Jump to content

China malicious IP address getting blocked


Rdw

Recommended Posts

I recently had the Anti virus Live malware infection. Research turned me to Malwarebytes and, using the free edition, I was able to restore my computer. I purchased the full edition for my wife's computer and mine to prevent further attack. I however am getting "blocked malicious IP addresses" - most from China about every 5 min. She is getting no messages. I have scanned my computer with Malwarebytes, CA, online scanner Trend micro Housecall, Spybot S/D, rootkit from Sophos but nothing is found. Any help would be greatly appreciated.

Here is the DDS log and the requested txt files are attached. Thanks in advance.

DDS (Ver_09-12-01.01) - NTFSx86

Run by Administrator at 21:30:04.32 on Sat 12/26/2009

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1366 [GMT -5:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\zHotkey.exe

C:\WINDOWS\system32\WDBtnMgr.exe

C:\WINDOWS\system32\oodtray.exe

C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

C:\Program Files\Nova Development\Greeting Card Factory Deluxe 7.0\ReminderApp.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\Program Files\Wave Systems Corp\Common\DataServer.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GB3173UJ\dds[1].scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie

uStart Page = hxxp://www.foxnews.com/

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [<NO NAME>]

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [CHotkey] zHotkey.exe

mRun: [WD Button Manager] WDBtnMgr.exe

mRun: [OODefragTray] c:\windows\system32\oodtray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"

mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"

mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe"

mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe

mRun: [ReminderApp] c:\program files\nova development\greeting card factory deluxe 7.0\ReminderApp.exe

mRun: [D-Link Network USB Utility] c:\program files\d-link\network usb utility\Network USB Utility.exe -mini

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM

IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: c:\windows\system32\VetRedir.dll

Trusted Zone: copcp.com\vpn

Trusted Zone: copcp.com\www

Trusted Zone: copcp.local\integreat

Trusted Zone: iccchartweb1

Trusted Zone: icchart

Trusted Zone: iccsql

Trusted Zone: iccsql01

Trusted Zone: iccsql1

Trusted Zone: iccsql2

Trusted Zone: iccweb1

Trusted Zone: iccweb2

Trusted Zone: iccweb3

Trusted Zone: iccweb4

Trusted Zone: integreat

Trusted Zone: integreat2

Trusted Zone: intradocs2

Trusted Zone: intuit.com

Trusted Zone: plaxo.com\www

Trusted Zone: turbotax.com

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/40.14/uploader2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {92CAE93B-B7A5-4CC5-A3D2-DD215B8B4658} - hxxps://vpn.copcp.com/,DanaInfo=integreat+prsetupctl.ocx

DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} - file:///C:/Documents%20and%20Settings/Administrator/Application%20Data/Smilebox/OzDesktopImporter.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://vpn.copcp.com/dana-cached/setup/JuniperSetupSP1.cab

DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [2006-10-10 21504]

R1 NEOFLTR_550_12129;Juniper Networks TDI Filter Driver (NEOFLTR_550_12129);c:\windows\system32\drivers\NEOFLTR_550_12129.sys [2007-10-3 63008]

R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2008-9-25 26352]

R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2008-9-25 21104]

R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-10-13 739696]

R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2008-9-25 21488]

R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2008-9-25 32240]

R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]

R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2008-9-25 144960]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-23 276816]

R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2008-9-25 238832]

R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\DlinkUDSMBus.sys [2008-8-18 73600]

R3 IAMTXP;Driver for Intel

Edited by Maurice Naggar
Placed 2 log reports In-Line
Link to post
Share on other sites

  • Replies 50
  • Created
  • Last Reply

Top Posters In This Topic

Hello Rdw,

Please un-install BitTorrent as well as any other Peer to Peer filesharing utility program. Logoff and Restart the system fresh after you have done that, and confirm having done so for me.

Filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

"File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 4

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

At this time of posting, the current definitions are # 3450 and the latest program version is 1.42.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 5

Using Internet Explorer browser only, go to ESET Online Scanner website:

Vista users should start IE by Start (Vista Orb) >> Internet Explorer >> Right-Click and select Run As Administrator.

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/onlinescan/cac4.php?page=faq

    • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
      Otherwise the scan will take twice as long to do:
      everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

    Step 6

    Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

    • Close all open windows on the Task Bar. Double click the icon otlDesktopIcon.png (for Vista, right click the icon and Run as Administrator) to start the program.
    • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
    • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
    • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
    • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
    • Exit OTL by clicking the X at top right.

    Download Security Check by screen317 and save it to your Desktop: here or here

    • Run Security Check
    • Follow the onscreen instructions inside of the command window.
    • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

    eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

    Then copy/paste the following into your post (in order), the contents of:

    • the MBAM scan log
    • The ESET scan log
    • OTL.txt
    • Extras.txt
    • checkup.txt

    Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

    Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

I removed the Bit torrent program.

MBAM scan log:

00:01:49 Administrator IP-BLOCK 222.69.6.119

00:02:23 Administrator IP-BLOCK 222.67.205.65

00:03:56 Administrator IP-BLOCK 222.65.50.48

00:05:35 Administrator IP-BLOCK 222.65.96.13

00:06:13 Administrator IP-BLOCK 121.9.249.47

00:06:40 Administrator IP-BLOCK 222.76.78.35

00:07:59 Administrator IP-BLOCK 221.5.8.1

ESET scan log:

C:\Documents and Settings\Administrator\My Documents\Phone Hack\P2kCommander-V3.2.6\P2kCommander.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined

C:\Documents and Settings\Administrator\My Documents\Phone Hack\PST_7.2.3\PST_uni_patch.exe probably a variant of Win32/Bifrose trojan cleaned by deleting - quarantined

C:\Program Files\Motorola\PST\pst_uni_patch.exe probably a variant of Win32/Bifrose trojan cleaned by deleting - quarantined

H:\Programs\Nero 8 ultra\Nero-8[1].3.2.1_eng_update.exe Win32/Toolbar.AskSBar application deleted - quarantined

H:\Programs\Nero 8 ultra\Nero 8\Nero-8.3.6.0_eng_update.exe Win32/Toolbar.AskSBar application deleted - quarantined

H:\Programs\Nero 8 ultra\Nero 8\Nero-8[1].3.2.1_eng_update.exe Win32/Toolbar.AskSBar application deleted - quarantined

OTL.txt:

OTL logfile created on: 12/29/2009 8:09:43 PM - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 70.25 Gb Total Space | 11.84 Gb Free Space | 16.86% Space Free | Partition Type: NTFS

Drive D: | 4.25 Gb Total Space | 2.73 Gb Free Space | 64.23% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 18.65 Gb Total Space | 9.79 Gb Free Space | 52.50% Space Free | Partition Type: NTFS

Drive H: | 195.31 Gb Total Space | 15.94 Gb Free Space | 8.16% Space Free | Partition Type: NTFS

I: Drive not present or media not loaded

Drive M: | 102.78 Gb Total Space | 18.50 Gb Free Space | 18.00% Space Free | Partition Type: NTFS

Computer Name: GATEWAY

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/29 20:08:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

PRC - [2009/12/03 16:14:02 | 00,429,392 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2009/12/03 16:14:02 | 00,276,816 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2009/12/01 11:29:33 | 00,238,832 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe

PRC - [2009/12/01 11:29:33 | 00,230,664 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe

PRC - [2009/10/28 01:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2009/10/07 07:46:25 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe

PRC - [2009/08/03 08:11:03 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

PRC - [2009/08/03 08:11:03 | 00,177,392 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

PRC - [2008/12/02 15:29:52 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

PRC - [2008/10/10 04:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

PRC - [2008/09/25 20:45:26 | 00,014,088 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe

PRC - [2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/04/06 22:45:48 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2008/03/04 22:39:36 | 00,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe

PRC - [2007/09/29 01:56:34 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

PRC - [2007/08/25 00:03:20 | 00,185,664 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Deluxe 7.0\ReminderApp.exe

PRC - [2007/08/20 12:27:26 | 00,144,960 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe

PRC - [2007/08/16 20:10:16 | 00,189,704 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

PRC - [2007/08/16 20:10:14 | 00,218,376 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe

