Solved Need some help with a co-worker's infected pc

BillB · 2010/10/21

[Resolved] Need some help with a co-worker's infected pc

A co-worker has asked me for some help with their pc. When online, there were pop-ups for different things, IE would not open any pages and on startup after the desktop appears, there is an explorer window open pointing to the system32 folder in windows. I have installed and run Malwarebytes, Superantispyware and Avast, all have cleaned up some things. The pop-ups seem to be gone now, but the explorer window still comes up on boot, so I don't think it is completely clean yet. Here are the DDS logs for review;

Log file below

Admin. · 2010/10/21

Well, Running IE6 on a Windows XP without any updates is like paying Russian roulette with bullets in all chambers

Try re-posting your log without word wrap on please.

BillB · 2010/10/21

I know, I plan to update IE once I'm sure it is clean. Here are the logs without word wrap on.

DDS (Ver_10-10-21.02) - NTFSx86
Run by Caitlin at 12:33:30.25 on Thu 10/21/2010
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.1022.689 [GMT -4:00]

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1129769949\ee\AOLSoftware.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Caitlin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://forums.maxima.org/forum_index.php
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {151e1df6-d533-d9ba-1817-838dbb55859a} - c:\windows\system32\acktt.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 3.0\aoltb.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: {fcc8300e-a9eb-d535-cbf9-81fa4add3b96} - c:\windows\system32\qolch.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 3.0\aoltb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Web assistant: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe -NoStart
uRun: [Yahoo! Pager] c:\program files\yahoo!\messenger\ypager.exe -quiet
uRun: [SB Audigy 2 Startup Menu] /L:ENG
uRun: [Aim6] "c:\program files\common files\aol\launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
uRun: [Gocltznq] c:\windows\??sembly\m?hta.exe
uRun: [Lopnkpbd] "c:\documents and settings\caitlin\application data\??sks\l?ass.exe "
uRun: [Uvqbcfe] "c:\program files\common files\m?crosoft.net\t?skmgr.exe "
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [HostManager] c:\program files\common files\aol\1129769949\ee\AOLSoftware.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe
mRun: [CTDVDDet] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
mRun: [ViewMgr] c:\program files\viewpoint\viewpoint manager\ViewMgr.exe
mRun: [OM_Monitor] c:\program files\olympus\olympus master\FirstStart.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_03\bin\jusched.exe
mRun: [IPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\caitlin\startm~1\programs\startup\VCASTM~1.LNK -
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\d-link dwa-552 xtreme n desktop adapter\wirelesscm.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-us\local\search.html
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 3.0\aoltb.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} - hxxp://community.webshots.com/html/WSPhotoUploader.CAB
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\caitlin\applic~1\mozilla\firefox\profiles\e77c81bq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://forums.maxima.org
FF - prefs.js: network.proxy.type - 4

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-21 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-21 40384]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-21 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-21 40384]

=============== Created Last 30 ================

2010-10-21 12:07:42 38848 ----a-w- c:\windows\avastSS.scr
2010-10-21 12:07:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-10-20 23:08:54 -------- d-----w- c:\docume~1\caitlin\applic~1\SUPERAntiSpyware.com
2010-10-20 23:08:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-10-20 23:08:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-20 22:45:38 -------- d-----w- c:\docume~1\caitlin\applic~1\Malwarebytes
2010-10-20 22:45:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 22:45:27 19288 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-20 22:45:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-20 22:45:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-20 22:42:25 -------- d-----w- C:\tmp

==================== Find3M ====================

============= FINISH: 12:33:43.62 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/19/2005 4:34:11 PM
System Uptime: 10/21/2010 8:10:28 AM (4 hours ago)

Motherboard: Dell Inc. | | 0J3492
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 127.442 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&10416D21&0&00F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&10416D21&0&00F0
Service:

==== System Restore Points ===================

RP961: 10/20/2010 7:42:07 PM - System Checkpoint
RP962: 10/21/2010 8:07:38 AM - avast! Free Antivirus Setup

==== Installed Programs ======================

Adobe Acrobat 5.0
Adobe Photoshop 7.0
AIM 6
AOL Uninstaller (Choose which Products to Remove)
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
avast! Free Antivirus
Broadcom Gigabit Integrated Controller
D-Link DWA-552 Xtreme N Desktop Adapter
Dell Digital Jukebox Driver
Dell Media Experience
Dell ResourceCD
Dell Support 5.0.0 (630)
ImageMixer VCD/DVD2 for OLYMPUS
iTunes
J2SE Runtime Environment 5.0 Update 3
Jasc Paint Shop Pro 8 Dell Edition
LG USB Drivers
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (2.0.0.16)
MSXML 4.0 SP2 Parser and SDK
MUSICMATCH® Jukebox
OLYMPUS Master
OLYMPUS Master 2
QuickTime
Sound Blaster Audigy 2
SoundMAX
SUPERAntiSpyware
V CAST Music
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFldrs XP
WinAce Archiver
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
WinZip
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

10/21/2010 4:11:05 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
10/21/2010 4:09:20 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
10/20/2010 4:58:53 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
10/20/2010 2:42:39 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
10/20/2010 2:42:39 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Outerinfo\FF\components\FF.dll. Reference error message: The operation completed successfully. .
10/20/2010 2:42:39 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
10/20/2010 2:42:15 PM, error: Service Control Manager [7000] - The Network Monitor service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

broni · 2010/10/21

Unless you're not planning using IE during the course of this topic, it'd be a good idea to update it to at least version 7 NOW.

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

BillB · 2010/10/22

Hi Broni,

IE7 would not install, this machine is only at SP1, so I am using Firefox. Here are the logs you requested.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4918

Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106

10/22/2010 3:54:09 PM
mbam-log-2010-10-22 (15-54-09).txt

Scan type: Quick scan
Objects scanned: 137140
Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Caitlin\Desktop\Internet Security Suite.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Caitlin\Desktop\Real Music Ringtones.url (Rogue.Link) -> Quarantined and deleted successfully.

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-22 16:29:49
Windows 5.1.2600 Service Pack 1
Running: 3eppe1dz.exe; Driver: C:\DOCUME~1\Caitlin\LOCALS~1\Temp\axtdypog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xEE1F3CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xEE1F3BAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xEE1F4160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xEE1F408A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xEE1F3782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xEE1F3C86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xEE1F36C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xEE1F3726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xEE1F3DA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEE1F422E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xEE1F3D66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xEE1F3EE6]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEE2A8620]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEE200BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xEE2009D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xEE200B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [06]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 170 805025EC 4 Bytes [F0, 3C, 1F, EE]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1B0 8050262C 4 Bytes [AC, 3B, 1F, EE] {LODSB ; CMP EBX, [EDI]; OUT DX, AL }
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 208 80502684 4 Bytes [60, 41, 1F, EE] {PUSHA ; INC ECX; POP DS; OUT DX, AL }
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 210 8050268C 4 Bytes [8A, 40, 1F, EE] {MOV AL, [EAX+0x1f]; OUT DX, AL }
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 21C 80502698 4 Bytes [82, 37, 1F, EE] {XOR BYTE [EDI], 0x1f; OUT DX, AL }
.text ...
PAGE ntoskrnl.exe!ZwLoadDriver 805505A5 7 Bytes JMP EE200B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8055ED00 5 Bytes JMP EE1FC5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!NtCreateSection 8057FB92 7 Bytes JMP EE2009D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObInsertObject 8057FCA9 5 Bytes JMP EE1FDFFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 80590950 7 Bytes JMP EE200BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? rdpt.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1432] kernel32.dll!SetUnhandledExceptionFilter 77E7E5A1 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\AOL\1129769949\ee\AOLSoftware.exe[384] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129769949\ee\AOLSoftware.exe[384] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129769949\ee\AOLSoftware.exe[384] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129769949\ee\AOLSoftware.exe[384] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129769949\ee\AOLSoftware.exe[384] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129769949\ee\AOLSoftware.exe[384] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129769949\ee\AOLSoftware.exe[384] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129769949\ee\AOLSoftware.exe[384] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129769949\ee\AOLSoftware.exe[384] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129769949\ee\AOLSoftware.exe[384] @ C:\WINDOWS\System32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00510002
IAT C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00510000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 1 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 127):
0x804D4000 \WINDOWS\system32\ntoskrnl.exe
0x806C7000 \WINDOWS\system32\hal.dll
0xF7AA4000 \WINDOWS\system32\KDCOM.DLL
0xF79B4000 \WINDOWS\system32\BOOTVID.dll
0xF75A4000 rdpt.sys
0xF7557000 ACPI.sys
0xF7AA6000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF75B4000 pci.sys
0xF75C4000 isapnp.sys
0xF75D4000 ohci1394.sys
0xF75E4000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF7B6C000 pciide.sys
0xF7824000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF75F4000 MountMgr.sys
0xF7538000 ftdisk.sys
0xF782C000 PartMgr.sys
0xF7604000 VolSnap.sys
0xF7522000 atapi.sys
0xF7614000 disk.sys
0xF7624000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7511000 sr.sys
0xF74FD000 KSecDD.sys
0xF7473000 Ntfs.sys
0xF744B000 NDIS.sys
0xF7431000 Mup.sys
0xF7644000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xF787C000 \SystemRoot\System32\DRIVERS\processr.sys
0xF6E49000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xF6D6C000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF6CE7000 \SystemRoot\System32\DRIVERS\b57xp32.sys
0xF78A4000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF6BFA000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF78BC000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF69A7000 \SystemRoot\system32\drivers\ctaud2k.sys
0xF6920000 \SystemRoot\system32\drivers\portcls.sys
0xF7794000 \SystemRoot\system32\drivers\drmk.sys
0xF68E6000 \SystemRoot\system32\drivers\ks.sys
0xF6871000 \SystemRoot\system32\drivers\ctoss2k.sys
0xF7AC8000 \SystemRoot\System32\drivers\ctprxy2k.sys
0xF670C000 \SystemRoot\system32\drivers\smwdm.sys
0xF7ACE000 \SystemRoot\system32\drivers\aeaudio.sys
0xF77D4000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7904000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF790C000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF66E6000 \SystemRoot\System32\DRIVERS\parport.sys
0xF77E4000 \SystemRoot\System32\DRIVERS\serial.sys
0xF73FC000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF77F4000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF73F4000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS
0xF791C000 \SystemRoot\System32\Drivers\MxlW2k.SYS
0xF7804000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF7814000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF792C000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7CE9000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7664000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF73D8000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF65AB000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF7674000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7684000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7A40000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF659A000 \SystemRoot\System32\DRIVERS\psched.sys
0xF76D4000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF793C000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF794C000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF76E4000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7CFA000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF6578000 \SystemRoot\System32\DRIVERS\update.sys
0xF76F4000 \SystemRoot\System32\DRIVERS\wsimd.sys
0xF7724000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7744000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7AE2000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xEE49B000 \SystemRoot\system32\drivers\ha10kx2k.sys
0xEE480000 \SystemRoot\System32\drivers\emupia2k.sys
0xEE461000 \SystemRoot\System32\drivers\ctsfm2k.sys
0xEE441000 \SystemRoot\System32\drivers\ctac32k.sys
0xEE421000 \SystemRoot\System32\drivers\hap16v2k.sys
0xF7AEC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B81000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AF0000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79A4000 \SystemRoot\System32\drivers\vga.sys
0xF7AF4000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AF8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF784C000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF785C000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A80000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF7754000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xEE3AF000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF7764000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF7774000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xEE2C0000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF7784000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xF66AE000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF7884000 \??\C:\WINDOWS\System32\Drivers\SbcpHid.sys
0xEE29E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7894000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xEE276000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF66CA000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
0xEE212000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF668E000 \SystemRoot\System32\Drivers\Fips.SYS
0xEE1EB000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF78AC000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF667E000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEE1AD000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AFE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7A98000 \SystemRoot\System32\watchdog.sys
0xF7A64000 \SystemRoot\System32\drivers\Dxapi.sys
0xBFF80000 \SystemRoot\System32\drivers\dxg.sys
0xF7BC3000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9BB000 \SystemRoot\System32\ati2dvag.dll
0xBF9F2000 \SystemRoot\System32\ati2cqag.dll
0xBFA2C000 \SystemRoot\System32\ati3duag.dll
0xBFC00000 \SystemRoot\System32\ativvaxx.dll
0xED04C000 \SystemRoot\System32\drivers\afd.sys
0xED0D5000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xECF1D000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xECCEA000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7B5A000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xECDD9000 \??\C:\WINDOWS\System32\drivers\PfModNT.sys
0xECC37000 \SystemRoot\system32\drivers\wdmaud.sys
0xECE75000 \SystemRoot\system32\drivers\sysaudio.sys
0xECAFC000 \SystemRoot\System32\DRIVERS\srv.sys
0xEC9D0000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF78CC000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xEC34A000 \??\C:\DOCUME~1\Caitlin\LOCALS~1\Temp\axtdypog.sys
0xEC323000 \SystemRoot\system32\drivers\kmixer.sys
0x77F50000 \WINDOWS\system32\ntdll.dll

