:33 | 000,595,577 | ---- | C] () -- C:\Documents and Settings\Josh\My Documents\MSSystemStats_result.cab
    [2010/07/29 20:37:29 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    [2010/07/29 20:13:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/07/29 07:52:31 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/07/28 20:20:15 | 007,864,320 | ---- | C] () -- C:\Documents and Settings\Josh\ntuser.dat
    [2010/07/06 14:06:23 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Arithmemouse Times Tables Demo.lnk
    [2010/06/13 20:12:55 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/06/08 22:57:54 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ALShow.lnk
    [2010/02/06 13:54:20 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
    [2010/02/01 16:35:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
    [2010/01/28 17:20:53 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2010/01/28 17:15:10 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4800.ini
    [2010/01/24 23:07:16 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
    [2010/01/24 23:07:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
    [2009/07/30 19:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
    [2005/06/07 19:09:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/06/07 19:05:23 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2005/06/07 19:02:26 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/06/07 18:58:28 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
    [2005/06/07 18:58:19 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
    [2005/06/07 18:58:19 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2005/06/07 18:58:13 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
    [2005/06/07 18:39:16 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
    [2005/06/07 18:39:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
    [2005/06/07 18:39:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
    [2005/06/07 18:38:58 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
    [2005/06/07 18:38:36 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/04/09 16:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

    ========== LOP Check ==========

    [2010/01/24 20:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/01/28 13:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
    [2010/07/22 20:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Amazon
    [2010/02/06 12:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Copy of Avant Profiles
    [2010/01/28 18:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\DriveHQ
    [2010/01/28 18:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\DriveHQHOOK
    [2010/07/28 23:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Dropbox
    [2010/01/28 18:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\eFax Messenger
    [2010/04/27 21:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\EPSON
    [2010/01/28 18:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\j2 Global
    [2010/01/28 18:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Juniper Networks
    [2010/01/28 17:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Leadertech
    [2010/02/06 15:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\PrimoPDF
    [2010/01/28 18:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\RapidTyping
    [2010/01/28 18:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\TaxCut

    ========== Purity Check ==========


    < End of report >
     
    joshcsmith13,
    #15
  17. 2010/08/01
    joshcsmith13

    joshcsmith13 Inactive Thread Starter

    Joined:
    2010/07/30
    Messages:
    18
    Likes Received:
    0
    Wow this is fun.... Thanks for your help!

    "Are we there yet??" ;)

    (It's driving me crazy to see that "Updates are Ready ", sitting in my system tray. I'm sure you'll give some advice regarding that little BIT(S) soon though...) :)
     
    Last edited: 2010/08/01
    joshcsmith13,
    #16
  18. 2010/08/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
    broni,
    #17
  19. 2010/08/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I didn't see this when posting, so...
    You're welcome :)
     
    broni,
    #18
  20. 2010/08/02
    joshcsmith13

    joshcsmith13 Inactive Thread Starter

    Joined:
    2010/07/30
    Messages:
    18
    Likes Received:
    0
    this is off topic, but....
    for some reason, this forum doesn't like my preferred e-mail address. I tried switching the one in my profile, but I never get the confirmation e-mail. (that was the 2nd time I tried that address) So, now I'm back to the one that works (but ends up in my junk-mail), and fear that I am now resubject to message moderation. Hopefully this post will get that out of the way so I can continue posting log files when I get home tonight! :)
     
    joshcsmith13,
    #19
  21. 2010/08/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Sometimes, email notification misses something.
    Happened to me too :)
     
    broni,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...