PRC - [2007/05/11 02:09:48 | 01,050,120 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe

PRC - [2007/05/11 02:08:54 | 02,512,392 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodtray.exe

PRC - [2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

PRC - [2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

PRC - [2007/01/04 11:10:22 | 00,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

PRC - [2006/12/19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe

PRC - [2006/10/10 16:06:11 | 00,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

PRC - [2005/08/30 16:54:10 | 00,290,816 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe

PRC - [2005/03/07 15:30:46 | 00,180,224 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe

PRC - [2004/12/08 19:57:36 | 00,550,912 | ---- | M] () -- C:\WINDOWS\zHotkey.exe

PRC - [2004/11/02 22:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

========== Modules (SafeList) ==========

MOD - [2009/12/29 20:08:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

MOD - [2008/09/25 20:45:26 | 00,083,208 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOEHook.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/12/03 16:14:02 | 00,276,816 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2009/12/01 11:29:33 | 00,238,832 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT)

SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2009/08/03 08:11:03 | 00,214,256 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)

SRV - [2009/07/18 15:32:06 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)

SRV - [2009/04/25 09:40:58 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)

SRV - [2008/12/12 08:31:10 | 00,537,896 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)

SRV - [2008/12/02 15:29:52 | 00,877,864 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)

SRV - [2008/10/10 04:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)

SRV - [2007/09/29 01:56:34 | 00,483,328 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)

SRV - [2007/08/20 12:27:26 | 00,144,960 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe)

SRV - [2007/08/16 20:10:16 | 00,189,704 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv)

SRV - [2007/05/11 02:09:48 | 01,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)

SRV - [2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)

SRV - [2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

SRV - [2007/01/04 11:10:22 | 00,280,080 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)

SRV - [2006/12/19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)

SRV - [2006/10/10 16:06:11 | 00,196,608 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)

SRV - [2005/08/30 16:54:10 | 00,290,816 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe -- (DataSvr)

SRV - [2005/03/07 15:30:46 | 00,180,224 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe -- (tcsd_win32.exe)

SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2009/12/01 11:29:33 | 00,739,696 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vetefile.sys -- (VETEFILE)

DRV - [2009/12/01 11:29:33 | 00,133,520 | ---- | M] (Computer Associates International, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\veteboot.sys -- (VETEBOOT)

DRV - [2009/12/01 11:29:33 | 00,032,240 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vetmonnt.sys -- (VETMONNT)

DRV - [2009/12/01 11:29:33 | 00,026,352 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vet-filt.sys -- (VET-FILT)

DRV - [2009/12/01 11:29:33 | 00,021,488 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vetfddnt.sys -- (VETFDDNT)

DRV - [2009/12/01 11:29:33 | 00,021,104 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vet-rec.sys -- (VET-REC)

DRV - [2009/05/06 17:45:31 | 00,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)

DRV - [2008/11/20 14:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)

DRV - [2008/08/21 18:49:56 | 00,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)

DRV - [2008/08/21 18:49:22 | 00,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)

DRV - [2008/08/18 14:20:12 | 00,073,600 | ---- | M] (Windows

Edited by Maurice Naggar
Removed "quote"-reply-block
Link to post
Share on other sites

Part 2

OTL Extras logfile created on: 12/29/2009 8:09:43 PM - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 70.25 Gb Total Space | 11.84 Gb Free Space | 16.86% Space Free | Partition Type: NTFS

Drive D: | 4.25 Gb Total Space | 2.73 Gb Free Space | 64.23% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 18.65 Gb Total Space | 9.79 Gb Free Space | 52.50% Space Free | Partition Type: NTFS

Drive H: | 195.31 Gb Total Space | 15.94 Gb Free Space | 8.16% Space Free | Partition Type: NTFS

I: Drive not present or media not loaded

Drive M: | 102.78 Gb Total Space | 18.50 Gb Free Space | 18.00% Space Free | Partition Type: NTFS

Computer Name: GATEWAY

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"9303:UDP" = 9303:UDP:*:Enabled:Network USB Utility UDP Port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found

"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)

"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)

"C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe" = C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy -- (Juniper Networks)

"C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter -- (Nero AG)

"C:\WINDOWS\LMI4.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI4.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- File not found

"C:\Documents and Settings\Administrator\Local Settings\Temp\OnlineUpdate8\SetupXu.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\OnlineUpdate8\SetupXu.exe:*:Enabled:Nero ControlCenter -- File not found

"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

"C:\Program Files\D-Link\Network USB Utility\Network USB Utility.exe" = C:\Program Files\D-Link\Network USB Utility\Network USB Utility.exe:*:Enabled:Network USB Utility -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)

"{039D7D5D-9E22-4DEC-BD39-8E80CE172ADE}" = ATI Catalyst Control Center

"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics

"{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}" = Canon MP830

"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway

"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}" = Intel Audio Studio 2.0

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 17

"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder

"{38B9A4E1-4482-44D9-AC14-64F70938CCB5}" = Garmin MapSource

"{3F8EB641-6AD2-45DE-A8DD-91D7BDD39CDE}" = Microsoft USB Flash Drive Manager

"{47BA74C5-1890-4ED2-954A-AD11186D8E26}" = Garmin TOPO U.S. 2008

"{4E4D9ED8-2646-41A4-851E-79ACE47AC2FE}" = Network USB Utility

"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows

"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService

"{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition

"{55D6B4DA-50E9-47AF-99C1-9A8E3A234763}" = Greeting Card Factory Deluxe 7.0

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6897145C-B43D-415E-84F0-C273437104DA}" = Noiseware Standard Edition

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver

"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{725F7446-EAC3-4279-97EF-5A5F6A9F6BF8}" = STMicroelectronics TPM Software Package

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset

"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software

"{7784A172-61F1-445E-8368-601607E0DD22}" = MP3 Player Utilities 4.00

"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0

"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English

"{7e09afc2-65bd-482f-ba8a-501ecc6429bf}" = NTRU Hybrid TSS v1.05

"{82EF8297-C8B2-4CA8-9430-FF2BC8C40414}" = GWCares

"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine

"{8CC5BF82-4DD4-11D4-A39F-00C04F05E3F0}" = Motorola PST

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content

"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003

"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine

"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8

"{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder

"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A351224F-533A-4EED-89F4-0BF3417FD31D}" = WD Backup

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5

"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{AF32FB61-AB9C-423B-A3E0-724A167953D9}" = TurboTax 2008 wohiper

"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers

"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper

"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BBF7D230-8F25-4041-90A9-73FD03BE8640}" = DartViewer

"{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}" = Google Gears

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C82185E8-C27B-4EF4-2007-4444BC2C2B6D}" = Microsoft Streets & Trips 2007

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE8C3BD6-6AF3-4DAA-A15C-21FF2E16F57C}" = Intel Audio Studio 2.0

"{D768EBA6-7C43-4F65-B165-1B1EF9BD5DD8}" = EMBASSY Security Center

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater

"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp

"{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}" = Presto! PageManager 7.15.11

"{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools

"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio

"{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}" = WD Firewire HID Driver

"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"All ATI Software" = ATI - Software Uninstall Utility

"ATI Display Driver" = ATI Display Driver

"CCleaner" = CCleaner

"DxO Optics Pro v4" = DxO Optics Pro v4.0

"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint

"Easy-WebPrint" = Easy-WebPrint

"ERUNT_is1" = ERUNT 1.1j

"eTrust Suite Personal" = CA Internet Security Suite

"gtw_logo" = gtw_logo

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ieSpell" = ieSpell

"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11

"KLiteCodecPack_is1" = K-Lite Codec Pack 3.4.0 Full

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MP Navigator 2.2" = Canon MP Navigator 2.2

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Picasa 3" = Picasa 3

"PROSet" = Intel

Edited by Maurice Naggar
Removed quote-reply-block
Link to post
Share on other sites

Roger,

I have just edited your last 2 replies to remove the Quoted sections. The way you have started your replies (up to this point) appears to be thru using the button

"REPLY

which makes a whole entire quote of the last preceding reply.

Which makes for HUGE amount of repeats.