Processes (total 26):
0 System Idle Process
4 System
624 C:\WINDOWS\system32\smss.exe
672 csrss.exe
696 C:\WINDOWS\system32\winlogon.exe
740 C:\WINDOWS\system32\services.exe
752 C:\WINDOWS\system32\lsass.exe
896 C:\WINDOWS\system32\ati2evxx.exe
944 C:\WINDOWS\system32\svchost.exe
1044 C:\WINDOWS\system32\svchost.exe
1232 svchost.exe
1284 svchost.exe
1432 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1672 C:\WINDOWS\system32\spoolsv.exe
1716 C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
1808 alg.exe
1836 C:\WINDOWS\system32\CTSVCCDA.EXE
1892 C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
1928 wdfmgr.exe
1276 C:\WINDOWS\explorer.exe
384 C:\Program Files\Common Files\AOL\1129769949\ee\AOLSoftware.exe
420 C:\WINDOWS\system32\CTHELPER.EXE
1828 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
2228 C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe
2360 C:\WINDOWS\system32\wuauclt.exe
2844 C:\Documents and Settings\Caitlin\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3160023AS, Rev: 8.12

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

broni · 2010/10/22

OK, we'll take care of all updates, when the computer is clean...

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

BillB · 2010/10/22

Here's the combofix log;

ComboFix 10-10-22.03 - Caitlin 10/22/2010 19:16:21.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.1022.735 [GMT -4:00]
Running from: c:\documents and settings\Caitlin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\COMMON~1\{30AC7~1
c:\progra~1\COMMON~1\{80AC7~1
c:\program files\Common Files\appatc~1
c:\program files\Common Files\asembl~1
c:\program files\Common Files\asks~1
c:\program files\Common Files\crosof~1
c:\program files\Common Files\curity~1
c:\program files\Common Files\dobe~1
c:\program files\Common Files\dobe~2
c:\program files\Common Files\ecurit~1
c:\program files\Common Files\fnts~1
c:\program files\Common Files\fnts~2
c:\program files\Common Files\icroso~1
c:\program files\Common Files\icroso~1.net
c:\program files\Common Files\mantec~1
c:\program files\Common Files\mbols~1
c:\program files\Common Files\mcroso~1
c:\program files\Common Files\mcroso~1.net
c:\program files\Common Files\ppatch~1
c:\program files\Common Files\ppatch~2
c:\program files\Common Files\pppatc~1
c:\program files\Common Files\racle~1
c:\program files\Common Files\racle~2
c:\program files\Common Files\sembly~1
c:\program files\Common Files\sks~1
c:\program files\Common Files\smante~1
c:\program files\Common Files\smbols~1
c:\program files\Common Files\ssembl~1
c:\program files\Common Files\sstem~1
c:\program files\Common Files\stem32~1
c:\program files\Common Files\tsks~1
c:\program files\Common Files\ufmz
c:\program files\Common Files\ufmz\ufmza.lck
c:\program files\Common Files\ufmz\ufmzd\class-barrel
c:\program files\Common Files\ufmz\ufmzh
c:\program files\Common Files\ufmz\ufmzl.lck
c:\program files\Common Files\ufmz\ufmzm.lck
c:\program files\Common Files\ufmz\ufmzp.cfg
c:\program files\Common Files\wnsxs~1
c:\program files\Common Files\ymbols~1
c:\program files\Common Files\ystem3~1
c:\program files\crosof~1
c:\program files\crosof~1.net
c:\program files\curity~1
c:\program files\ecurit~1
c:\program files\fnts~1
c:\program files\fnts~2
c:\program files\icroso~1
c:\program files\icroso~1.net
c:\program files\mbols~1
c:\program files\mcroso~1
c:\program files\mcroso~1.net
c:\program files\ppatch~1
c:\program files\pppatc~1
c:\program files\racle~1
c:\program files\racle~2
c:\program files\scurit~1
c:\program files\sembly~1
c:\program files\sks~1
c:\program files\sks~2
c:\program files\smante~1
c:\program files\smbols~1
c:\program files\ssembl~1
c:\program files\sstem3~1
c:\program files\stem~1
c:\program files\stem32~1
c:\program files\wnsxs~1
c:\program files\ymante~1
c:\program files\ymbols~1
c:\program files\ystem~1
c:\program files\ystem3~1
c:\windows\appatc~1
c:\windows\asembl~1
c:\windows\asks~1
c:\windows\crosof~1
c:\windows\crosof~1.net
c:\windows\curity~1
c:\windows\dobe~1
c:\windows\dobe~2
c:\windows\ecurit~1
c:\windows\fnts~1
c:\windows\fnts~2
c:\windows\icroso~1
c:\windows\icroso~1.net
c:\windows\icroso~2
c:\windows\mantec~1
c:\windows\mbols~1
c:\windows\mcroso~1.net
c:\windows\ppatch~1
c:\windows\pppatc~1
c:\windows\pppatc~2
c:\windows\racle~1
c:\windows\racle~2
c:\windows\scurit~1
c:\windows\sembly~1
c:\windows\sks~1
c:\windows\sks~2
c:\windows\smante~1
c:\windows\smbols~1
c:\windows\ssembl~1
c:\windows\sstem~1
c:\windows\sstem3~1
c:\windows\stem~1
c:\windows\system32\appatc~1
c:\windows\system32\asembl~1
c:\windows\system32\asks~1
c:\windows\system32\crosof~1
c:\windows\system32\crosof~1.net
c:\windows\system32\dobe~1
c:\windows\system32\dobe~2
c:\windows\system32\fnts~1
c:\windows\system32\icroso~1
c:\windows\system32\icroso~1.net
c:\windows\system32\icroso~2
c:\windows\system32\mantec~1
c:\windows\system32\mbols~1
c:\windows\system32\mcroso~1
c:\windows\system32\ppatch~1
c:\windows\system32\racle~1
c:\windows\system32\scurit~1
c:\windows\system32\sembly~1
c:\windows\system32\sks~1
c:\windows\system32\sks~2
c:\windows\system32\smante~1
c:\windows\system32\smbols~1
c:\windows\system32\sstem~1
c:\windows\system32\stem~1
c:\windows\system32\stem32~1
c:\windows\system32\wnsxs~1
c:\windows\system32\ymante~1
c:\windows\system32\ystem~1
c:\windows\system32\ystem3~1
c:\windows\wnsxs~1
c:\windows\ymante~1
c:\windows\ymbols~1
c:\windows\ystem~1
c:\windows\ystem3~1

c:\windows\system32\qmgr.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-09-22 to 2010-10-22 )))))))))))))))))))))))))))))))
.

2010-10-21 12:07 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-21 12:07 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-21 12:07 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-21 12:07 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-21 12:07 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-21 12:07 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-21 12:07 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-21 12:07 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-21 12:07 . 2010-10-21 12:07 -------- d-----w- c:\program files\Alwil Software
2010-10-21 12:07 . 2010-10-21 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-20 23:08 . 2010-10-20 23:08 -------- d-----w- c:\documents and settings\Caitlin\Application Data\SUPERAntiSpyware.com
2010-10-20 23:08 . 2010-10-20 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-20 23:08 . 2010-10-21 00:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-20 22:45 . 2010-10-20 22:45 -------- d-----w- c:\documents and settings\Caitlin\Application Data\Malwarebytes
2010-10-20 22:45 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 22:45 . 2010-10-20 22:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-20 22:45 . 2010-10-20 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-20 22:45 . 2010-04-29 19:39 19288 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-20 22:42 . 2010-10-20 22:43 -------- d-----w- C:\tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 21:53 . 2007-01-03 05:12 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-08-18 21:53 . 2007-01-03 05:12 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-08-18 21:53 . 2007-01-03 05:12 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-08-18 21:53 . 2007-01-03 05:12 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-08-18 21:53 . 2007-01-03 05:12 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

[-] 2003-05-30 14:00 . 7BA80564F369A96AF84E3AA27E75E90B . 1634304 . . [5.3.0000001.902 built by: DIRECTX] . . c:\windows\system32\d3d9.dll

c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-10-20 00:48 . 2004-05-28 14:30 335872 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

2006-04-20 17:10 . 2006-04-20 17:10 50792 c:\program files\Common Files\AOL\1129769949\ee\bak\AOLSoftware.exe
2006-05-10 00:24 . 2006-05-10 00:24 50760 c:\program files\Common Files\AOL\1129769949\ee\AOLSoftware.exe

2006-02-17 16:59 . 2006-02-17 16:59 124520 c:\program files\Common Files\AOL\IPHSend\bak\IPHSend.exe
2006-02-17 16:59 . 2006-02-17 16:59 124520 c:\program files\Common Files\AOL\IPHSend\IPHSend.exe

2006-04-20 17:10 . 2006-04-20 17:10 50792 c:\program files\Common Files\AOL\Launch\bak\AOLLaunch.exe
2006-05-10 00:24 . 2006-05-10 00:24 50760 c:\program files\Common Files\AOL\Launch\AOLLaunch.exe

2006-05-07 17:11 . 2005-12-12 18:37 71328 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe

2005-10-25 23:12 . 2002-09-30 05:00 45056 c:\program files\Creative\SBAudigy2\DVDAudio\bak\CTDVDDet.EXE

2005-10-25 23:11 . 2002-10-29 13:18 49152 c:\program files\Creative\SBAudigy2\Surround Mixer\bak\CTSysVol.exe

2005-10-25 22:59 . 2004-04-12 00:15 290816 c:\program files\Dell\Media Experience\bak\PCMService.exe

2005-10-25 23:03 . 2004-07-19 11:51 306688 c:\program files\Dell Support\bak\DSAgnt.exe

2005-10-18 16:58 . 2005-10-18 16:58 278528 c:\program files\iTunes\bak\iTunesHelper.exe

2006-01-13 19:11 . 2005-04-13 08:48 36975 c:\program files\Java\jre1.5.0_03\bin\bak\jusched.exe

2005-10-20 00:28 . 2002-08-20 19:08 1511453 c:\program files\Messenger\bak\msmsgs.exe

2005-10-20 20:48 . 2004-04-20 17:24 53248 c:\program files\MUSICMATCH\Musicmatch Jukebox\bak\mmtask.exe

2005-10-20 20:48 . 2004-04-20 17:24 131072 c:\program files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe

2005-10-20 15:21 . 2005-10-20 15:21 40960 c:\program files\OLYMPUS\OLYMPUS Master\bak\FirstStart.exe

2005-10-20 15:21 . 2005-10-20 15:21 57344 c:\program files\OLYMPUS\OLYMPUS Master\bak\Monitor.exe

2006-01-08 19:42 . 2006-01-08 19:42 155648 c:\program files\QuickTime\bak\qttask.exe
2006-09-01 20:57 . 2006-09-01 20:57 282624 c:\program files\QuickTime\qttask.exe

2005-11-23 21:37 . 2004-11-11 04:15 111816 c:\program files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe

2006-01-14 23:30 . 2005-12-08 18:55 3096576 c:\program files\Yahoo!\Messenger\bak\ypager.exe

2005-10-25 23:14 . 2000-05-11 05:00 90112 c:\windows\bak\UpdReg.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gocltznq "= "c:\windows\??sembly\m?hta.exe" [?]
"Lopnkpbd "= "c:\documents and settings\Caitlin\Application Data\??sks\l?ass.exe" [?]
"Uvqbcfe "= "c:\program files\Common Files\M?crosoft.NET\t?skmgr.exe" [?]
"OM_Monitor "= "c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [N/A]
"Yahoo! Pager "= "c:\program files\Yahoo!\Messenger\ypager.exe" [N/A]
"SB Audigy 2 Startup Menu "=" " [N/A]
"Aim6 "= "c:\program files\Common Files\AOL\Launch\AOLLaunch.exe" [2006-05-10 50760]
"OM2_Monitor "= "c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-28 95800]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-21 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [N/A]
"HostManager "= "c:\program files\Common Files\AOL\1129769949\ee\AOLSoftware.exe" [2006-05-10 50760]
"mmtask "= "c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [N/A]
"MMTray "= "c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [N/A]
"CTSysVol "= "c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [N/A]
"CTDVDDet "= "c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [N/A]
"CTHelper "= "CTHELPER.EXE" [2003-02-20 28672]
"AsioReg "= "CTASIO.DLL" [2003-02-20 110592]
"ViewMgr "= "c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [N/A]
"OM_Monitor "= "c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [N/A]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [N/A]
"IPHSend "= "c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"avast5 "= "c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert "= "c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [N/A]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-2-28 113664]
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe [2007-6-4 13357056]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/21/2010 8:07 AM 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://forums.maxima.org/forum_index.php
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Caitlin\Application Data\Mozilla\Firefox\Profiles\e77c81bq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://forums.maxima.org
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
- - - - ORPHANS REMOVED - - - -

BHO-{151E1DF6-D533-D9BA-1817-838DBB55859A} - c:\windows\System32\acktt.dll
BHO-{FCC8300E-A9EB-D535-CBF9-81FA4ADD3B96} - c:\windows\System32\qolch.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-22 19:20
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\System32\ODBC32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(748)
c:\windows\System32\dssenh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Analog Devices\SoundMAX\spkrmon.exe
c:\windows\System32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2010-10-22 19:23:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-22 23:23

Pre-Run: 136,714,584,064 bytes free
Post-Run: 136,717,254,656 bytes free

winxpsp1_en_hom_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /fastdetect

- - End Of File - - F0AC0BA84B24B9A2218FC7BDEFCCFB6B

broni · 2010/10/22

Bill
Do you have Windows XP CD?

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
AWF::
c:\program files\Common Files\AOL\1129769949\ee\bak\AOLSoftware.exe
c:\program files\Common Files\AOL\Launch\bak\AOLLaunch.exe
c:\program files\QuickTime\bak\qttask.exe


Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "Gocltznq "=-
 "Lopnkpbd "=-
 "Uvqbcfe "=-
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

BillB · 2010/10/22

They gave me an XP CD but it doesn't go with this machine, it is an XP Pro CD, this machine is Home Edition. Here is the new combofix log;

ComboFix 10-10-22.03 - Caitlin 10/22/2010 21:02:53.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.1022.729 [GMT -4:00]
Running from: c:\documents and settings\Caitlin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Caitlin\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\qmgr.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\qmgr.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-23 to 2010-10-23 )))))))))))))))))))))))))))))))
.

2010-10-21 12:07 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-21 12:07 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-21 12:07 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-21 12:07 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-21 12:07 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-21 12:07 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-21 12:07 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-21 12:07 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-21 12:07 . 2010-10-21 12:07 -------- d-----w- c:\program files\Alwil Software
2010-10-21 12:07 . 2010-10-21 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-20 23:08 . 2010-10-20 23:08 -------- d-----w- c:\documents and settings\Caitlin\Application Data\SUPERAntiSpyware.com
2010-10-20 23:08 . 2010-10-20 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-20 23:08 . 2010-10-21 00:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-20 22:45 . 2010-10-20 22:45 -------- d-----w- c:\documents and settings\Caitlin\Application Data\Malwarebytes
2010-10-20 22:45 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 22:45 . 2010-10-20 22:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-20 22:45 . 2010-10-20 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-20 22:45 . 2010-04-29 19:39 19288 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-20 22:42 . 2010-10-20 22:43 -------- d-----w- C:\tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 21:53 . 2007-01-03 05:12 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-08-18 21:53 . 2007-01-03 05:12 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-08-18 21:53 . 2007-01-03 05:12 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-08-18 21:53 . 2007-01-03 05:12 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-08-18 21:53 . 2007-01-03 05:12 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

[-] 2003-05-30 14:00 . 7BA80564F369A96AF84E3AA27E75E90B . 1634304 . . [5.3.0000001.902 built by: DIRECTX] . . c:\windows\system32\d3d9.dll

c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2010-10-22_23.20.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-02-16 18:59 . 2010-10-23 01:06 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-02-16 18:59 . 2010-10-22 23:20 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-10-20 00:34 . 2010-10-23 01:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-10-20 00:34 . 2010-10-22 23:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-10-20 00:34 . 2010-10-23 01:06 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-10-20 00:34 . 2010-10-22 23:20 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-10-20 00:48 . 2004-05-28 14:30 335872 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

2006-02-17 16:59 . 2006-02-17 16:59 124520 c:\program files\Common Files\AOL\IPHSend\bak\IPHSend.exe
2006-02-17 16:59 . 2006-02-17 16:59 124520 c:\program files\Common Files\AOL\IPHSend\IPHSend.exe

2006-05-07 17:11 . 2005-12-12 18:37 71328 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe

2005-10-25 23:12 . 2002-09-30 05:00 45056 c:\program files\Creative\SBAudigy2\DVDAudio\bak\CTDVDDet.EXE

2005-10-25 23:11 . 2002-10-29 13:18 49152 c:\program files\Creative\SBAudigy2\Surround Mixer\bak\CTSysVol.exe

2005-10-25 22:59 . 2004-04-12 00:15 290816 c:\program files\Dell\Media Experience\bak\PCMService.exe

2005-10-25 23:03 . 2004-07-19 11:51 306688 c:\program files\Dell Support\bak\DSAgnt.exe

2005-10-18 16:58 . 2005-10-18 16:58 278528 c:\program files\iTunes\bak\iTunesHelper.exe

2006-01-13 19:11 . 2005-04-13 08:48 36975 c:\program files\Java\jre1.5.0_03\bin\bak\jusched.exe

2005-10-20 00:28 . 2002-08-20 19:08 1511453 c:\program files\Messenger\bak\msmsgs.exe

2005-10-20 20:48 . 2004-04-20 17:24 53248 c:\program files\MUSICMATCH\Musicmatch Jukebox\bak\mmtask.exe

2005-10-20 20:48 . 2004-04-20 17:24 131072 c:\program files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe

2005-10-20 15:21 . 2005-10-20 15:21 40960 c:\program files\OLYMPUS\OLYMPUS Master\bak\FirstStart.exe

2005-10-20 15:21 . 2005-10-20 15:21 57344 c:\program files\OLYMPUS\OLYMPUS Master\bak\Monitor.exe

2005-11-23 21:37 . 2004-11-11 04:15 111816 c:\program files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe

2006-01-14 23:30 . 2005-12-08 18:55 3096576 c:\program files\Yahoo!\Messenger\bak\ypager.exe

2005-10-25 23:14 . 2000-05-11 05:00 90112 c:\windows\bak\UpdReg.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor "= "c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [N/A]
"Yahoo! Pager "= "c:\program files\Yahoo!\Messenger\ypager.exe" [N/A]
"SB Audigy 2 Startup Menu "=" " [N/A]
"Aim6 "= "c:\program files\Common Files\AOL\Launch\AOLLaunch.exe" [2006-04-20 50792]
"OM2_Monitor "= "c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-28 95800]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-21 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [N/A]
"HostManager "= "c:\program files\Common Files\AOL\1129769949\ee\AOLSoftware.exe" [2006-04-20 50792]
"mmtask "= "c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [N/A]
"MMTray "= "c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [N/A]
"CTSysVol "= "c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [N/A]
"CTDVDDet "= "c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [N/A]
"CTHelper "= "CTHELPER.EXE" [2003-02-20 28672]
"AsioReg "= "CTASIO.DLL" [2003-02-20 110592]
"ViewMgr "= "c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [N/A]
"OM_Monitor "= "c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [N/A]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [N/A]
"IPHSend "= "c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-01-08 155648]
"avast5 "= "c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert "= "c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [N/A]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-2-28 113664]
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe [2007-6-4 13357056]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/21/2010 8:07 AM 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://forums.maxima.org/forum_index.php
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Caitlin\Application Data\Mozilla\Firefox\Profiles\e77c81bq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://forums.maxima.org
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-22 21:27
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\System32\ODBC32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(748)
c:\windows\System32\dssenh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Analog Devices\SoundMAX\spkrmon.exe
c:\windows\System32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2010-10-22 21:29:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-23 01:29
ComboFix2.txt 2010-10-22 23:23

Pre-Run: 136,729,915,392 bytes free
Post-Run: 136,714,842,112 bytes free

- - End Of File - - AF7F82DE29CD905CABF30002E15EB2A3

broni · 2010/10/22

Combofix was able to fix the main issue, by finding healthy qmgr.dll file and replacing infected one.

Now, we have a minor issue, two system files missing:
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\xmlprov.dll ... is missing !!

Access Windows XP CD, go to I386 folder and find following files:
- wscntfy.ex_
- xmlprov.dl_

Copy them to the desktop and using any zipping program, unzip both files.
They'll won't have "underscore" now:
- wscntfy.exe
- xmlprov.dll

Paste both files into c:\windows\System32 folder.

Note. XP version shouldn't matter.

Re-run Combofix and post fresh log.

BillB · 2010/10/22

Files were successfully restored to system32 folder. Here is the new log.

ComboFix 10-10-22.04 - Caitlin 10/22/2010 23:14:32.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.1022.722 [GMT -4:00]
Running from: c:\documents and settings\Caitlin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\qmgr.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\qmgr.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-23 to 2010-10-23 )))))))))))))))))))))))))))))))
.