Here's what you should do:

To start a reply, look at the very very bottom of forum screen -- at bottom right--- and only use the ADDREPLY t_reply.gif button

That would be much appreciated. :lol:

Link to post
Share on other sites

The items removed by ESET online scan are now gone. If in future you find that Nero has an issue, you may have to get the latest version from Nero support.

For now, close any of your open programs, and do a run of Combofix and post back that log, for my review.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Link 3

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

Even when ComboFix appears to be doing nothing, look at your Drive light.

If it is flashing, Combofix is still at work.

=

RE-Enable your AntiVirus and AntiSpyware applications.

Reply with copy of contents of C:\Combofix.txt

Link to post
Share on other sites

ComboFix 09-12-29.06 - Administrator 12/30/2009 14:16:40.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1287 [GMT -5:00]

Running from: C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exe

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

.

Link to post
Share on other sites

RDW,

I'd like a new download of Combofix and then a run of Combofix, with this time, disconnecting the pc from internet just before you start it. So this is a modified set of directions --- please follow.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Link 3

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Disconnect this pc from the internet. Unplug the cable-connection to your modem.
  • Double click on Combo-Fix.exe & follow the prompts.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

Even when ComboFix appears to be doing nothing, look at your Drive light.

If it is flashing, Combofix is still at work.

=

RE-Enable your AntiVirus and AntiSpyware applications.

Now, reconnect the cable-connection to your modem. Thus reconnecting pc to the internet.

Reply with copy of the latest C:\Combofix.txt

Link to post
Share on other sites

Maurice - thank you for your help but I must have made another mistake somewhere as the new combofix ran and had a log that I copied and was going to paste in a reply but the system froze. I rebooted and check the combo fix folder to find... no log! as it had said it one of the last screens that it would be found at C: combofix.txt but the only files there are cf18916.cfxxe mbr.cfxxe mbr.txt FYI each time I renable my antivir software I get a virus warning w32sillybt something.... that it deletes from the combofix

I await further instructions

Roger

Link to post
Share on other sites

Please download and run >> this tool << by Jpshortstuff:

It will only take a few moments.

Copy and paste contents of the Kenco.log on the Desktop.

Next, a new run of OTL

Locate the OTL.exe on your Destop

Double-click OTL.exe otlDesktopIcon.png to start it.

Look at the upper left of window. Press the pink color Quick Scan button.

Have patience while it runs.

It will produce a new log. Save it.

Copy and paste back here a copy of Kenco.log

the new OTL.txt

Link to post
Share on other sites

here is the Kenco.log

Kenco by jpshortstuff (31.12.09.1)

Log created at 09:44 on 01/01/2010 (Administrator)

========== Task Unlocker ==========

========== KencoScan ==========

========== C:\WINDOWS\Tasks ==========

CAAntiSpywareScan_Daily as Administrator at 1 07 AM.job -> [12:08 14/07/2009] 472 bytes

GoogleUpdateTaskMachineCore.job -> [20:32 18/07/2009] 896 bytes

GoogleUpdateTaskMachineUA.job -> [20:32 18/07/2009] 900 bytes

Malwarebytes' Scheduled Scan for Administrator.job -> [13:37 23/12/2009] 524 bytes

Malwarebytes' Scheduled Update for Administrator.job -> [13:37 23/12/2009] 510 bytes

-=E.O.F=-

here is the OTL.txt

OTL logfile created on: 1/1/2010 9:46:35 AM - Run 2

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 70.25 Gb Total Space | 10.55 Gb Free Space | 15.02% Space Free | Partition Type: NTFS

Drive D: | 4.25 Gb Total Space | 2.73 Gb Free Space | 64.22% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 18.65 Gb Total Space | 9.79 Gb Free Space | 52.50% Space Free | Partition Type: NTFS

Drive H: | 195.31 Gb Total Space | 15.84 Gb Free Space | 8.11% Space Free | Partition Type: NTFS

Drive I: | 3.81 Gb Total Space | 2.66 Gb Free Space | 69.63% Space Free | Partition Type: FAT32

Drive M: | 102.78 Gb Total Space | 18.50 Gb Free Space | 18.00% Space Free | Partition Type: NTFS

Computer Name: GATEWAY

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/30 14:55:18 | 00,235,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2009/12/30 14:55:16 | 00,429,392 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2009/12/29 20:08:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

PRC - [2009/12/01 11:29:33 | 00,238,832 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe

PRC - [2009/12/01 11:29:33 | 00,230,664 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe

PRC - [2009/10/28 01:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2009/08/03 08:11:03 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

PRC - [2009/08/03 08:11:03 | 00,177,392 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

PRC - [2008/12/02 15:29:52 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

PRC - [2008/10/10 04:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

PRC - [2008/09/25 20:45:26 | 00,014,088 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe

PRC - [2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/04/06 22:45:48 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2008/03/04 22:39:36 | 00,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe

PRC - [2007/09/29 01:56:34 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

PRC - [2007/08/20 12:27:26 | 00,144,960 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe

PRC - [2007/08/16 20:10:16 | 00,189,704 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

PRC - [2007/08/16 20:10:14 | 00,218,376 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe

PRC - [2007/05/11 02:09:48 | 01,050,120 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe

PRC - [2007/05/11 02:08:54 | 02,512,392 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodtray.exe

PRC - [2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

PRC - [2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

PRC - [2007/01/04 11:10:22 | 00,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

PRC - [2006/12/19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe

PRC - [2006/10/10 16:06:11 | 00,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

PRC - [2005/08/30 16:54:10 | 00,290,816 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe

PRC - [2005/03/07 15:30:46 | 00,180,224 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe

PRC - [2004/12/08 19:57:36 | 00,550,912 | ---- | M] () -- C:\WINDOWS\zHotkey.exe

PRC - [2004/11/02 22:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

========== Modules (SafeList) ==========

MOD - [2009/12/29 20:08:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

MOD - [2008/09/25 20:45:26 | 00,083,208 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOEHook.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/12/30 14:55:18 | 00,235,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2009/12/01 11:29:33 | 00,238,832 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT)

SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2009/08/03 08:11:03 | 00,214,256 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)

SRV - [2009/07/18 15:32:06 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)

SRV - [2009/04/25 09:40:58 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)

SRV - [2008/12/12 08:31:10 | 00,537,896 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)

SRV - [2008/12/02 15:29:52 | 00,877,864 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)

SRV - [2008/10/10 04:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)

SRV - [2007/09/29 01:56:34 | 00,483,328 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)

SRV - [2007/08/20 12:27:26 | 00,144,960 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe)

SRV - [2007/08/16 20:10:16 | 00,189,704 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv)

SRV - [2007/05/11 02:09:48 | 01,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)

SRV - [2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)

SRV - [2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

SRV - [2007/01/04 11:10:22 | 00,280,080 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)

SRV - [2006/12/19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)

SRV - [2006/10/10 16:06:11 | 00,196,608 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)

SRV - [2005/08/30 16:54:10 | 00,290,816 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe -- (DataSvr)

SRV - [2005/03/07 15:30:46 | 00,180,224 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe -- (tcsd_win32.exe)

SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/11/03 20:42:39 | 00,000,000 | ---D | M]

O1 HOSTS File: (371997 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 127.0.0.1 136136.net

O1 - Hosts: 127.0.0.1 www.163ns.com

O1 - Hosts: 127.0.0.1 163ns.com

O1 - Hosts: 12823 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)

O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)

O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()

O4 - HKLM..\Run: [D-Link Network USB Utility] C:\Program Files\D-Link\Network USB Utility\Network USB Utility.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe (O&O Software GmbH)

O4 - HKLM..\Run: [QOELOADER] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe (CA)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)

O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)

O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()

O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()

O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)

O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)

O15 - HKLM\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: copcp.com ([vpn] http in Trusted sites)

O15 - HKCU\..Trusted Domains: copcp.com ([www] http in Trusted sites)

O15 - HKCU\..Trusted Domains: copcp.local ([integreat] http in Trusted sites)

O15 - HKCU\..Trusted Domains: iccchartweb1 ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: icchart ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: iccsql ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: iccsql01 ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: iccsql1 ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: iccsql2 ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: iccweb1 ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: iccweb2 ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: iccweb3 ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: iccweb4 ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: integreat ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: integreat2 ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: intradocs2 ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: plaxo.com ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: 61 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab (F-Secure Online Scanner Launcher)

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/40.14/uploader2.cab (UploadListView Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {92CAE93B-B7A5-4CC5-A3D2-DD215B8B4658} https://vpn.copcp.com/,DanaInfo=integreat+prsetupctl.ocx (Setup Class)

O16 - DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} file:///C:/Documents%20and%20Settings/Administrator/Application%20Data/Smilebox/OzDesktopImporter.cab (Reg Error: Key error.)

O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)

O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://vpn.copcp.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)

O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab (Plaxo Auto-Import Utility)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/05/31 22:32:15 | 00,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/01 09:44:18 | 00,044,567 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\Kenco.exe

[2009/12/31 22:18:24 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2009/12/31 17:43:24 | 00,000,000 | ---D | C] -- C:\Combo-Fix

[2009/12/30 22:27:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DxO Labs

[2009/12/30 14:15:51 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009/12/30 14:15:15 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/12/30 14:15:15 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/12/30 14:15:15 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/12/30 14:15:15 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/12/30 14:12:47 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/12/29 23:32:01 | 00,000,000 | ---D | C] -- C:\Program Files\ESET

[2009/12/29 23:26:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Virus Repair

[2009/12/29 20:08:36 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2009/12/29 19:19:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/12/29 19:19:13 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2009/12/27 09:06:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\gambill Pictures-reduced size

[2009/12/27 08:40:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Gambill digital frame

[2009/12/26 12:05:26 | 00,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin

[2009/12/26 11:57:41 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX

[2009/12/26 11:57:39 | 00,000,000 | ---D | C] -- C:\Program Files\Garmin

[2009/12/25 13:41:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ieSpell

[2009/12/25 13:31:43 | 00,000,000 | ---D | C] -- C:\Program Files\ieSpell

[2009/12/24 22:37:44 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos

[2009/12/24 00:05:17 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent

[2009/12/23 23:22:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure

[2009/12/23 08:17:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2009/12/23 08:17:40 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/12/23 08:17:39 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/12/23 08:17:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/12/23 08:17:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/12/23 08:11:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC

[2009/12/23 07:36:34 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[2009/12/23 07:08:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ixbiws

[2009/07/20 20:33:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

[2009/07/18 15:32:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2008/09/20 14:08:58 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2008/08/25 02:07:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2008/03/06 20:12:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Juniper Networks

[2008/03/05 22:59:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Juniper Networks

[2006/05/31 22:36:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2006/05/31 22:32:07 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/01 09:43:33 | 00,044,567 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\Kenco.exe

[2010/01/01 09:42:34 | 00,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/01/01 09:32:37 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/01/01 09:31:57 | 00,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/01/01 09:31:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/01/01 09:31:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/01/01 09:30:46 | 00,314,142 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor

[2010/01/01 01:19:44 | 13,107,200 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat

[2010/01/01 01:19:44 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini

[2010/01/01 01:07:42 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Administrator at 1 07 AM.job

[2010/01/01 01:07:33 | 00,000,524 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Administrator.job

[2010/01/01 01:00:11 | 00,000,510 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Administrator.job

[2009/12/31 17:46:29 | 00,000,282 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/12/31 10:38:29 | 00,002,431 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Streets & Trips 2007.lnk

[2009/12/30 22:25:10 | 00,001,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DxO Optics Pro 6.lnk

[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/12/30 14:15:58 | 00,000,281 | RHS- | M] () -- C:\boot.ini

[2009/12/29 20:08:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2009/12/29 08:46:11 | 00,000,257 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\COPC Secure Access SSL VPN.url

[2009/12/27 11:22:10 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\pw- 7-09.xls

[2009/12/26 21:24:20 | 00,000,176 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable

[2009/12/26 11:47:42 | 01,336,327 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\2675_OwnersManual.pdf

[2009/12/24 07:56:48 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache

[2009/12/24 00:04:46 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk

[2009/12/23 21:25:45 | 00,371,997 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/12/23 08:17:42 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/01 01:19:48 | 00,216,488 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2009/12/30 22:25:10 | 00,001,721 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DxO Optics Pro 6.lnk

[2009/12/30 14:15:58 | 00,000,211 | ---- | C] () -- C:\Boot.bak

[2009/12/30 14:15:55 | 00,260,272 | ---- | C] () -- C:\cmldr

[2009/12/30 14:15:15 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009/12/30 14:15:15 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/12/30 14:15:15 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/12/30 14:15:15 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2009/12/30 14:15:15 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/12/26 21:24:10 | 00,000,176 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable

[2009/12/26 11:47:42 | 01,336,327 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\2675_OwnersManual.pdf

[2009/12/24 07:56:48 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache

[2009/12/23 08:37:07 | 00,000,524 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Administrator.job

[2009/12/23 08:37:00 | 00,000,510 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Administrator.job

[2009/12/23 08:17:42 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/01/02 22:52:31 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/01/02 22:52:30 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/01/02 22:52:30 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/01/02 22:52:29 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009/01/02 22:52:28 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/01/02 22:52:28 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2008/12/20 21:15:42 | 00,038,505 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (Windows).ADR

[2008/10/04 14:14:49 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\default.pls

[2008/08/20 06:56:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini

[2008/04/29 20:57:40 | 00,000,155 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/03/07 19:03:10 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/03/05 18:28:43 | 00,068,096 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/03/05 16:21:25 | 00,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2008/03/05 16:21:25 | 00,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2008/03/05 16:21:25 | 00,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2008/03/05 16:21:25 | 00,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2008/03/05 16:21:25 | 00,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2008/03/05 16:21:25 | 00,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2008/03/05 08:53:36 | 00,001,292 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.html

[2008/03/05 00:15:32 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\.user_keys.dat

[2008/03/04 23:11:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI

[2008/03/04 22:42:39 | 00,070,691 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.log

[2008/03/04 22:17:29 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7Q.DLL

[2008/03/04 22:11:11 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL

[2008/03/04 22:10:58 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll

[2008/03/04 22:09:02 | 00,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI

[2008/03/04 21:15:35 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL

[2006/10/10 16:06:43 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat

[2006/10/10 16:04:26 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll

[2006/10/10 15:57:34 | 00,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll

[2006/10/10 15:57:34 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll

[2006/10/10 15:57:34 | 00,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll

[2006/06/30 05:27:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/05/31 22:17:16 | 00,001,234 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2006/05/31 22:17:16 | 00,000,519 | ---- | C] () -- C:\WINDOWS\System32\emver.ini

[2005/08/30 16:50:44 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll

[2005/08/30 16:42:22 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll

[2005/08/30 16:42:14 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll

[2005/08/30 16:42:04 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll

[2005/08/30 16:41:50 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll

[2005/08/30 16:41:42 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll

[2005/08/30 16:41:32 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll

[2005/08/30 16:41:24 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll

[2005/08/30 16:41:14 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll

[2005/08/30 16:41:04 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll

[2005/08/30 16:40:56 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll

[2005/03/07 15:30:48 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_RUS.dll

[2005/03/07 15:30:48 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ITA.dll

[2005/03/07 15:30:48 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_FRA.dll

[2005/03/07 15:30:46 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\Tsp.dll

[2005/03/07 15:30:46 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ESN.dll

[2005/03/07 15:30:46 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ENU.dll

[2005/03/07 15:30:46 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_DEU.dll

[2005/03/07 15:30:46 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_CHS.dll

[2004/12/21 11:13:56 | 00,191,136 | ---- | C] () -- C:\WINDOWS\System32\plx_upldr.dll

[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/11/25 11:22:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon

[2008/03/14 22:08:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools

[2009/12/30 22:27:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DxO Labs

[2008/12/20 16:10:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GARMIN

[2008/03/05 08:25:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Genie-Soft

[2009/12/25 13:41:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ieSpell

[2008/03/05 22:43:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Juniper Networks

[2006/10/10 16:06:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech

[2008/03/04 23:36:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller

[2008/08/02 10:15:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\My Sam's Club Digital Photo Center