2010-10-23 03:12 . 2004-08-04 04:56 13824 ----a-w- c:\windows\system\wscntfy.exe
2010-10-23 03:12 . 2004-08-04 04:56 129536 ----a-w- c:\windows\system\xmlprov.dll
2010-10-21 12:07 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-21 12:07 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-21 12:07 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-21 12:07 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-21 12:07 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-21 12:07 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-21 12:07 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-21 12:07 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-21 12:07 . 2010-10-21 12:07 -------- d-----w- c:\program files\Alwil Software
2010-10-21 12:07 . 2010-10-21 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-20 23:08 . 2010-10-20 23:08 -------- d-----w- c:\documents and settings\Caitlin\Application Data\SUPERAntiSpyware.com
2010-10-20 23:08 . 2010-10-20 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-20 23:08 . 2010-10-21 00:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-20 22:45 . 2010-10-20 22:45 -------- d-----w- c:\documents and settings\Caitlin\Application Data\Malwarebytes
2010-10-20 22:45 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 22:45 . 2010-10-20 22:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-20 22:45 . 2010-10-20 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-20 22:45 . 2010-04-29 19:39 19288 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-20 22:42 . 2010-10-23 03:11 -------- d-----w- C:\tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 21:53 . 2007-01-03 05:12 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-08-18 21:53 . 2007-01-03 05:12 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-08-18 21:53 . 2007-01-03 05:12 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-08-18 21:53 . 2007-01-03 05:12 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-08-18 21:53 . 2007-01-03 05:12 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system\wscntfy.exe

[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system\xmlprov.dll

[-] 2003-05-30 14:00 . 7BA80564F369A96AF84E3AA27E75E90B . 1634304 . . [5.3.0000001.902 built by: DIRECTX] . . c:\windows\system32\d3d9.dll

c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2010-10-22_23.20.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-02-16 18:59 . 2010-10-23 03:17 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-02-16 18:59 . 2010-10-22 23:20 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-10-20 00:34 . 2010-10-23 03:17 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-10-20 00:34 . 2010-10-22 23:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-10-20 00:34 . 2010-10-23 03:17 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-10-20 00:34 . 2010-10-22 23:20 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-10-20 00:48 . 2004-05-28 14:30 335872 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

2006-02-17 16:59 . 2006-02-17 16:59 124520 c:\program files\Common Files\AOL\IPHSend\bak\IPHSend.exe
2006-02-17 16:59 . 2006-02-17 16:59 124520 c:\program files\Common Files\AOL\IPHSend\IPHSend.exe

2006-05-07 17:11 . 2005-12-12 18:37 71328 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe

2005-10-25 23:12 . 2002-09-30 05:00 45056 c:\program files\Creative\SBAudigy2\DVDAudio\bak\CTDVDDet.EXE

2005-10-25 23:11 . 2002-10-29 13:18 49152 c:\program files\Creative\SBAudigy2\Surround Mixer\bak\CTSysVol.exe

2005-10-25 22:59 . 2004-04-12 00:15 290816 c:\program files\Dell\Media Experience\bak\PCMService.exe

2005-10-25 23:03 . 2004-07-19 11:51 306688 c:\program files\Dell Support\bak\DSAgnt.exe

2005-10-18 16:58 . 2005-10-18 16:58 278528 c:\program files\iTunes\bak\iTunesHelper.exe

2006-01-13 19:11 . 2005-04-13 08:48 36975 c:\program files\Java\jre1.5.0_03\bin\bak\jusched.exe

2005-10-20 00:28 . 2002-08-20 19:08 1511453 c:\program files\Messenger\bak\msmsgs.exe

2005-10-20 20:48 . 2004-04-20 17:24 53248 c:\program files\MUSICMATCH\Musicmatch Jukebox\bak\mmtask.exe

2005-10-20 20:48 . 2004-04-20 17:24 131072 c:\program files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe

2005-10-20 15:21 . 2005-10-20 15:21 40960 c:\program files\OLYMPUS\OLYMPUS Master\bak\FirstStart.exe

2005-10-20 15:21 . 2005-10-20 15:21 57344 c:\program files\OLYMPUS\OLYMPUS Master\bak\Monitor.exe

2005-11-23 21:37 . 2004-11-11 04:15 111816 c:\program files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe

2006-01-14 23:30 . 2005-12-08 18:55 3096576 c:\program files\Yahoo!\Messenger\bak\ypager.exe

2005-10-25 23:14 . 2000-05-11 05:00 90112 c:\windows\bak\UpdReg.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor "= "c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [N/A]
"Yahoo! Pager "= "c:\program files\Yahoo!\Messenger\ypager.exe" [N/A]
"SB Audigy 2 Startup Menu "=" " [N/A]
"Aim6 "= "c:\program files\Common Files\AOL\Launch\AOLLaunch.exe" [2006-04-20 50792]
"OM2_Monitor "= "c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-28 95800]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-21 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [N/A]
"HostManager "= "c:\program files\Common Files\AOL\1129769949\ee\AOLSoftware.exe" [2006-04-20 50792]
"mmtask "= "c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [N/A]
"MMTray "= "c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [N/A]
"CTSysVol "= "c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [N/A]
"CTDVDDet "= "c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [N/A]
"CTHelper "= "CTHELPER.EXE" [2003-02-20 28672]
"AsioReg "= "CTASIO.DLL" [2003-02-20 110592]
"ViewMgr "= "c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [N/A]
"OM_Monitor "= "c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [N/A]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [N/A]
"IPHSend "= "c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-01-08 155648]
"avast5 "= "c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert "= "c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [N/A]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-2-28 113664]
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe [2007-6-4 13357056]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/21/2010 8:07 AM 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://forums.maxima.org/forum_index.php
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Caitlin\Application Data\Mozilla\Firefox\Profiles\e77c81bq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://forums.maxima.org
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-22 23:18
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\System32\ODBC32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(748)
c:\windows\System32\dssenh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Analog Devices\SoundMAX\spkrmon.exe
c:\windows\System32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2010-10-22 23:21:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-23 03:21
ComboFix2.txt 2010-10-23 01:29
ComboFix3.txt 2010-10-22 23:23

Pre-Run: 136,715,997,184 bytes free
Post-Run: 136,700,469,248 bytes free

- - End Of File - - 4D9BA27AD6CB739081A4EA76637E070D

broni · 2010/10/22

You put them into wrong folder: c:\windows\system
Move them to c:\windows\system32 folder.

BillB · 2010/10/23

Files have been moved, sorry, must have clicked the wrong folder.

broni · 2010/10/23

OK. Give me fresh Combofix log, please.

BillB · 2010/10/23

New combofix log;

ComboFix 10-10-22.05 - Caitlin 10/23/2010 18:29:11.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.1022.764 [GMT -4:00]
Running from: c:\documents and settings\Caitlin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\qmgr.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\qmgr.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-23 to 2010-10-23 )))))))))))))))))))))))))))))))
.

2010-10-23 03:12 . 2004-08-04 04:56 13824 ----a-w- c:\windows\system32\wscntfy.exe
2010-10-23 03:12 . 2004-08-04 04:56 129536 ----a-w- c:\windows\system32\xmlprov.dll
2010-10-21 12:07 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-21 12:07 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-21 12:07 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-21 12:07 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-21 12:07 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-21 12:07 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-21 12:07 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-21 12:07 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-21 12:07 . 2010-10-21 12:07 -------- d-----w- c:\program files\Alwil Software
2010-10-21 12:07 . 2010-10-21 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-20 23:08 . 2010-10-20 23:08 -------- d-----w- c:\documents and settings\Caitlin\Application Data\SUPERAntiSpyware.com
2010-10-20 23:08 . 2010-10-20 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-20 23:08 . 2010-10-21 00:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-20 22:45 . 2010-10-20 22:45 -------- d-----w- c:\documents and settings\Caitlin\Application Data\Malwarebytes
2010-10-20 22:45 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 22:45 . 2010-10-20 22:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-20 22:45 . 2010-10-20 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-20 22:45 . 2010-04-29 19:39 19288 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-20 22:42 . 2010-10-23 03:11 -------- d-----w- C:\tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 21:53 . 2007-01-03 05:12 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-08-18 21:53 . 2007-01-03 05:12 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-08-18 21:53 . 2007-01-03 05:12 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-08-18 21:53 . 2007-01-03 05:12 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-08-18 21:53 . 2007-01-03 05:12 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[-] 2003-05-30 14:00 . 7BA80564F369A96AF84E3AA27E75E90B . 1634304 . . [5.3.0000001.902 built by: DIRECTX] . . c:\windows\system32\d3d9.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-10-22_23.20.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-02-16 18:59 . 2010-10-23 22:32 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-02-16 18:59 . 2010-10-22 23:20 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-10-20 00:34 . 2010-10-23 22:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-10-20 00:34 . 2010-10-22 23:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-10-20 00:34 . 2010-10-23 22:32 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-10-20 00:34 . 2010-10-22 23:20 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-10-20 00:48 . 2004-05-28 14:30 335872 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

2006-02-17 16:59 . 2006-02-17 16:59 124520 c:\program files\Common Files\AOL\IPHSend\bak\IPHSend.exe
2006-02-17 16:59 . 2006-02-17 16:59 124520 c:\program files\Common Files\AOL\IPHSend\IPHSend.exe

2006-05-07 17:11 . 2005-12-12 18:37 71328 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe

2005-10-25 23:12 . 2002-09-30 05:00 45056 c:\program files\Creative\SBAudigy2\DVDAudio\bak\CTDVDDet.EXE

2005-10-25 23:11 . 2002-10-29 13:18 49152 c:\program files\Creative\SBAudigy2\Surround Mixer\bak\CTSysVol.exe

2005-10-25 22:59 . 2004-04-12 00:15 290816 c:\program files\Dell\Media Experience\bak\PCMService.exe

2005-10-25 23:03 . 2004-07-19 11:51 306688 c:\program files\Dell Support\bak\DSAgnt.exe

2005-10-18 16:58 . 2005-10-18 16:58 278528 c:\program files\iTunes\bak\iTunesHelper.exe

2006-01-13 19:11 . 2005-04-13 08:48 36975 c:\program files\Java\jre1.5.0_03\bin\bak\jusched.exe

2005-10-20 00:28 . 2002-08-20 19:08 1511453 c:\program files\Messenger\bak\msmsgs.exe

2005-10-20 20:48 . 2004-04-20 17:24 53248 c:\program files\MUSICMATCH\Musicmatch Jukebox\bak\mmtask.exe

2005-10-20 20:48 . 2004-04-20 17:24 131072 c:\program files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe

2005-10-20 15:21 . 2005-10-20 15:21 40960 c:\program files\OLYMPUS\OLYMPUS Master\bak\FirstStart.exe

2005-10-20 15:21 . 2005-10-20 15:21 57344 c:\program files\OLYMPUS\OLYMPUS Master\bak\Monitor.exe

2005-11-23 21:37 . 2004-11-11 04:15 111816 c:\program files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe

2006-01-14 23:30 . 2005-12-08 18:55 3096576 c:\program files\Yahoo!\Messenger\bak\ypager.exe