[2008/04/01 12:48:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NewSoft

[2008/04/26 11:16:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12

[2008/03/05 16:29:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PACE Anti-Piracy

[2006/10/10 15:59:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView

[2008/03/04 22:09:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft

[2009/12/24 22:30:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Smilebox

[2008/12/08 23:13:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Snapfish

[2008/03/05 16:23:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems

[2009/12/11 19:40:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VirtualStore

[2008/03/05 00:15:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wave Systems Corp

[2008/09/25 20:48:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA

[2008/03/04 22:17:30 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2009/12/23 23:22:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure

[2008/12/20 16:10:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN

[2008/03/05 16:21:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo

[2008/03/04 21:23:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service

[2008/03/05 16:29:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy

[2009/11/25 11:33:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2008/04/01 12:47:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir

[2008/04/01 12:47:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard

[2008/09/27 15:08:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2008/03/05 16:22:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

[2006/10/10 16:04:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2010/01/01 01:07:42 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Administrator at 1 07 AM.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9

@Alternate Data Stream - 1241 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:v8rLNcWyurlCdOMhm6Pvkm5gQE

@Alternate Data Stream - 1117 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:bFCJ8JXez8lx7d543odWVzkJ

< End of report >

thanks,

Roger

Link to post
Share on other sites

Roger,

I'd like for you to get a new (latest) version of Combofix and run it, but following my list of directions, as per my prior note of December 30th on how to do that.

That link is this one --> http://www.malwarebytes.org/forums/index.p...st&p=177629

Disregard about the Recovery Console, but do do all steps as I outlined.

Reply back with copy of C:\Combofix.txt

and also, tell me, if your issues are resolved?

Link to post
Share on other sites

Here is the latest combofix log - still getting the w32.silly.Bd virus alert withthe combo fix - if everything runs well should I just delete the combofix? Pop up alerts have stopped for now but am watching closely......

ComboFix 09-12-31.A1 - Administrator 01/01/2010 15:14:15.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1271 [GMT -5:00]

Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe

AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

.

((((((((((((((((((((((((( Files Created from 2009-12-01 to 2010-01-01 )))))))))))))))))))))))))))))))

.

2010-01-01 06:19 . 2010-01-01 06:19 216488 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-12-31 06:00 . 2009-12-31 06:00 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-12-31 03:27 . 2009-12-31 03:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\DxO Labs

2009-12-30 04:32 . 2009-12-30 04:32 -------- d-----w- c:\program files\ESET

2009-12-30 00:19 . 2009-12-30 00:19 -------- d-----w- c:\program files\ERUNT

2009-12-26 17:05 . 2009-12-26 17:05 -------- d-----w- c:\program files\Garmin GPS Plugin

2009-12-26 16:57 . 2009-12-26 16:57 -------- d-----w- c:\program files\DIFX

2009-12-26 16:57 . 2009-12-26 16:57 -------- d-----w- c:\program files\Garmin

2009-12-25 18:41 . 2009-12-25 18:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\ieSpell

2009-12-25 18:31 . 2009-12-25 18:31 -------- d-----w- c:\program files\ieSpell

2009-12-25 03:37 . 2009-12-25 03:37 -------- d-----w- c:\program files\Sophos

2009-12-24 04:22 . 2009-12-24 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2009-12-23 13:17 . 2009-12-23 13:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-12-23 13:17 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-23 13:17 . 2009-12-31 22:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-23 13:17 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-23 13:17 . 2009-12-23 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-12-23 12:36 . 2009-12-23 12:36 -------- d--h--w- c:\windows\PIF

2009-12-23 12:08 . 2009-12-23 13:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ixbiws

2009-12-12 22:09 . 2009-12-12 22:09 -------- d-----w- C:\cabs

2009-12-12 00:41 . 2009-12-12 00:41 -------- d-----w- c:\program files\D-Link

2009-12-12 00:13 . 2009-12-12 00:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\VirtualStore

2009-12-07 09:14 . 2009-12-07 09:14 1593992 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxClient.exe

2009-12-07 08:39 . 2009-12-07 08:39 344712 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxDvdEngine.dll

2009-12-07 08:39 . 2009-12-07 08:39 123528 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxUpdater.exe

2009-12-06 21:33 . 2009-12-06 21:33 4710 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{BBF7D230-8F25-4041-90A9-73FD03BE8640}\ARPPRODUCTICON.exe

2009-12-06 21:33 . 2009-12-06 21:33 -------- d-----w- c:\program files\Dartfish

2009-12-03 13:10 . 2009-12-03 13:10 -------- d-----w- c:\program files\Microsoft USB Flash Drive Manager

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-31 03:25 . 2008-03-05 21:28 -------- d-----w- c:\program files\DxO Labs

2009-12-30 04:45 . 2008-03-08 04:59 -------- d-----w- c:\program files\DNA

2009-12-30 01:15 . 2006-10-10 20:56 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-12-30 01:14 . 2009-04-10 01:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Move Networks

2009-12-25 03:30 . 2009-12-02 19:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Smilebox

2009-12-24 05:05 . 2008-03-08 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-12-24 02:25 . 2008-03-08 04:13 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-12-07 09:22 . 2009-11-16 10:12 373384 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxStarter.exe

2009-12-07 09:22 . 2009-11-16 09:17 168584 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxBrowserEngine.dll

2009-12-07 09:22 . 2009-11-16 07:21 205448 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxDvd.exe

2009-12-07 09:22 . 2009-11-16 07:21 266888 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxTray.exe

2009-12-02 19:50 . 2009-12-02 19:50 -------- d-----w- c:\program files\Smilebox

2009-12-02 19:49 . 2009-12-02 19:49 57955 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\uninstall.exe

2009-12-01 16:29 . 2009-10-13 13:04 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys

2009-12-01 16:29 . 2009-10-13 13:04 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys

2009-12-01 16:29 . 2008-09-26 01:45 32240 ----a-w- c:\windows\system32\drivers\vetmonnt.sys

2009-12-01 16:29 . 2008-09-26 01:45 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys

2009-12-01 16:29 . 2008-09-26 01:45 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys

2009-12-01 16:29 . 2008-09-26 01:45 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys

2009-11-28 01:56 . 2009-11-27 21:48 -------- d-----w- c:\program files\ACW

2009-11-25 16:33 . 2009-11-25 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft

2009-11-25 16:22 . 2008-03-30 01:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Canon

2009-11-04 03:13 . 2006-10-10 20:37 -------- d-----w- c:\program files\Java

2009-11-04 03:11 . 2009-11-04 03:11 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-04 01:42 . 2006-10-10 20:42 -------- d-----w- c:\program files\Google

2009-10-29 07:46 . 2006-06-01 03:17 832512 ------w- c:\windows\system32\wininet.dll

2009-10-29 07:46 . 2006-06-01 03:16 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-10-29 07:46 . 2006-06-01 03:16 17408 ----a-w- c:\windows\system32\corpol.dll

2009-10-21 05:38 . 2006-06-01 03:17 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38 . 2006-06-01 03:16 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 13:04 . 2009-03-19 21:25 1541416 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\vete_tmp.dll

2009-10-13 10:30 . 2006-06-01 03:16 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:38 . 2006-06-01 03:16 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38 . 2006-06-01 03:16 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-11 09:17 . 2008-12-10 02:04 411368 ----a-w- c:\windows\system32\deploytk.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-07 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]

"CHotkey"="zHotkey.exe" [2004-12-09 550912]

"WD Button Manager"="WDBtnMgr.exe" [2008-03-05 339968]

"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-10 98304]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]

"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-08-03 177392]

"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-09-26 14088]

"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-01 230664]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-11-06 570664]

"D-Link Network USB Utility"="c:\program files\D-Link\Network USB Utility\Network USB Utility.exe" [2008-08-19 1885952]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-30 429392]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

2006-05-10 18:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Extended Warranty]

2004-02-08 23:30 73728 ----a-w- c:\program files\Gateway\GWCares\gwcares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]

2006-04-20 00:40 9125888 ----a-w- c:\program files\Intel Audio Studio\IntelAudioStudio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]

2003-07-07 14:29 729088 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]