2005-10-25 23:14 . 2000-05-11 05:00 90112 c:\windows\bak\UpdReg.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor "= "c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [N/A]
"Yahoo! Pager "= "c:\program files\Yahoo!\Messenger\ypager.exe" [N/A]
"SB Audigy 2 Startup Menu "=" " [N/A]
"Aim6 "= "c:\program files\Common Files\AOL\Launch\AOLLaunch.exe" [2006-04-20 50792]
"OM2_Monitor "= "c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-28 95800]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-21 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [N/A]
"HostManager "= "c:\program files\Common Files\AOL\1129769949\ee\AOLSoftware.exe" [2006-04-20 50792]
"mmtask "= "c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [N/A]
"MMTray "= "c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [N/A]
"CTSysVol "= "c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [N/A]
"CTDVDDet "= "c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [N/A]
"CTHelper "= "CTHELPER.EXE" [2003-02-20 28672]
"AsioReg "= "CTASIO.DLL" [2003-02-20 110592]
"ViewMgr "= "c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [N/A]
"OM_Monitor "= "c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [N/A]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [N/A]
"IPHSend "= "c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-01-08 155648]
"avast5 "= "c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert "= "c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [N/A]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-2-28 113664]
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe [2007-6-4 13357056]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/21/2010 8:07 AM 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://forums.maxima.org/forum_index.php
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Caitlin\Application Data\Mozilla\Firefox\Profiles\e77c81bq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://forums.maxima.org
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-23 18:34
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\System32\ODBC32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(748)
c:\windows\System32\dssenh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Analog Devices\SoundMAX\spkrmon.exe
c:\windows\System32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2010-10-23 18:37:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-23 22:37
ComboFix2.txt 2010-10-23 03:21
ComboFix3.txt 2010-10-23 01:29
ComboFix4.txt 2010-10-22 23:23

Pre-Run: 136,612,225,024 bytes free
Post-Run: 136,597,037,056 bytes free

- - End Of File - - B041B2DDB8BB215031BB5DCD46951A4E

broni · 2010/10/23

Good

How is computer doing at the moment?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

BillB · 2010/10/23

The machine is doing better, the explorer window still pops-up to the system32 folder after boot. Here are the logs;

OTL Extras logfile created on: 10/23/2010 11:19:43 PM - Run 1
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Documents and Settings\Caitlin\Desktop
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 741.00 Mb Available Physical Memory | 73.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 127.24 Gb Free Space | 85.37% Space Free | Partition Type: NTFS

Computer Name: JASON | User Name: Caitlin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3249FD43-B24B-413F-B786-F8FEA32FA747}" = V CAST Music
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}" = D-Link DWA-552 Xtreme N Desktop Adapter
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}" = iTunes
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{CBC85F2E-1981-4C55-9418-908D08D2C6E8}" = OLYMPUS Master 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DellSupport" = Dell Support 5.0.0 (630)
"InstallShield_{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}" = iTunes
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"LG USB Drivers" = LG USB Drivers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (2.0.0.16)" = Mozilla Firefox (2.0.0.16)
"ShockwaveFlash" = Macromedia Flash Player 8
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinAce Archiver" = WinAce Archiver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinZip" = WinZip
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/4/2007 11:25:27 AM | Computer Name = JASON | Source = Application Error | ID = 1000
Description = Faulting application 007404300073006B006D00670072002E006500780065,
version 0.0.0.0, faulting module 007404300073006B006D00670072002E006500780065,
version 0.0.0.0, fault address 0x0002a51c.

Error - 12/5/2007 3:20:50 PM | Computer Name = JASON | Source = Application Error | ID = 1000
Description = Faulting application 007404300073006B006D00670072002E006500780065,
version 0.0.0.0, faulting module 007404300073006B006D00670072002E006500780065,
version 0.0.0.0, fault address 0x0001e915.

Error - 12/6/2007 12:27:34 PM | Computer Name = JASON | Source = Application Error | ID = 1000
Description = Faulting application 007404300073006B006D00670072002E006500780065,
version 0.0.0.0, faulting module 007404300073006B006D00670072002E006500780065,
version 0.0.0.0, fault address 0x0002a51c.

Error - 12/7/2007 6:50:28 AM | Computer Name = JASON | Source = Application Error | ID = 1000
Description = Faulting application 007404300073006B006D00670072002E006500780065,
version 0.0.0.0, faulting module 007404300073006B006D00670072002E006500780065,
version 0.0.0.0, fault address 0x0002a51c.

Error - 12/7/2007 3:11:26 PM | Computer Name = JASON | Source = Application Error | ID = 1000
Description = Faulting application 007404300073006B006D00670072002E006500780065,
version 0.0.0.0, faulting module 007404300073006B006D00670072002E006500780065,
version 0.0.0.0, fault address 0x0002a51c.

Error - 12/8/2007 12:40:02 PM | Computer Name = JASON | Source = Application Error | ID = 1000
Description = Faulting application 007404300073006B006D00670072002E006500780065,
version 0.0.0.0, faulting module 007404300073006B006D00670072002E006500780065,
version 0.0.0.0, fault address 0x0002a51c.

Error - 12/9/2007 11:07:01 AM | Computer Name = JASON | Source = Application Error | ID = 1000
Description = Faulting application 007404300073006B006D00670072002E006500780065,
version 0.0.0.0, faulting module 007404300073006B006D00670072002E006500780065,
version 0.0.0.0, fault address 0x0002a51c.

Error - 12/10/2007 10:56:22 AM | Computer Name = JASON | Source = Application Error | ID = 1000
Description = Faulting application 007404300073006B006D00670072002E006500780065,
version 0.0.0.0, faulting module 007404300073006B006D00670072002E006500780065,
version 0.0.0.0, fault address 0x0002a51c.

Error - 12/11/2007 11:02:44 AM | Computer Name = JASON | Source = Application Error | ID = 1000
Description = Faulting application 007404300073006B006D00670072002E006500780065,
version 0.0.0.0, faulting module 007404300073006B006D00670072002E006500780065,
version 0.0.0.0, fault address 0x0002a51c.

Error - 12/12/2007 10:49:00 AM | Computer Name = JASON | Source = Application Error | ID = 1000
Description = Faulting application 007404300073006B006D00670072002E006500780065,
version 0.0.0.0, faulting module 007404300073006B006D00670072002E006500780065,
version 0.0.0.0, fault address 0x0002a51c.

[ System Events ]
Error - 10/21/2010 8:09:20 AM | Computer Name = JASON | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 10/21/2010 8:09:20 AM | Computer Name = JASON | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 10/21/2010 8:09:20 AM | Computer Name = JASON | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 10/21/2010 8:11:05 AM | Computer Name = JASON | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 10/22/2010 7:21:51 PM | Computer Name = JASON | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083

Error - 10/22/2010 9:08:29 PM | Computer Name = JASON | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083

Error - 10/22/2010 11:19:24 PM | Computer Name = JASON | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083

Error - 10/23/2010 9:43:09 AM | Computer Name = JASON | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083

Error - 10/23/2010 6:20:19 PM | Computer Name = JASON | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083

Error - 10/23/2010 6:34:55 PM | Computer Name = JASON | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083

< End of report >

BillB · 2010/10/23

OTL logfile created on: 10/23/2010 11:19:43 PM - Run 1
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Documents and Settings\Caitlin\Desktop
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 741.00 Mb Available Physical Memory | 73.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 127.24 Gb Free Space | 85.37% Space Free | Partition Type: NTFS

Computer Name: JASON | User Name: Caitlin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/23 23:18:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Caitlin\Desktop\OTL.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2006/12/06 18:52:20 | 013,357,056 | ---- | M] ( ) -- C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe
PRC - [2006/08/25 19:54:12 | 000,360,532 | ---- | M] (Atheros) -- C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
PRC - [2006/04/20 13:10:13 | 000,050,792 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1129769949\ee\AOLSoftware.exe
PRC - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
PRC - [2003/07/16 16:28:11 | 001,004,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/10/23 23:18:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Caitlin\Desktop\OTL.exe
MOD - [2003/07/16 16:20:16 | 000,921,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2006/08/25 19:54:12 | 000,360,532 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe -- (ACS)
SRV - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/09/25 11:44:12 | 001,037,088 | ---- | M] (D-Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5416.sys -- (AR5416)
DRV - [2006/07/20 07:00:10 | 000,054,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2005/10/20 16:49:16 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004/05/28 10:57:50 | 000,730,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/04/29 18:55:42 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/03/08 13:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/03/27 12:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/26 17:33:58 | 000,498,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/03/26 17:32:32 | 000,189,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/03/26 17:32:02 | 000,141,536 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hap16v2k.sys -- (hap16v2k)
DRV - [2003/03/26 17:31:40 | 000,823,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/03/06 11:10:34 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2003/02/20 18:24:46 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/02/20 18:24:34 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/02/20 18:24:18 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/02/20 18:22:38 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2001/08/23 15:00:00 | 000,022,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://forums.maxima.org/forum_index.php
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google "
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= "
FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.startup.homepage: "http://forums.maxima.org "
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/08/18 17:53:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/08/18 17:53:34 | 000,000,000 | ---D | M]

[2010/10/22 19:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caitlin\Application Data\Mozilla\Firefox\Profiles\e77c81bq.default\extensions
[2007/12/28 17:49:38 | 000,000,000 | ---D | M] (Washington Redskins) -- C:\Documents and Settings\Caitlin\Application Data\Mozilla\Firefox\Profiles\e77c81bq.default\extensions\{1840c554-301d-11dc-8314-0800200c9a66}
[2005/02/16 13:17:52 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Caitlin\Application Data\Mozilla\Firefox\Profiles\e77c81bq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/01/03 01:13:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/01/03 01:13:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/04/13 12:04:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2008/08/18 17:53:30 | 000,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/08/18 17:53:30 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/08/18 17:53:30 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2008/08/18 17:53:30 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/08/18 17:53:30 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2006/11/09 16:20:40 | 002,111,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2010/10/23 18:34:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll File not found
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll File not found
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Web assistant) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE File not found
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129769949\ee\AOLSoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe File not found
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe File not found
O4 - HKLM..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe File not found
O4 - HKLM..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe File not found
O4 - HKCU..\Run: [Aim6] C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe (America Online, Inc.)
O4 - HKCU..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe File not found
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [SB Audigy 2 Startup Menu] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe ( )
O4 - Startup: C:\Documents and Settings\Caitlin\Start Menu\Programs\Startup\V CAST Music Monitor.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2006/01/14 19:31:15 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2006/01/14 19:31:15 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2006/01/14 19:31:15 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2006/01/14 19:31:15 | 000,000,000 | ---D | M]
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} http://community.webshots.com/html/WSPhotoUploader.CAB (Webshots Photo Uploader)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Caitlin\My Documents\My Pictures\gorgeousvette.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Caitlin\My Documents\My Pictures\gorgeousvette.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/19 20:31:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\Pvmjpg21.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16620634377289728)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/23 23:18:42 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Caitlin\Desktop\OTL.exe
[2010/10/23 18:37:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/22 19:15:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/22 19:14:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/22 19:14:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/22 19:14:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/22 19:14:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/22 19:14:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/22 19:14:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/21 08:07:51 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/10/21 08:07:51 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/10/21 08:07:50 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/10/21 08:07:50 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/10/21 08:07:50 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/10/21 08:07:50 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/10/21 08:07:42 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/10/21 08:07:42 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/10/21 08:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/10/21 08:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/20 19:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caitlin\Application Data\SUPERAntiSpyware.com
[2010/10/20 19:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/10/20 19:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/20 18:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caitlin\Application Data\Malwarebytes
[2010/10/20 18:45:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/20 18:45:27 | 000,019,288 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/20 18:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/20 18:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/20 18:42:25 | 000,000,000 | ---D | C] -- C:\tmp
[2006/09/02 16:56:17 | 000,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL
[2005/10/25 19:12:35 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/10/23 23:18:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Caitlin\Desktop\OTL.exe
[2010/10/23 18:34:24 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-10031102}.CDF
[2010/10/23 18:34:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/23 18:32:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/23 18:32:20 | 000,031,908 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
[2010/10/23 18:32:20 | 000,031,908 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
[2010/10/23 18:32:20 | 000,031,800 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
[2010/10/23 18:32:20 | 000,031,800 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
[2010/10/23 18:32:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/10/23 18:32:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/10/23 18:32:20 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-10031102}.dat
[2010/10/23 18:32:20 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000001-00001102-00000004-10031102}.dat
[2010/10/23 18:27:21 | 003,884,040 | R--- | M] () -- C:\Documents and Settings\Caitlin\Desktop\ComboFix.exe
[2010/10/22 23:11:46 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\Caitlin\Desktop\Windows Explorer.lnk
[2010/10/22 19:15:48 | 000,000,310 | RHS- | M] () -- C:\boot.ini
[2010/10/22 15:42:22 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Caitlin\Desktop\MBRCheck.exe
[2010/10/22 15:41:38 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Caitlin\Desktop\3eppe1dz.exe
[2010/10/22 15:35:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/21 12:30:02 | 001,094,656 | ---- | M] () -- C:\Documents and Settings\Caitlin\Desktop\dds.scr
[2010/10/21 08:09:20 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/21 08:07:51 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/10/20 19:28:37 | 000,002,517 | ---- | M] () -- C:\WINDOWS\System32\ZoneAlarmIconUS.ico
[2010/10/20 19:18:25 | 000,002,517 | ---- | M] () -- C:\WINDOWS\System32\Jamster.ico
[2010/10/20 19:08:53 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/20 18:45:30 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/20 18:40:31 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/20 18:40:31 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2010/10/22 23:11:46 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\Caitlin\Desktop\Windows Explorer.lnk
[2010/10/22 19:15:48 | 000,000,194 | ---- | C] () -- C:\Boot.bak
[2010/10/22 19:15:45 | 000,245,920 | RHS- | C] () -- C:\cmldr
[2010/10/22 19:14:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/22 19:14:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/22 19:14:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/22 19:14:51 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/22 19:14:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/22 19:13:56 | 003,884,040 | R--- | C] () -- C:\Documents and Settings\Caitlin\Desktop\ComboFix.exe
[2010/10/22 15:42:22 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Caitlin\Desktop\MBRCheck.exe
[2010/10/22 15:41:42 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\Caitlin\Desktop\3eppe1dz.exe
[2010/10/21 12:29:59 | 001,094,656 | ---- | C] () -- C:\Documents and Settings\Caitlin\Desktop\dds.scr
[2010/10/21 08:07:51 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/10/20 19:08:53 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/20 18:45:30 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2006/09/02 16:56:17 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL
[2006/07/06 12:57:17 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/08 02:34:13 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/10/27 23:34:40 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Caitlin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/25 19:34:36 | 000,005,668 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/10/25 19:14:17 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/10/25 19:13:25 | 000,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2005/10/25 19:13:25 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/10/25 19:12:48 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2005/10/25 19:12:48 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/10/25 19:10:52 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/10/22 12:23:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Caitlin\Application Data\mpauth.dat
[2005/10/19 20:58:31 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/10/19 20:50:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2005/10/19 16:26:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/07/16 16:44:08 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/23 15:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys

========== LOP Check ==========

[2010/10/21 08:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2005/11/06 13:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2007/06/10 16:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/10/19 20:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caitlin\Application Data\acccore
[2006/09/20 19:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caitlin\Application Data\Aim
[2005/10/20 16:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caitlin\Application Data\InterTrust
[2006/01/08 02:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caitlin\Application Data\OLYMPUS
[2006/04/16 13:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caitlin\Application Data\Smith Micro
[2007/06/15 20:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caitlin\Application Data\Viewpoint

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/10/19 20:31:26 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/10/19 20:27:45 | 000,000,194 | ---- | M] () -- C:\Boot.bak
[2010/10/22 19:15:48 | 000,000,310 | RHS- | M] () -- C:\boot.ini
[2002/08/29 01:05:52 | 000,245,920 | RHS- | M] () -- C:\cmldr
[2010/10/23 18:37:16 | 000,011,991 | ---- | M] () -- C:\ComboFix.txt
[2005/10/19 20:31:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/10/19 20:31:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/10/19 20:31:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2003/07/16 16:39:29 | 000,047,580 | RHS- | M] () -- C:\NTDETECT.COM
[2003/07/16 16:39:48 | 000,233,632 | RHS- | M] () -- C:\ntldr
[2010/10/23 18:32:45 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2006/01/18 23:56:20 | 000,000,411 | ---- | M] () -- C:\ysa.log

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

BillB · 2010/10/23

< %systemroot%\Fonts\*.ini >
[2005/10/19 20:31:15 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/10/19 16:24:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/10/19 16:24:31 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/10/19 16:24:31 | 000,413,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >
[2006/09/10 23:26:30 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies\ATI Control Panel\bak
[2006/09/10 23:26:35 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\AOL\IPHSend\bak
[2006/09/10 23:26:30 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Symantec Shared\bak
[2006/09/10 23:26:32 | 000,000,000 | ---D | M] -- C:\Program Files\Creative\SBAudigy2\DVDAudio\bak
[2006/09/10 23:26:32 | 000,000,000 | ---D | M] -- C:\Program Files\Creative\SBAudigy2\Surround Mixer\bak
[2006/09/10 23:26:28 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support\bak
[2006/09/10 23:26:32 | 000,000,000 | ---D | M] -- C:\Program Files\Dell\Media Experience\bak
[2006/09/10 23:26:34 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes\bak
[2006/09/10 23:26:34 | 000,000,000 | ---D | M] -- C:\Program Files\Java\jre1.5.0_03\bin\bak
[2006/09/10 23:26:28 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger\bak
[2006/09/10 23:26:31 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak
[2006/09/10 23:26:34 | 000,000,000 | ---D | M] -- C:\Program Files\OLYMPUS\OLYMPUS Master\bak
[2006/09/10 23:26:33 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint\Viewpoint Manager\bak
[2006/10/11 00:44:04 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!\Messenger\bak