2003-05-08 16:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2002-09-14 05:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

2005-02-26 00:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReminderApp]

2007-08-25 05:03 185664 ----a-w- c:\program files\Nova Development\Greeting Card Factory Deluxe 7.0\ReminderApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]

2007-07-23 18:55 341232 ------w- c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=

"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=

"c:\\Program Files\\D-Link\\Network USB Utility\\Network USB Utility.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9303:UDP"= 9303:UDP:Network USB Utility UDP Port

R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [10/10/2006 4:06 PM 21504]

R1 NEOFLTR_550_12129;Juniper Networks TDI Filter Driver (NEOFLTR_550_12129);c:\windows\system32\drivers\NEOFLTR_550_12129.sys [10/3/2007 3:20 PM 63008]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/23/2009 8:17 AM 235344]

R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\DlinkUDSMBus.sys [8/18/2008 2:20 PM 73600]

R3 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [10/10/2006 3:25 PM 40448]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/23/2009 8:17 AM 19160]

R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 8:10 PM 189704]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/18/2009 3:32 PM 133104]

S3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\drivers\DlinkUDSTcpBus.sys [8/18/2008 2:20 PM 97408]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\31.tmp --> c:\windows\system32\31.tmp [?]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2/2/2009 10:33 PM 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2/2/2009 10:33 PM 8320]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2/2/2009 10:33 PM 42112]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2/2/2009 10:33 PM 23680]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/14/2008 10:08 PM 716272]

.

Contents of the 'Scheduled Tasks' folder

2010-01-01 c:\windows\Tasks\CAAntiSpywareScan_Daily as Administrator at 1 07 AM.job

- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 01:10]

2010-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 20:32]

2010-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 20:32]

2010-01-01 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Administrator.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-23 19:55]

2010-01-01 c:\windows\Tasks\Malwarebytes' Scheduled Update for Administrator.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-23 19:55]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.foxnews.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM

LSP: c:\windows\system32\VetRedir.dll

Trusted Zone: copcp.com\vpn

Trusted Zone: copcp.com\www

Trusted Zone: copcp.local\integreat

Trusted Zone: iccchartweb1

Trusted Zone: icchart

Trusted Zone: iccsql

Trusted Zone: iccsql01

Trusted Zone: iccsql1

Trusted Zone: iccsql2

Trusted Zone: iccweb1

Trusted Zone: iccweb2

Trusted Zone: iccweb3

Trusted Zone: iccweb4

Trusted Zone: integreat

Trusted Zone: integreat2

Trusted Zone: intradocs2

Trusted Zone: intuit.com

Trusted Zone: plaxo.com\www

Trusted Zone: turbotax.com

DPF: {92CAE93B-B7A5-4CC5-A3D2-DD215B8B4658} - hxxps://vpn.copcp.com/,DanaInfo=integreat+prsetupctl.ocx

DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} - file:///C:/Documents%20and%20Settings/Administrator/Application%20Data/Smilebox/OzDesktopImporter.cab

.

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\31.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG10.00.00.01WORKSTATION"="961D19B5A4D2B5FEEA23C325AE57D2EB806360A74FF32983A317CE75CEFB2D0827041FD127C

3AA4CFD143FE4EA5C80F3F23B4AEDC626700B6A375AB60234FEEAB3106EE9A2F35DEBEAF665AA12B

6

EEED6DE8FE7FD900D027DB2BF612ED23FBCEAA9529BA86B5F48DC825C6DC8A5086C44E68A1138B9D

1

29EBEB77C2A4EBC6FF7DDBDF47366F05A9214CDFB5861A3F016DA8E59CF7FAE3FECC174BF15FE06E

5

5F85837B3578A23D8EABF01F6D45C09E36B981D155FD7AAB42F6CBA15C049AAF31B9B96A1998570F

4

D53644EDE8BCEC12B7A3C3BB175596881527E7FFE01A6E24E7A0473A843B205CAB153ACFEBC9E127

B

ECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127B

E

CC74CA6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC79335D575E7D6A3B98083E681C41394

E

39551D22C1DF347E8E78F6EEECB7E4E2840CCAF4CAE8859ED3F4C715EA3C58FED507DB44ACD62613

9

93D92740274FCE9527FBC94813648CA08FA6D15C586310F2A864B881B7E5881DC1A28C6836E54CFA

B

D5F0AC07620E127A95E5E552CBDBD5539DACC628A3FD4679C92736A2B35EDD595925A741DDA626B6

C

2DB294CFD260DC29A377A05D802C5E50CF336A298BF3E73DB0A1228DA151C1D82ECA580D30FD33C4

F

17C072F402C8EAA1E55FDCB3D482EA2FC31E4A5392EDDFD82B43D2C3CBABD9106A5D49904F78A6D2

4

96DBC61AC20812CEC1E48038878094E1B11B80DC4FB87B7C338748B6EE60AE85DC0C13E076ECD2E9

1

0D5869987D72703941BC30170E06A3AB5AF2869A055DB358DB03AFDCA83C94B287C24A94A2CC5072

2

A7B7113116A351C74D76840AAB7856067A55C57F00942C54D643004709B8128C3295B3C979DD1045

8

CB5C019408B49130E7AE56CBC8A1B3C4B064A256361D31AE0C3BCC18DB64477D884EB161909BFC24

9

9D66B20E19AD8F5AA7861A2C8C0582A7D2030EBB5D9BBFCDD71DD14669A26591FC75DBB8F20070E6

C

C0628DD40BD81EEBE1875212A3AC98AF3CC194F39184866FB7274EDEA303DDA2D5FCAE2B21E793DA

1

7266E26B759B173694F2E75E905861822756C359D06D990123E8474ACAA375E1F1645028EF54F377

5

AB10FD0D87DBBAC6AD0EC60A3D9B0996E36F2E5A395DA21992418528A79C18A330CD73E8DEA809A8

E

3909F6849DF76C762B5A5D924FA65EB8D32E3830BE8C9F9E9DE8FF054354B8EE3331FBB3F8756CDE

1

0181E0EBA9F8C0AA49A7A82EA514C29C9FDF9C246D60042C1B768BA717B994BBDDB6A68727420342

1

D2D9F146A510CBB4D45E47DE036D7EDD12EE580B7C5CC823D92695FD53DE4E1272576B37272A7F00

C

77498544D19D12419FD6BAB7346976F5B368D43BF7DCC8489440F81DF82B1B657E4DD26E4CACB13C

F

9F43A05D1A31241106AB5819421EB"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1584)

c:\windows\system32\Ati2evxx.dll

c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(1816)

c:\windows\system32\VetRedir.dll

c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(3912)

c:\windows\system32\WININET.dll

c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-01-01 15:17:36

ComboFix-quarantined-files.txt 2010-01-01 20:17

ComboFix2.txt 2009-12-31 22:47

Pre-Run: 11,921,629,184 bytes free

Post-Run: 11,896,627,200 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 707AEE2D1B4F461F8B69E38853C2B09E

Link to post
Share on other sites

You said

still getting the w32.silly.Bd virus alert withthe combo fix - if everything runs well should I just delete the combofix? Pop up alerts have stopped for now but am watching closely......

Do NOT do anything on your own. Wait for my next reply.

and note, if anything in folder \qoobox is being "flagged", that folder holds the quarantineed items and they are out of the way, inactive, and cause no current harm.

Have patience and wait for my next response.

Link to post
Share on other sites

here are both files

2009-12-31 22:46:47 . 2009-12-31 22:46:47 684 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-updateMgr.reg.dat

2009-12-31 22:46:47 . 2009-12-31 22:46:47 698 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-swg.reg.dat

2009-12-31 22:46:29 . 2009-12-31 22:46:29 246 ----a-w- C:\Qoobox\Quarantine\D\av1.zip

2009-12-31 22:46:29 . 2004-09-13 17:15:24 53 ----a-w- C:\Qoobox\Quarantine\D\Autorun.inf.vir

2009-12-30 19:17:55 . 2010-01-01 20:15:50 6,685 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2009-12-30 19:15:07 . 2010-01-01 20:08:09 153 ----a-w- C:\Qoobox\Quarantine\catchme.log

ComboFix 09-12-31.06 - Administrator 12/31/2009 17:43:58.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1239 [GMT -5:00]

Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe

AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\recycler\S-1-5-21-2473046782-1986052202-2193566008-500

D:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 )))))))))))))))))))))))))))))))

.

2009-12-31 06:00 . 2009-12-31 06:00 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-12-31 03:27 . 2009-12-31 03:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\DxO Labs

2009-12-30 00:19 . 2009-12-30 00:19 -------- d-----w- c:\program files\ERUNT

2009-12-26 17:05 . 2009-12-26 17:05 -------- d-----w- c:\program files\Garmin GPS Plugin

2009-12-26 16:57 . 2009-12-26 16:57 -------- d-----w- c:\program files\DIFX

2009-12-26 16:57 . 2009-12-26 16:57 -------- d-----w- c:\program files\Garmin

2009-12-25 18:41 . 2009-12-25 18:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\ieSpell

2009-12-25 18:31 . 2009-12-25 18:31 -------- d-----w- c:\program files\ieSpell

2009-12-25 03:37 . 2009-12-25 03:37 -------- d-----w- c:\program files\Sophos

2009-12-24 04:22 . 2009-12-24 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2009-12-23 13:17 . 2009-12-23 13:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-12-23 13:17 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-23 13:17 . 2009-12-31 06:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-23 13:17 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-23 13:17 . 2009-12-23 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-12-23 12:36 . 2009-12-23 12:36 -------- d--h--w- c:\windows\PIF

2009-12-23 12:08 . 2009-12-23 13:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ixbiws

2009-12-12 22:09 . 2009-12-12 22:09 -------- d-----w- C:\cabs

2009-12-12 00:41 . 2009-12-12 00:41 -------- d-----w- c:\program files\D-Link

2009-12-12 00:13 . 2009-12-12 00:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\VirtualStore

2009-12-07 09:14 . 2009-12-07 09:14 1593992 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxClient.exe

2009-12-07 08:39 . 2009-12-07 08:39 344712 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxDvdEngine.dll

2009-12-07 08:39 . 2009-12-07 08:39 123528 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxUpdater.exe

2009-12-06 21:33 . 2009-12-06 21:33 4710 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{BBF7D230-8F25-4041-90A9-73FD03BE8640}\ARPPRODUCTICON.exe

2009-12-06 21:33 . 2009-12-06 21:33 -------- d-----w- c:\program files\Dartfish

2009-12-03 13:10 . 2009-12-03 13:10 -------- d-----w- c:\program files\Microsoft USB Flash Drive Manager

2009-12-02 19:50 . 2009-12-03 01:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Smilebox

2009-12-02 19:50 . 2009-12-02 19:50 -------- d-----w- c:\program files\Smilebox

2009-12-02 19:49 . 2009-12-25 03:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Smilebox

2009-12-02 19:49 . 2009-12-02 19:49 57955 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\uninstall.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-31 06:00 . 2009-12-31 06:00 696832 ----a-w- c:\windows\isRS-000.tmp

2009-12-31 03:25 . 2008-03-05 21:28 -------- d-----w- c:\program files\DxO Labs

2009-12-30 04:45 . 2008-03-08 04:59 -------- d-----w- c:\program files\DNA

2009-12-30 04:32 . 2009-12-30 04:32 -------- d-----w- c:\program files\ESET

2009-12-30 01:15 . 2006-10-10 20:56 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-12-30 01:14 . 2009-04-10 01:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Move Networks

2009-12-24 05:05 . 2008-03-08 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-12-24 02:25 . 2008-03-08 04:13 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-12-07 09:22 . 2009-11-16 10:12 373384 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxStarter.exe

2009-12-07 09:22 . 2009-11-16 09:17 168584 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxBrowserEngine.dll

2009-12-07 09:22 . 2009-11-16 07:21 205448 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxDvd.exe

2009-12-07 09:22 . 2009-11-16 07:21 266888 ----a-w- c:\documents and settings\Administrator\Application Data\Smilebox\SmileboxTray.exe

2009-12-01 16:29 . 2009-10-13 13:04 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys

2009-12-01 16:29 . 2009-10-13 13:04 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys

2009-12-01 16:29 . 2008-09-26 01:45 32240 ----a-w- c:\windows\system32\drivers\vetmonnt.sys

2009-12-01 16:29 . 2008-09-26 01:45 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys

2009-12-01 16:29 . 2008-09-26 01:45 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys

2009-12-01 16:29 . 2008-09-26 01:45 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys

2009-11-28 01:56 . 2009-11-27 21:48 -------- d-----w- c:\program files\ACW

2009-11-25 16:33 . 2009-11-25 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft

2009-11-25 16:22 . 2008-03-30 01:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Canon

2009-11-04 03:13 . 2006-10-10 20:37 -------- d-----w- c:\program files\Java

2009-11-04 03:11 . 2009-11-04 03:11 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-04 01:42 . 2006-10-10 20:42 -------- d-----w- c:\program files\Google

2009-10-29 07:46 . 2006-06-01 03:17 832512 ----a-w- c:\windows\system32\wininet.dll

2009-10-29 07:46 . 2006-06-01 03:16 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-10-29 07:46 . 2006-06-01 03:16 17408 ----a-w- c:\windows\system32\corpol.dll

2009-10-21 05:38 . 2006-06-01 03:17 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38 . 2006-06-01 03:16 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 13:04 . 2009-03-19 21:25 1541416 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\vete_tmp.dll

2009-10-13 10:30 . 2006-06-01 03:16 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:38 . 2006-06-01 03:16 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38 . 2006-06-01 03:16 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-11 09:17 . 2008-12-10 02:04 411368 ----a-w- c:\windows\system32\deploytk.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-07 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]

"CHotkey"="zHotkey.exe" [2004-12-09 550912]

"WD Button Manager"="WDBtnMgr.exe" [2008-03-05 339968]

"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-10 98304]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]

"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-08-03 177392]

"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-09-26 14088]

"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-01 230664]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-11-06 570664]

"D-Link Network USB Utility"="c:\program files\D-Link\Network USB Utility\Network USB Utility.exe" [2008-08-19 1885952]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

2006-05-10 18:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Extended Warranty]

2004-02-08 23:30 73728 ----a-w- c:\program files\Gateway\GWCares\gwcares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]

2006-04-20 00:40 9125888 ----a-w- c:\program files\Intel Audio Studio\IntelAudioStudio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]

2003-07-07 14:29 729088 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]

2003-05-08 16:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2002-09-14 05:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

2005-02-26 00:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReminderApp]

2007-08-25 05:03 185664 ----a-w- c:\program files\Nova Development\Greeting Card Factory Deluxe 7.0\ReminderApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]

2007-07-23 18:55 341232 ------w- c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=

"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=

"c:\\Program Files\\D-Link\\Network USB Utility\\Network USB Utility.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9303:UDP"= 9303:UDP:Network USB Utility UDP Port

R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [10/10/2006 4:06 PM 21504]

R1 NEOFLTR_550_12129;Juniper Networks TDI Filter Driver (NEOFLTR_550_12129);c:\windows\system32\drivers\NEOFLTR_550_12129.sys [10/3/2007 3:20 PM 63008]

R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\DlinkUDSMBus.sys [8/18/2008 2:20 PM 73600]

R3 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [10/10/2006 3:25 PM 40448]

R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 8:10 PM 189704]

R4 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/23/2009 8:17 AM 19160]

R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/23/2009 8:17 AM 276816]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/18/2009 3:32 PM 133104]

S3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\drivers\DlinkUDSTcpBus.sys [8/18/2008 2:20 PM 97408]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\31.tmp --> c:\windows\system32\31.tmp [?]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2/2/2009 10:33 PM 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2/2/2009 10:33 PM 8320]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2/2/2009 10:33 PM 42112]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2/2/2009 10:33 PM 23680]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/14/2008 10:08 PM 716272]

.