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2005/10/19 20:31:26 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2005/10/19 20:36:31 | 000,000,139 | -HS- | M] () -- C:\Documents and Settings\Caitlin\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/10/19 20:36:30 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Caitlin\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/10/22 15:41:38 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Caitlin\Desktop\3eppe1dz.exe
[2010/10/23 18:27:21 | 003,884,040 | R--- | M] () -- C:\Documents and Settings\Caitlin\Desktop\ComboFix.exe
[2010/10/22 15:42:22 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Caitlin\Desktop\MBRCheck.exe
[2010/10/23 23:18:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Caitlin\Desktop\OTL.exe
[2000/10/05 18:05:30 | 000,165,888 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\Caitlin\Desktop\setup.exe
[2010/09/10 18:08:28 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Caitlin\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2006/12/07 17:25:21 | 000,111,232 | ---- | M] (FBM Software) -- C:\Documents and Settings\Caitlin\My Documents\FreeScanDownloader.exe
[2004/05/28 10:30:00 | 000,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Documents and Settings\Caitlin\My Documents\setup.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2005/10/19 20:36:30 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Caitlin\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/10/23 18:37:26 | 000,409,600 | ---- | M] () -- C:\Documents and Settings\Caitlin\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2005/01/28 13:44:28 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2003/07/16 16:32:11 | 000,005,102 | ---- | M] () -- C:\Program Files\Messenger\logo.gif
[2003/07/16 16:32:13 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 12:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 12:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2002/08/20 13:39:42 | 000,109,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2002/08/20 15:08:36 | 000,221,215 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2002/08/20 15:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2003/07/16 16:38:45 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2003/07/16 16:38:46 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2003/07/16 16:40:43 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2003/07/16 16:43:33 | 000,203,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\rtcimsp.dll
[2002/08/20 12:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2010/10/21 08:28:05 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\?asks) -- C:\Documents and Settings\Caitlin\My Documents\Тasks
[2008/08/29 18:56:52 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\?asks\ASKS~1) -- C:\Documents and Settings\Caitlin\My Documents\Тasks\ASKS~1
[2008/08/27 18:28:22 | 000,000,000 | ---D | M](C:\WINDOWS\??crosoft) -- C:\WINDOWS\Μіcrosoft
[2008/08/27 18:28:22 | 000,000,000 | ---D | C](C:\WINDOWS\??crosoft) -- C:\WINDOWS\Μіcrosoft
[2008/08/24 18:36:38 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\??mantec) -- C:\Documents and Settings\Caitlin\Application Data\Ѕуmantec
[2008/08/24 18:36:38 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\??mantec) -- C:\Documents and Settings\Caitlin\Application Data\Ѕуmantec
[2008/08/19 15:39:49 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\T?sks) -- C:\Documents and Settings\Caitlin\Application Data\Tаsks
[2008/08/19 15:39:49 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\T?sks) -- C:\Documents and Settings\Caitlin\Application Data\Tаsks
[2008/08/11 17:24:54 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\F?nts) -- C:\Documents and Settings\Caitlin\Application Data\Fοnts
[2008/08/11 17:24:54 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\F?nts) -- C:\Documents and Settings\Caitlin\Application Data\Fοnts
[2008/08/04 17:52:23 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?ecurity) -- C:\Documents and Settings\Caitlin\Application Data\ѕecurity
[2008/08/04 17:52:23 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?ecurity) -- C:\Documents and Settings\Caitlin\Application Data\ѕecurity
[2008/08/01 17:34:06 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\s?stem) -- C:\Documents and Settings\Caitlin\My Documents\sуstem
[2008/08/01 17:34:06 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\s?stem) -- C:\Documents and Settings\Caitlin\My Documents\sуstem
[2008/07/23 18:13:22 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\??mbols) -- C:\Documents and Settings\Caitlin\My Documents\ѕуmbols
[2008/07/23 18:13:22 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\??mbols) -- C:\Documents and Settings\Caitlin\My Documents\ѕуmbols
[2008/07/19 17:08:11 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\s?curity) -- C:\Documents and Settings\Caitlin\Application Data\sеcurity
[2008/07/19 17:08:11 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\s?curity) -- C:\Documents and Settings\Caitlin\Application Data\sеcurity
[2008/06/17 03:05:29 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\?ystem32) -- C:\Documents and Settings\Caitlin\My Documents\ѕystem32
[2008/06/17 03:05:29 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\?ystem32) -- C:\Documents and Settings\Caitlin\My Documents\ѕystem32
[2008/06/02 15:02:37 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\M?crosoft.NET) -- C:\Documents and Settings\Caitlin\My Documents\Mіcrosoft.NET
[2008/06/02 15:02:37 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\M?crosoft.NET) -- C:\Documents and Settings\Caitlin\My Documents\Mіcrosoft.NET
[2008/05/27 14:32:20 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\??crosoft.NET) -- C:\Documents and Settings\Caitlin\My Documents\Міcrosoft.NET
[2008/05/27 14:32:20 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\??crosoft.NET) -- C:\Documents and Settings\Caitlin\My Documents\Міcrosoft.NET
[2008/05/09 16:23:46 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??crosoft.NET) -- C:\WINDOWS\System32\Міcrosoft.NET
[2008/05/09 16:23:46 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??crosoft.NET) -- C:\WINDOWS\System32\Міcrosoft.NET
[2008/04/26 14:17:11 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?asks) -- C:\Documents and Settings\Caitlin\Application Data\Τasks
[2008/04/26 14:17:11 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?asks) -- C:\Documents and Settings\Caitlin\Application Data\Τasks
[2008/04/11 17:02:44 | 000,000,000 | ---D | M](C:\Program Files\??crosoft.NET) -- C:\Program Files\Μіcrosoft.NET
[2008/04/11 17:02:44 | 000,000,000 | ---D | M](C:\Program Files\??crosoft.NET) -- C:\Program Files\Μіcrosoft.NET
[2008/03/24 18:57:57 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\S?mantec) -- C:\Documents and Settings\Caitlin\Application Data\Sуmantec
[2008/03/24 18:57:57 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\S?mantec) -- C:\Documents and Settings\Caitlin\Application Data\Sуmantec
[2008/03/21 18:57:29 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\M?crosoft) -- C:\Documents and Settings\Caitlin\Application Data\Mіcrosoft
[2008/03/21 18:57:29 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\M?crosoft) -- C:\Documents and Settings\Caitlin\Application Data\Mіcrosoft
[2008/03/14 23:47:51 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\s?mbols) -- C:\Documents and Settings\Caitlin\My Documents\sуmbols
[2008/03/14 23:47:51 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\s?mbols) -- C:\Documents and Settings\Caitlin\My Documents\sуmbols
[2008/03/08 20:58:41 | 000,000,000 | ---D | M](C:\WINDOWS\?icrosoft.NET) -- C:\WINDOWS\Мicrosoft.NET
[2008/03/08 20:58:41 | 000,000,000 | ---D | C](C:\WINDOWS\?icrosoft.NET) -- C:\WINDOWS\Мicrosoft.NET
[2008/03/08 01:58:44 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\?dobe) -- C:\Documents and Settings\Caitlin\My Documents\Αdobe
[2008/03/08 01:58:44 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\?dobe) -- C:\Documents and Settings\Caitlin\My Documents\Αdobe
[2008/03/01 00:06:03 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\a?sembly) -- C:\Documents and Settings\Caitlin\Application Data\aѕsembly
[2008/03/01 00:06:03 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\a?sembly) -- C:\Documents and Settings\Caitlin\Application Data\aѕsembly
[2008/02/27 23:29:30 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\?icrosoft.NET) -- C:\Documents and Settings\Caitlin\My Documents\Мicrosoft.NET
[2008/02/27 23:29:30 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\?icrosoft.NET) -- C:\Documents and Settings\Caitlin\My Documents\Мicrosoft.NET
[2008/02/09 06:47:11 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??crosoft) -- C:\WINDOWS\System32\Міcrosoft
[2008/02/09 06:47:11 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??crosoft) -- C:\WINDOWS\System32\Міcrosoft
[2008/02/03 13:37:31 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?ystem) -- C:\Documents and Settings\Caitlin\Application Data\ѕystem
[2008/02/03 13:37:31 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?ystem) -- C:\Documents and Settings\Caitlin\Application Data\ѕystem
[2008/01/30 13:53:08 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\M?crosoft) -- C:\Documents and Settings\Caitlin\My Documents\Mіcrosoft
[2008/01/30 13:53:08 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\M?crosoft) -- C:\Documents and Settings\Caitlin\My Documents\Mіcrosoft
[2008/01/21 09:44:40 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\s?stem) -- C:\Documents and Settings\Caitlin\Application Data\sуstem
[2008/01/21 09:44:40 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\s?stem) -- C:\Documents and Settings\Caitlin\Application Data\sуstem
[2008/01/18 09:43:59 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\?ymantec) -- C:\Documents and Settings\Caitlin\My Documents\Ѕymantec
[2008/01/18 09:43:59 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\?ymantec) -- C:\Documents and Settings\Caitlin\My Documents\Ѕymantec
[2008/01/15 09:18:33 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\?ppPatch) -- C:\Documents and Settings\Caitlin\My Documents\АppPatch
[2008/01/15 09:18:33 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\?ppPatch) -- C:\Documents and Settings\Caitlin\My Documents\АppPatch
[2008/01/10 02:07:37 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\??stem32) -- C:\Documents and Settings\Caitlin\Application Data\ѕуstem32
[2008/01/10 02:07:37 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\??stem32) -- C:\Documents and Settings\Caitlin\Application Data\ѕуstem32
[2008/01/09 00:56:40 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\??sks) -- C:\Documents and Settings\Caitlin\Application Data\Таsks
[2008/01/09 00:56:40 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\??sks) -- C:\Documents and Settings\Caitlin\Application Data\Таsks
[2008/01/07 23:52:22 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?asks) -- C:\Documents and Settings\Caitlin\Application Data\Тasks
[2008/01/07 23:52:22 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?asks) -- C:\Documents and Settings\Caitlin\Application Data\Тasks
[2007/12/17 16:04:21 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\??stem) -- C:\Documents and Settings\Caitlin\My Documents\ѕуstem
[2007/12/17 16:04:21 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\??stem) -- C:\Documents and Settings\Caitlin\My Documents\ѕуstem
[2007/12/08 10:57:55 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\??pPatch) -- C:\Documents and Settings\Caitlin\My Documents\АрpPatch
[2007/12/08 10:57:55 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\??pPatch) -- C:\Documents and Settings\Caitlin\My Documents\АрpPatch
[2007/12/05 10:41:47 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\?ecurity) -- C:\Documents and Settings\Caitlin\My Documents\ѕecurity
[2007/12/05 10:41:47 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\?ecurity) -- C:\Documents and Settings\Caitlin\My Documents\ѕecurity
[2007/12/02 08:59:58 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?dobe) -- C:\Documents and Settings\Caitlin\Application Data\Αdobe
[2007/12/02 08:59:58 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?dobe) -- C:\Documents and Settings\Caitlin\Application Data\Αdobe
[2007/11/26 09:07:39 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\s?stem32) -- C:\Documents and Settings\Caitlin\Application Data\sуstem32
[2007/11/26 09:07:39 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\s?stem32) -- C:\Documents and Settings\Caitlin\Application Data\sуstem32
[2007/11/18 09:49:34 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?icrosoft) -- C:\Documents and Settings\Caitlin\Application Data\Мicrosoft
[2007/11/18 09:49:34 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?icrosoft) -- C:\Documents and Settings\Caitlin\Application Data\Мicrosoft
[2007/11/02 21:55:23 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?racle) -- C:\Documents and Settings\Caitlin\Application Data\Οracle
[2007/11/02 21:55:23 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?racle) -- C:\Documents and Settings\Caitlin\Application Data\Οracle
[2007/10/31 21:19:40 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\??crosoft.NET) -- C:\Documents and Settings\Caitlin\Application Data\Μіcrosoft.NET
[2007/10/31 21:19:40 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\??crosoft.NET) -- C:\Documents and Settings\Caitlin\Application Data\Μіcrosoft.NET
[2007/10/24 18:09:08 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\??crosoft) -- C:\Documents and Settings\Caitlin\Application Data\Μіcrosoft
[2007/10/24 18:09:08 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\??crosoft) -- C:\Documents and Settings\Caitlin\Application Data\Μіcrosoft
[2007/10/03 21:01:12 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??crosoft) -- C:\Program Files\Common Files\Μіcrosoft
[2007/10/03 21:01:12 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??crosoft) -- C:\Program Files\Common Files\Μіcrosoft
[2007/10/02 21:29:55 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\F?nts) -- C:\Documents and Settings\Caitlin\My Documents\Fоnts
[2007/10/02 21:29:55 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\F?nts) -- C:\Documents and Settings\Caitlin\My Documents\Fоnts
[2007/10/01 22:12:18 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\??sembly) -- C:\Documents and Settings\Caitlin\My Documents\аѕsembly
[2007/10/01 22:12:18 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\??sembly) -- C:\Documents and Settings\Caitlin\My Documents\аѕsembly
[2007/09/21 21:38:46 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?ymbols) -- C:\Documents and Settings\Caitlin\Application Data\ѕymbols
[2007/09/21 21:38:46 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?ymbols) -- C:\Documents and Settings\Caitlin\Application Data\ѕymbols
[2007/09/16 20:38:19 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\?ymbols) -- C:\Documents and Settings\Caitlin\My Documents\ѕymbols
[2007/09/16 20:38:19 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\?ymbols) -- C:\Documents and Settings\Caitlin\My Documents\ѕymbols
[2007/09/12 20:59:33 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\??crosoft.NET) -- C:\Documents and Settings\Caitlin\My Documents\Μіcrosoft.NET
[2007/09/12 20:59:33 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\??crosoft.NET) -- C:\Documents and Settings\Caitlin\My Documents\Μіcrosoft.NET
[2007/09/03 20:57:28 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\?asks) -- C:\Documents and Settings\Caitlin\My Documents\Τasks
[2007/09/03 20:57:28 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\?asks) -- C:\Documents and Settings\Caitlin\My Documents\Τasks
[2007/08/30 12:28:46 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\??crosoft) -- C:\Documents and Settings\Caitlin\My Documents\Μіcrosoft
[2007/08/30 12:28:46 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\??crosoft) -- C:\Documents and Settings\Caitlin\My Documents\Μіcrosoft
[2007/08/25 09:01:33 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\??sks) -- C:\Documents and Settings\Caitlin\Application Data\Τаsks
[2007/08/25 09:01:33 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\??sks) -- C:\Documents and Settings\Caitlin\Application Data\Τаsks
[2007/08/19 12:47:54 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?ystem32) -- C:\Documents and Settings\Caitlin\Application Data\ѕystem32
[2007/08/19 12:47:54 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?ystem32) -- C:\Documents and Settings\Caitlin\Application Data\ѕystem32
[2007/07/29 01:18:12 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\A?pPatch) -- C:\Documents and Settings\Caitlin\Application Data\AрpPatch
[2007/07/29 01:18:12 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\A?pPatch) -- C:\Documents and Settings\Caitlin\Application Data\AрpPatch
[2007/07/27 00:34:21 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\??crosoft.NET) -- C:\Documents and Settings\Caitlin\Application Data\Міcrosoft.NET
[2007/07/27 00:34:21 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\??crosoft.NET) -- C:\Documents and Settings\Caitlin\Application Data\Міcrosoft.NET
[2007/07/26 00:32:10 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\W?nSxS) -- C:\Documents and Settings\Caitlin\My Documents\WіnSxS
[2007/07/26 00:32:10 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\W?nSxS) -- C:\Documents and Settings\Caitlin\My Documents\WіnSxS
[2007/07/14 17:11:55 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\??crosoft) -- C:\Documents and Settings\Caitlin\Application Data\Міcrosoft
[2007/07/14 17:11:55 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\??crosoft) -- C:\Documents and Settings\Caitlin\Application Data\Міcrosoft
[2007/07/08 16:42:43 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\a?sembly) -- C:\Documents and Settings\Caitlin\My Documents\aѕsembly
[2007/07/08 16:42:43 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\a?sembly) -- C:\Documents and Settings\Caitlin\My Documents\aѕsembly
[2007/07/03 09:52:24 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\S?mantec) -- C:\Documents and Settings\Caitlin\My Documents\Sуmantec
[2007/07/03 09:52:24 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\S?mantec) -- C:\Documents and Settings\Caitlin\My Documents\Sуmantec
[2007/07/02 10:06:03 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\W?nSxS) -- C:\Documents and Settings\Caitlin\Application Data\WіnSxS
[2007/07/02 10:06:03 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\W?nSxS) -- C:\Documents and Settings\Caitlin\Application Data\WіnSxS
[2007/06/28 03:06:43 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?dobe) -- C:\Documents and Settings\Caitlin\Application Data\Аdobe
[2007/06/28 03:06:43 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?dobe) -- C:\Documents and Settings\Caitlin\Application Data\Аdobe
[2007/05/28 08:32:55 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\F?nts) -- C:\Documents and Settings\Caitlin\Application Data\Fоnts
[2007/05/28 08:32:55 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\F?nts) -- C:\Documents and Settings\Caitlin\Application Data\Fоnts
[2007/05/24 07:11:04 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\??pPatch) -- C:\Documents and Settings\Caitlin\Application Data\АрpPatch
[2007/05/24 07:11:04 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\??pPatch) -- C:\Documents and Settings\Caitlin\Application Data\АрpPatch
[2007/05/06 20:01:55 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?icrosoft) -- C:\Documents and Settings\Caitlin\Application Data\Μicrosoft
[2007/05/06 20:01:55 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?icrosoft) -- C:\Documents and Settings\Caitlin\Application Data\Μicrosoft
[2007/05/02 19:52:36 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\??mantec) -- C:\Documents and Settings\Caitlin\My Documents\Ѕуmantec
[2007/05/02 19:52:36 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\??mantec) -- C:\Documents and Settings\Caitlin\My Documents\Ѕуmantec
[2007/04/27 23:06:05 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\??pPatch) -- C:\Documents and Settings\Caitlin\My Documents\ΑрpPatch
[2007/04/27 23:06:05 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\??pPatch) -- C:\Documents and Settings\Caitlin\My Documents\ΑрpPatch
[2007/04/26 22:48:10 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\?ystem) -- C:\Documents and Settings\Caitlin\My Documents\ѕystem
[2007/04/26 22:48:10 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\?ystem) -- C:\Documents and Settings\Caitlin\My Documents\ѕystem
[2007/04/19 23:26:08 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?ppPatch) -- C:\Documents and Settings\Caitlin\Application Data\ΑppPatch
[2007/04/19 23:26:08 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?ppPatch) -- C:\Documents and Settings\Caitlin\Application Data\ΑppPatch
[2007/04/16 23:54:33 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\??crosoft) -- C:\Documents and Settings\Caitlin\My Documents\Міcrosoft
[2007/04/16 23:54:33 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\??crosoft) -- C:\Documents and Settings\Caitlin\My Documents\Міcrosoft
[2007/04/07 02:39:46 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?ymantec) -- C:\Documents and Settings\Caitlin\Application Data\Ѕymantec
[2007/04/07 02:39:46 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?ymantec) -- C:\Documents and Settings\Caitlin\Application Data\Ѕymantec
[2007/03/24 00:11:35 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\??mbols) -- C:\Documents and Settings\Caitlin\Application Data\ѕуmbols
[2007/03/24 00:11:35 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\??mbols) -- C:\Documents and Settings\Caitlin\Application Data\ѕуmbols
[2007/03/17 21:44:21 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?racle) -- C:\Documents and Settings\Caitlin\Application Data\Оracle
[2007/03/17 21:44:21 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?racle) -- C:\Documents and Settings\Caitlin\Application Data\Оracle
[2007/02/08 20:17:43 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\My Documents\?icrosoft) -- C:\Documents and Settings\Caitlin\My Documents\Мicrosoft
[2007/02/08 20:17:43 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\?icrosoft) -- C:\Documents and Settings\Caitlin\My Documents\Мicrosoft
[2007/02/04 04:45:04 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\s?mbols) -- C:\Documents and Settings\Caitlin\Application Data\sуmbols
[2007/02/04 04:45:04 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\s?mbols) -- C:\Documents and Settings\Caitlin\Application Data\sуmbols
[2007/01/26 03:13:51 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\??stem) -- C:\Documents and Settings\Caitlin\Application Data\ѕуstem
[2007/01/26 03:13:51 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\??stem) -- C:\Documents and Settings\Caitlin\Application Data\ѕуstem
[2006/12/23 18:41:18 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?icrosoft.NET) -- C:\Documents and Settings\Caitlin\Application Data\Мicrosoft.NET
[2006/12/23 18:41:18 | 000,000,000 | ---D | M](C:\Documents and Settings\Caitlin\Application Data\?icrosoft.NET) -- C:\Documents and Settings\Caitlin\Application Data\Мicrosoft.NET
[2006/11/24 02:51:47 | 000,000,000 | ---D | C](C:\Documents and Settings\Caitlin\My Documents\?asks) -- C:\Documents and Settings\Caitlin\My Documents\Тasks
(C:\Program Files\Common Files\??crosoft) -- C:\Program Files\Common Files\Μіcrosoft
(C:\Program Files\??crosoft.NET) -- C:\Program Files\Μіcrosoft.NET
(C:\Documents and Settings\Caitlin\Application Data\W?nSxS) -- C:\Documents and Settings\Caitlin\Application Data\WіnSxS
(C:\Documents and Settings\Caitlin\Application Data\T?sks) -- C:\Documents and Settings\Caitlin\Application Data\Tаsks
(C:\Documents and Settings\Caitlin\Application Data\s?stem32) -- C:\Documents and Settings\Caitlin\Application Data\sуstem32
(C:\Documents and Settings\Caitlin\Application Data\s?stem) -- C:\Documents and Settings\Caitlin\Application Data\sуstem
(C:\Documents and Settings\Caitlin\Application Data\s?mbols) -- C:\Documents and Settings\Caitlin\Application Data\sуmbols
(C:\Documents and Settings\Caitlin\Application Data\S?mantec) -- C:\Documents and Settings\Caitlin\Application Data\Sуmantec
(C:\Documents and Settings\Caitlin\Application Data\s?curity) -- C:\Documents and Settings\Caitlin\Application Data\sеcurity
(C:\Documents and Settings\Caitlin\Application Data\M?crosoft) -- C:\Documents and Settings\Caitlin\Application Data\Mіcrosoft
(C:\Documents and Settings\Caitlin\Application Data\F?nts) -- C:\Documents and Settings\Caitlin\Application Data\Fоnts
(C:\Documents and Settings\Caitlin\Application Data\F?nts) -- C:\Documents and Settings\Caitlin\Application Data\Fοnts
(C:\Documents and Settings\Caitlin\Application Data\a?sembly) -- C:\Documents and Settings\Caitlin\Application Data\aѕsembly
(C:\Documents and Settings\Caitlin\Application Data\A?pPatch) -- C:\Documents and Settings\Caitlin\Application Data\AрpPatch
(C:\Documents and Settings\Caitlin\Application Data\?ystem32) -- C:\Documents and Settings\Caitlin\Application Data\ѕystem32
(C:\Documents and Settings\Caitlin\Application Data\?ystem) -- C:\Documents and Settings\Caitlin\Application Data\ѕystem
(C:\Documents and Settings\Caitlin\Application Data\?ymbols) -- C:\Documents and Settings\Caitlin\Application Data\ѕymbols
(C:\Documents and Settings\Caitlin\Application Data\?ymantec) -- C:\Documents and Settings\Caitlin\Application Data\Ѕymantec
(C:\Documents and Settings\Caitlin\Application Data\?racle) -- C:\Documents and Settings\Caitlin\Application Data\Оracle
(C:\Documents and Settings\Caitlin\Application Data\?racle) -- C:\Documents and Settings\Caitlin\Application Data\Οracle
(C:\Documents and Settings\Caitlin\Application Data\?ppPatch) -- C:\Documents and Settings\Caitlin\Application Data\ΑppPatch
(C:\Documents and Settings\Caitlin\Application Data\?icrosoft.NET) -- C:\Documents and Settings\Caitlin\Application Data\Мicrosoft.NET
(C:\Documents and Settings\Caitlin\Application Data\?icrosoft) -- C:\Documents and Settings\Caitlin\Application Data\Мicrosoft
(C:\Documents and Settings\Caitlin\Application Data\?icrosoft) -- C:\Documents and Settings\Caitlin\Application Data\Μicrosoft
(C:\Documents and Settings\Caitlin\Application Data\?ecurity) -- C:\Documents and Settings\Caitlin\Application Data\ѕecurity
(C:\Documents and Settings\Caitlin\Application Data\?dobe) -- C:\Documents and Settings\Caitlin\Application Data\Аdobe
(C:\Documents and Settings\Caitlin\Application Data\?dobe) -- C:\Documents and Settings\Caitlin\Application Data\Αdobe
(C:\Documents and Settings\Caitlin\Application Data\?asks) -- C:\Documents and Settings\Caitlin\Application Data\Тasks
(C:\Documents and Settings\Caitlin\Application Data\?asks) -- C:\Documents and Settings\Caitlin\Application Data\Τasks
(C:\Documents and Settings\Caitlin\Application Data\??stem32) -- C:\Documents and Settings\Caitlin\Application Data\ѕуstem32
(C:\Documents and Settings\Caitlin\Application Data\??stem) -- C:\Documents and Settings\Caitlin\Application Data\ѕуstem
(C:\Documents and Settings\Caitlin\Application Data\??sks) -- C:\Documents and Settings\Caitlin\Application Data\Таsks
(C:\Documents and Settings\Caitlin\Application Data\??sks) -- C:\Documents and Settings\Caitlin\Application Data\Τаsks
(C:\Documents and Settings\Caitlin\Application Data\??pPatch) -- C:\Documents and Settings\Caitlin\Application Data\АрpPatch
(C:\Documents and Settings\Caitlin\Application Data\??mbols) -- C:\Documents and Settings\Caitlin\Application Data\ѕуmbols
(C:\Documents and Settings\Caitlin\Application Data\??mantec) -- C:\Documents and Settings\Caitlin\Application Data\Ѕуmantec
(C:\Documents and Settings\Caitlin\Application Data\??crosoft.NET) -- C:\Documents and Settings\Caitlin\Application Data\Міcrosoft.NET
(C:\Documents and Settings\Caitlin\Application Data\??crosoft.NET) -- C:\Documents and Settings\Caitlin\Application Data\Μіcrosoft.NET
(C:\Documents and Settings\Caitlin\Application Data\??crosoft) -- C:\Documents and Settings\Caitlin\Application Data\Міcrosoft
(C:\Documents and Settings\Caitlin\Application Data\??crosoft) -- C:\Documents and Settings\Caitlin\Application Data\Μіcrosoft