Contents of the 'Scheduled Tasks' folder

2009-12-31 c:\windows\Tasks\CAAntiSpywareScan_Daily as Administrator at 1 07 AM.job

- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 01:10]

2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 20:32]

2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 20:32]

2009-12-31 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Administrator.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-23 19:55]

2009-12-31 c:\windows\Tasks\Malwarebytes' Scheduled Update for Administrator.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-23 19:55]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.foxnews.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM

LSP: c:\windows\system32\VetRedir.dll

Trusted Zone: copcp.com\vpn

Trusted Zone: copcp.com\www

Trusted Zone: copcp.local\integreat

Trusted Zone: iccchartweb1

Trusted Zone: icchart

Trusted Zone: iccsql

Trusted Zone: iccsql01

Trusted Zone: iccsql1

Trusted Zone: iccsql2

Trusted Zone: iccweb1

Trusted Zone: iccweb2

Trusted Zone: iccweb3

Trusted Zone: iccweb4

Trusted Zone: integreat

Trusted Zone: integreat2

Trusted Zone: intradocs2

Trusted Zone: intuit.com

Trusted Zone: plaxo.com\www

Trusted Zone: turbotax.com

DPF: {92CAE93B-B7A5-4CC5-A3D2-DD215B8B4658} - hxxps://vpn.copcp.com/,DanaInfo=integreat+prsetupctl.ocx

DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} - file:///C:/Documents%20and%20Settings/Administrator/Application%20Data/Smilebox/OzDesktopImporter.cab

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\31.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG10.00.00.01WORKSTATION"="961D19B5A4D2B5FEEA23C325AE57D2EB806360A74FF32983A317CE75CEFB2D0827041FD127C

3AA4CFD143FE4EA5C80F3F23B4AEDC626700B6A375AB60234FEEAB3106EE9A2F35DEBEAF665AA12B

6

EEED6DE8FE7FD900D027DB2BF612ED23FBCEAA9529BA86B5F48DC825C6DC8A5086C44E68A1138B9D

1

29EBEB77C2A4EBC6FF7DDBDF47366F05A9214CDFB5861A3F016DA8E59CF7FAE3FECC174BF15FE06E

5

5F85837B3578A23D8EABF01F6D45C09E36B981D155FD7AAB42F6CBA15C049AAF31B9B96A1998570F

4

D53644EDE8BCEC12B7A3C3BB175596881527E7FFE01A6E24E7A0473A843B205CAB153ACFEBC9E127

B

ECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127B

E

CC74CA6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC79335D575E7D6A3B98083E681C41394

E

39551D22C1DF347E8E78F6EEECB7E4E2840CCAF4CAE8859ED3F4C715EA3C58FED507DB44ACD62613

9

93D92740274FCE9527FBC94813648CA08FA6D15C586310F2A864B881B7E5881DC1A28C6836E54CFA

B

D5F0AC07620E127A95E5E552CBDBD5539DACC628A3FD4679C92736A2B35EDD595925A741DDA626B6

C

2DB294CFD260DC29A377A05D802C5E50CF336A298BF3E73DB0A1228DA151C1D82ECA580D30FD33C4

F

17C072F402C8EAA1E55FDCB3D482EA2FC31E4A5392EDDFD82B43D2C3CBABD9106A5D49904F78A6D2

4

96DBC61AC20812CEC1E48038878094E1B11B80DC4FB87B7C338748B6EE60AE85DC0C13E076ECD2E9

1

0D5869987D72703941BC30170E06A3AB5AF2869A055DB358DB03AFDCA83C94B287C24A94A2CC5072

2

A7B7113116A351C74D76840AAB7856067A55C57F00942C54D643004709B8128C3295B3C979DD1045

8

CB5C019408B49130E7AE56CBC8A1B3C4B064A256361D31AE0C3BCC18DB64477D884EB161909BFC24

9

9D66B20E19AD8F5AA7861A2C8C0582A7D2030EBB5D9BBFCDD71DD14669A26591FC75DBB8F20070E6

C

C0628DD40BD81EEBE1875212A3AC98AF3CC194F39184866FB7274EDEA303DDA2D5FCAE2B21E793DA

1

7266E26B759B173694F2E75E905861822756C359D06D990123E8474ACAA375E1F1645028EF54F377

5

AB10FD0D87DBBAC6AD0EC60A3D9B0996E36F2E5A395DA21992418528A79C18A330CD73E8DEA809A8

E

3909F6849DF76C762B5A5D924FA65EB8D32E3830BE8C9F9E9DE8FF054354B8EE3331FBB3F8756CDE

1

0181E0EBA9F8C0AA49A7A82EA514C29C9FDF9C246D60042C1B768BA717B994BBDDB6A68727420342

1

D2D9F146A510CBB4D45E47DE036D7EDD12EE580B7C5CC823D92695FD53DE4E1272576B37272A7F00

C

77498544D19D12419FD6BAB7346976F5B368D43BF7DCC8489440F81DF82B1B657E4DD26E4CACB13C

F

9F43A05D1A31241106AB5819421EB"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(804)

c:\windows\system32\Ati2evxx.dll

c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(864)

c:\windows\system32\VetRedir.dll

c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(2288)

c:\windows\system32\WININET.dll

c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2009-12-31 17:47:28

ComboFix-quarantined-files.txt 2009-12-31 22:47

Pre-Run: 12,699,156,480 bytes free

Post-Run: 12,711,661,568 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 9DD963AB2D1287D3EB09AEEBC466880E

Link to post
Share on other sites

Close and save any open work documents you may have open. Close any of your open programs.

Next:

Step 1

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below {including Blank lines } to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :files
    c:\windows\isRS-000.tmp
    C:\recycler
    D:\recycler
    e:\recycler
    f:\recycler
    g:\recycler
    h:\recycler
    :Commands
    [purity]
    [emptytemp]
    [CREATERESTOREPOINT]
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • :!: Close any browser(s) windows that may be open - close Internet Explorer & Firefox. Close any open user program (other than OTL).
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2

Scan the system with the Kaspersky Online Scanner

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

icon_arrow.gifAttention: Kaspersky Online Scanner 7.0 may not run successfully while another antivirus program is running. If you have Anti-Virus software installed, please temporarily disable your AV protection before running the Kaspersky Online Scanner. Reenable it after the scan is finished.

During this run, make sure your browser does not block popup windows. Have patience while some screens populate.

Read the Information block presented on the screen, and then press the Accept button.

1) Accept the agreement

2) The necessary files will be downloaded and installed. Please have plenty of patience.

3) After Kaspersky AntiVirus Database is updated, look at the Scan box.

4) Click the My Computer line

5 ) Be infinetely patient, the scan is comprehensive and, unlike other online antivirus scanners, will detect all malwares

6) When the scan is completed there will be an option to Save report as a .txt file. Click that button. Copy and paste the report into your reply.

( To see an animated tutorial-how-to on the scan, see >>this link<<)

Re-enable your antivirus program after Kaspersky has finished.

Kapersky Online Scanner can be uninstalled later on from Add or Remove Programs in the Control Panel, if desired.

Do not be alarmed if Kaspersky tags items that are already in quarantine by MBAM, or ComboFix's Qoobox & quarantine.

Kaspersky is a report only and does not remove files.

Post back with copies of the Kaspersky.txt report.

How is your system now icon_question.gif

Link to post
Share on other sites

here are the two logs requested .... but interesting quarantines the last 2/3 nites by CA -- I''ll post that at the very end

OLT

All processes killed

========== FILES ==========

File\Folder c:\windows\isRS-000.tmp not found.

C:\RECYCLER\S-1-5-21-1749186680-1974409891-280849654-500 folder moved successfully.

C:\RECYCLER folder moved successfully.

File\Folder D:\recycler not found.

File\Folder e:\recycler not found.

File\Folder f:\recycler not found.

g:\RECYCLER\S-1-5-21-1749186680-1974409891-280849654-500 folder moved successfully.

g:\RECYCLER folder moved successfully.

File\Folder h:\recycler not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 25698686 bytes

->Temporary Internet Files folder emptied: 17019653 bytes

->Java cache emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService

->Temp folder emptied: 65748 bytes

->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 19569 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 16867 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 35281 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 41.00 mb

Restore point Set: OTL Restore Point (64424509440)

OTL by OldTimer - Version 3.1.20.1 log created on 01032010_082028

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.