< End of report >

broni · 2010/10/23

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

==============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll File not found
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll File not found
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Web assistant) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll File not found
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe File not found
O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE File not found
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe File not found
O4 - HKLM..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe File not found
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe File not found
O4 - HKLM..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe File not found
O4 - HKLM..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe File not found
O4 - HKCU..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe File not found
O4 - HKCU..\Run: [SB Audigy 2 Startup Menu] File not found
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe File not found
O4 - Startup: C:\Documents and Settings\Caitlin\Start Menu\Programs\Startup\V CAST Music Monitor.lnk = File not found
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll File not found
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/tech...bs/tgctlsr.cab (Symantec Script Runner Class)
[2007/06/10 16:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/06/15 20:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caitlin\Application Data\Viewpoint
[2006/09/10 23:26:30 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Symantec Shared\bak
[2006/09/10 23:26:33 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint\Viewpoint Manager\bak


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
=================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Log in or Sign up

Solved Need some help with a co-worker's infected pc

BillB Well-Known Member Thread Starter

Admin. Administrator Administrator Staff

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

BillB Well-Known Member Thread Starter

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Need some help with a co-worker's infected pc

BillB Well-Known Member Thread Starter

Admin. Administrator Administrator Staff

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

BillB Well-Known Member Thread Starter

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches