me33333 Posted May 28, 2011 ID:434074 Share Posted May 28, 2011 just the DDS log right now it will not let me run or install malewarebytes i can run it in safe mode but when i do it says im all clear and i can asure you that i am notthanks guys your awosme.DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21Run by Kelly at 21:37:51 on 2011-05-27Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.771 [GMT -4:00]..============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Internet Explorer\iexplore.exeE:\dds.scrC:\WINDOWS\system32\WSCRIPT.exe.============== Pseudo HJT Report ===============.BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dlluRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mscan.exe" /runcleanupscriptmRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscriptStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exeIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\kelly\application data\mozilla\firefox\profiles\8r20qdfu.default\FF - prefs.js: browser.startup.homepage - www.google.comFF - prefs.js: keyword.URL - chrome://browser-region/locale/region.propertiesFF - component: c:\documents and settings\kelly\application data\mozilla\firefox\profiles\8r20qdfu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll.============= SERVICES / DRIVERS ===============.R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-7 64288]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232].=============== Created Last 30 ================.2011-05-28 01:35:57 -------- d-s---w- c:\documents and settings\kelly\UserData2011-05-23 02:31:45 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com2011-05-23 02:31:39 -------- d-----w- c:\program files\SUPERAntiSpyware2011-05-07 14:13:26 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll2011-05-07 14:13:25 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll2011-05-07 14:13:25 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll2011-05-07 14:13:25 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll2011-05-07 14:13:25 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll2011-05-07 14:13:24 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll2011-05-07 14:13:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll2011-05-07 14:13:23 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll.==================== Find3M ====================.2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys.============= FINISH: 21:38:25.25 =============== Link to post Share on other sites More sharing options...
me33333 Posted May 29, 2011 Author ID:434280 Share Posted May 29, 2011 also just to let everyone know on the infected computer when i try to run anything that is not internet explorer it asks me how i want to open the program anything with .exe so i cannot redownload mbam to rerun it cheersagain thanks for the help Link to post Share on other sites More sharing options...
Elise Posted May 29, 2011 ID:434316 Share Posted May 29, 2011 Hello and Try to run this from normal mode; if it doesn't work, try it from Safe Mode.COMBOFIX---------------Please download ComboFix from one of these locations:BleepingcomputerForoSpywareDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)Double click on Combofix.exe and follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply. Link to post Share on other sites More sharing options...
me33333 Posted May 30, 2011 Author ID:434613 Share Posted May 30, 2011 heres the combfix logComboFix 11-05-29.01 - Administrator 05/29/2011 22:17:34.1.1 - x86 NETWORKMicrosoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.846 [GMT -4:00]Running from: E:\ComboFix.exe..((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-30 )))))))))))))))))))))))))))))))..2011-05-28 01:35 . 2011-05-28 01:35 -------- d-s---w- c:\documents and settings\Kelly\UserData2011-05-23 02:31 . 2011-05-23 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com2011-05-23 02:31 . 2011-05-23 02:31 -------- d-----w- c:\program files\SUPERAntiSpyware2011-05-09 23:20 . 2011-05-24 22:01 -------- d-----w- c:\documents and settings\Administrator2011-05-07 14:13 . 2011-05-07 14:13 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll2011-05-07 14:13 . 2011-05-07 14:13 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll2011-05-07 14:13 . 2011-05-07 14:13 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll2011-05-07 14:13 . 2011-05-07 14:13 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll2011-05-07 14:13 . 2011-05-07 14:13 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll2011-05-07 14:13 . 2011-05-07 14:13 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll2011-05-07 14:13 . 2011-05-07 14:13 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll2011-05-07 14:13 . 2011-05-07 14:13 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-03-07 05:33 . 2009-12-08 23:59 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-03-04 06:45 . 2004-08-12 13:32 434176 ----a-w- c:\windows\system32\vbscript.dll2011-03-03 13:21 . 2004-08-12 13:33 1857920 ----a-w- c:\windows\system32\win32k.sys2011-05-07 14:13 . 2011-05-07 14:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-04 2424192].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mscan.exe" [2010-01-07 1394000]"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976].c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)"DisableNotifications"= 1 (0x1).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\LimeWire\\LimeWire.exe"=.R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/7/2010 9:50 PM 64288]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232].Contents of the 'Scheduled Tasks' folder.2011-05-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 00:51]..------- Supplementary Scan -------.TCP: DhcpNameServer = 172.16.145.103 172.16.145.103FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mxmvipz3.default\..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-05-29 22:20Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(760)c:\windows\System32\BCMLogon.dll.Completion time: 2011-05-29 22:21:10ComboFix-quarantined-files.txt 2011-05-30 02:21.Pre-Run: 67,850,076,160 bytes freePost-Run: 68,669,673,472 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect.- - End Of File - - 54012AAC9A09EFCD3D2CD32CCAF25278 Link to post Share on other sites More sharing options...
Elise Posted May 30, 2011 ID:434638 Share Posted May 30, 2011 I take it it didn't run from Normal Mode?In that case, right click the download link below and select "save link/target as...". Save the file as OTL.com to the desktop of the infected profile.Then reboot in normal mode and doubleclick on OTL.com to run it.OTL-----Please download OTL from one of the following mirrors:This is THE Mirror[*]Save it to your desktop.[*]Double click on the icon on your desktop.[*]Click the "Scan All Users" checkbox.[*]Push the button.[*]Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimized Link to post Share on other sites More sharing options...
me33333 Posted May 30, 2011 Author ID:434747 Share Posted May 30, 2011 and if nothing opened? Link to post Share on other sites More sharing options...
Elise Posted May 30, 2011 ID:434749 Share Posted May 30, 2011 Boot in safe mode with netowrking, given that the internet works there. Download the file from there and save it to the desktop of the infected profile (c:\documents and settings\<userprofile name>\desktop). Then reboot in the infected profile in normal mode and run OTL.com. Link to post Share on other sites More sharing options...
me33333 Posted May 30, 2011 Author ID:434862 Share Posted May 30, 2011 OTL logfile created on: 5/30/2011 4:25:27 PM - Run 2OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Administrator\My Documents\DownloadsWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.5512)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1023.23 Mb Total Physical Memory | 750.85 Mb Available Physical Memory | 73.38% Memory free2.41 Gb Paging File | 2.26 Gb Available in Paging File | 93.91% Paging File freePaging file location(s): C:\pagefile.sys 1536 3072 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 74.53 Gb Total Space | 63.98 Gb Free Space | 85.85% Space Free | Partition Type: NTFSComputer Name: KELLYS-LAPTOP | User Name: Administrator | Logged in as Administrator.Boot Mode: SafeMode with Networking | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2011/05/30 16:24:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exePRC - [2011/05/07 10:13:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe========== Modules (SafeList) ==========MOD - [2011/05/30 16:24:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exeMOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll========== Win32 Services (SafeList) ==========SRV - File not found [Disabled | Stopped] -- -- (HidServ)SRV - [2010/07/21 20:51:32 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)========== Driver Services (SafeList) ==========DRV - [2010/07/21 20:51:47 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)DRV - [2005/11/02 14:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)DRV - [2005/05/03 16:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)DRV - [2005/05/03 16:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)DRV - [2005/05/03 16:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)DRV - [2004/11/15 16:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)DRV - [2004/03/24 11:12:44 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)DRV - [2003/09/26 11:41:10 | 000,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-299502267-492894223-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 10:13:34 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 10:13:34 | 000,000,000 | ---D | M][2011/05/22 21:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions[2011/05/22 22:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2010/09/09 18:19:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}File not found (No name found) -- [2010/02/06 21:36:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF[2011/05/07 10:13:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll[2010/03/30 20:29:55 | 000,002,401 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bardiscover116.xml[2010/03/30 20:36:05 | 000,002,401 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bardiscover117.xml[2011/05/07 10:13:28 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xmlO1 HOSTS File: ([2004/08/12 09:19:39 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mscan.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)O4 - HKU\S-1-5-21-299502267-492894223-1343024091-500..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-299502267-492894223-1343024091-500\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-299502267-492894223-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\S-1-5-21-299502267-492894223-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-21-299502267-492894223-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.145.103 172.16.145.103O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/12/08 20:01:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2011/05/29 22:21:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp[2011/05/29 22:16:54 | 000,000,000 | RHSD | C] -- C:\cmdcons[2011/05/29 22:12:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe[2011/05/29 22:12:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe[2011/05/29 22:12:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe[2011/05/29 22:12:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe[2011/05/29 22:12:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT[2011/05/29 22:12:00 | 000,000,000 | ---D | C] -- C:\Qoobox[2011/05/24 18:02:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos[2011/05/24 18:02:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures[2011/05/24 18:02:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music[2011/05/24 18:02:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools[2011/05/22 22:31:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com[2011/05/22 22:31:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com[2011/05/22 22:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware[2011/05/22 22:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware[2011/05/22 21:58:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe[2011/05/22 21:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads[2011/05/22 21:46:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla[2011/05/22 21:46:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla[2011/05/09 19:58:52 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC[2011/05/09 19:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes[2011/05/09 19:20:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft[2011/05/09 19:20:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies[2011/05/09 19:20:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo[2011/05/09 19:20:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data[2011/05/09 19:20:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup[2011/05/09 19:20:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories[2011/05/09 19:20:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent[2011/05/09 19:20:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood[2011/05/09 19:20:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood[2011/05/09 19:20:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings[2011/05/09 19:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents[2011/05/09 19:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft[2011/05/09 19:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia[2011/05/09 19:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites[2011/05/09 19:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop[2011/05/09 19:20:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu[2011/05/09 19:20:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2011/05/30 16:09:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2011/05/30 16:09:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2011/05/30 09:35:25 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2011/05/30 09:35:25 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2011/05/29 22:16:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini[2011/05/26 16:38:38 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job[2011/05/24 18:01:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable[2011/05/24 17:39:16 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2011/05/22 22:31:41 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk[2011/05/22 21:51:34 | 000,018,794 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hf7o7oior1bgb4rqj6cype23nm1c7x37y[2011/05/22 21:12:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat[2011/05/09 20:13:10 | 000,016,482 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\85yw0s80l85q07y82yemg8v447xyn7n67745ob208g2[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files Created - No Company Name ==========[2011/05/29 22:16:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak[2011/05/29 22:16:55 | 000,260,272 | RHS- | C] () -- C:\cmldr[2011/05/29 22:12:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe[2011/05/29 22:12:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe[2011/05/29 22:12:18 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe[2011/05/29 22:12:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe[2011/05/29 22:12:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe[2011/05/24 18:01:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable[2011/05/22 22:31:41 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk[2011/05/22 21:12:58 | 000,018,794 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hf7o7oior1bgb4rqj6cype23nm1c7x37y[2011/05/09 19:20:04 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk[2011/05/09 19:20:04 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk[2011/05/09 19:14:04 | 000,016,482 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\85yw0s80l85q07y82yemg8v447xyn7n67745ob208g2[2011/05/07 10:13:35 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk[2010/04/25 20:27:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfo.dat[2010/04/03 16:47:00 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat[2010/03/12 15:33:30 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe[2010/02/06 21:36:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2009/12/22 18:12:54 | 000,000,882 | ---- | C] () -- C:\WINDOWS\DC.ini[2009/12/08 21:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat[2009/12/08 20:57:47 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll[2009/12/08 20:57:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll[2009/12/08 20:57:47 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE[2009/12/08 20:36:35 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys[2009/12/08 20:11:08 | 000,000,487 | ---- | C] () -- C:\WINDOWS\demo.INI[2009/12/08 20:06:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat[2009/12/08 19:58:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat[2009/12/08 15:53:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI[2009/12/08 15:51:50 | 000,091,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2004/08/12 09:36:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin[2004/08/12 09:36:06 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat[2004/08/12 09:28:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat[2004/08/12 09:26:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat[2004/08/12 09:26:07 | 000,312,172 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat[2004/08/12 09:26:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat[2004/08/12 09:26:05 | 000,040,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat[2004/08/12 09:24:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat[2004/08/12 09:22:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat[2004/08/12 09:22:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin[2004/08/12 09:18:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat[2004/08/12 09:18:32 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin< End of report > Link to post Share on other sites More sharing options...
Elise Posted May 31, 2011 ID:434996 Share Posted May 31, 2011 You have now run the scan from the Administrator profile in Safe mode with networking. That is not helpful as it does not show what we need to fix. This will only show up if you run the scan from the infected profile.You need to use Safe mode with networking in order to download and rename OTL as instructed and save it to the infected profiles desktop.Once you have done that, you have to reboot in normal mode and run OTL.com (this should run normally, without problems). When done the log will be saved in c:\otl.txt, and you can post it by rebooting in safe mode/networking and accessing the internet from there. Link to post Share on other sites More sharing options...
me33333 Posted May 31, 2011 Author ID:435274 Share Posted May 31, 2011 i downloaded it origonally and ran it normally and no text popped up afterward thats why i asked in my previous post what it nothing pops up... i ran it again in normal mode there is only one profile when not in safe mode so it ran under the right section and after finishing for a 2nd time still no log but when i ran it in safe mode it gave me the text file you see before you.... ill go run it again under normal boot and report my findings Link to post Share on other sites More sharing options...
Elise Posted June 1, 2011 ID:435468 Share Posted June 1, 2011 Even if the log does not pop up in Normal mode, it will most likely have been saved as c:\otl.txt. So, after running the scan in normal mode, if the log does not come up, reboot in safe mode, do NOT rerun the scan, but look for the log in c:\otl.txt Link to post Share on other sites More sharing options...
me33333 Posted June 3, 2011 Author ID:436162 Share Posted June 3, 2011 OTL logfile created on: 6/2/2011 9:23:58 PM - Run 3OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Kelly\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.5512)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1023.23 Mb Total Physical Memory | 815.02 Mb Available Physical Memory | 79.65% Memory free2.41 Gb Paging File | 2.31 Gb Available in Paging File | 95.97% Paging File freePaging file location(s): C:\pagefile.sys 1536 3072 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 74.53 Gb Total Space | 63.98 Gb Free Space | 85.85% Space Free | Partition Type: NTFSComputer Name: KELLYS-LAPTOP | User Name: Kelly | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2011/05/30 09:33:00 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.comPRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe========== Modules (SafeList) ==========MOD - [2011/05/30 09:33:00 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.comMOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll========== Win32 Services (SafeList) ==========SRV - File not found [Disabled | Stopped] -- -- (HidServ)SRV - [2010/07/21 20:51:32 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)========== Driver Services (SafeList) ==========DRV - [2010/07/21 20:51:47 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)DRV - [2005/11/02 14:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)DRV - [2005/05/03 16:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)DRV - [2005/05/03 16:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)DRV - [2005/05/03 16:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)DRV - [2004/11/15 16:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)DRV - [2004/03/24 11:12:44 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)DRV - [2003/09/26 11:41:10 | 000,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-299502267-492894223-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.startup.homepage: "www.google.com"FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81FF - prefs.js..extensions.enabledItems: {AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}:1.0FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 10:13:34 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 10:13:34 | 000,000,000 | ---D | M][2010/03/30 20:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Extensions[2010/03/30 20:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Extensions\mozswing@mozswing.org[2011/05/06 19:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\8r20qdfu.default\extensions[2011/03/24 18:46:57 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\8r20qdfu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}[2011/03/24 18:46:57 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\8r20qdfu.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}[2011/05/22 22:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2010/09/09 18:19:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}File not found (No name found) -- [2010/02/06 21:36:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FFFile not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}[2011/05/07 10:13:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll[2010/03/30 20:29:55 | 000,002,401 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bardiscover116.xml[2010/03/30 20:36:05 | 000,002,401 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bardiscover117.xml[2011/05/07 10:13:28 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xmlO1 HOSTS File: ([2004/08/12 09:19:39 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mscan.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-299502267-492894223-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O24 - Desktop WallPaper: C:\Documents and Settings\Kelly\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Kelly\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/12/08 20:01:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O35 - HKU\S-1-5-21-299502267-492894223-1343024091-1003..exefile [open] -- "C:\Documents and Settings\Kelly\Local Settings\Application Data\ced.exe" -a "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKU\S-1-5-21-299502267-492894223-1343024091-1003\...exe [@ = exefile] -- "C:\Documents and Settings\Kelly\Local Settings\Application Data\ced.exe" -a "%1" %*========== Files/Folders - Created Within 30 Days ==========[2011/05/30 09:32:46 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.com[2011/05/29 22:21:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp[2011/05/29 22:16:54 | 000,000,000 | RHSD | C] -- C:\cmdcons[2011/05/29 22:12:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe[2011/05/29 22:12:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe[2011/05/29 22:12:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe[2011/05/29 22:12:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe[2011/05/29 22:12:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT[2011/05/29 22:12:00 | 000,000,000 | ---D | C] -- C:\Qoobox[2011/05/27 21:37:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kelly\Start Menu\Programs\Administrative Tools[2011/05/27 21:35:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Kelly\UserData[2011/05/22 22:31:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com[2011/05/22 22:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware[2011/05/22 22:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware[2011/05/09 22:08:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kelly\Desktop\Doom[2011/05/09 19:58:52 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2011/06/02 21:17:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2011/06/02 21:17:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2011/05/30 09:35:25 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2011/05/30 09:35:25 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2011/05/30 09:33:00 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.com[2011/05/29 22:16:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini[2011/05/26 16:38:38 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job[2011/05/24 17:39:16 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2011/05/22 22:31:41 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk[2011/05/22 21:51:34 | 000,018,794 | -HS- | M] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\hf7o7oior1bgb4rqj6cype23nm1c7x37y[2011/05/22 21:51:34 | 000,018,794 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hf7o7oior1bgb4rqj6cype23nm1c7x37y[2011/05/22 21:12:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat[2011/05/18 17:17:28 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\letter of intent.rtf[2011/05/18 17:00:17 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\resume.rtf[2011/05/09 20:13:10 | 000,016,482 | -HS- | M] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\85yw0s80l85q07y82yemg8v447xyn7n67745ob208g2[2011/05/09 20:13:10 | 000,016,482 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\85yw0s80l85q07y82yemg8v447xyn7n67745ob208g2[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files Created - No Company Name ==========[2011/05/29 22:16:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak[2011/05/29 22:16:55 | 000,260,272 | RHS- | C] () -- C:\cmldr[2011/05/29 22:12:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe[2011/05/29 22:12:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe[2011/05/29 22:12:18 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe[2011/05/29 22:12:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe[2011/05/29 22:12:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe[2011/05/22 22:31:41 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk[2011/05/22 21:12:58 | 000,018,794 | -HS- | C] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\hf7o7oior1bgb4rqj6cype23nm1c7x37y[2011/05/22 21:12:58 | 000,018,794 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hf7o7oior1bgb4rqj6cype23nm1c7x37y[2011/05/18 17:17:28 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\letter of intent.rtf[2011/05/18 16:58:48 | 000,001,750 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\resume.rtf[2011/05/09 19:14:04 | 000,016,482 | -HS- | C] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\85yw0s80l85q07y82yemg8v447xyn7n67745ob208g2[2011/05/09 19:14:04 | 000,016,482 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\85yw0s80l85q07y82yemg8v447xyn7n67745ob208g2[2011/05/07 10:13:35 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk[2010/04/25 20:27:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfo.dat[2010/04/03 16:47:00 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat[2010/03/12 15:33:30 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe[2010/02/06 21:36:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2009/12/22 18:12:54 | 000,000,882 | ---- | C] () -- C:\WINDOWS\DC.ini[2009/12/08 21:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat[2009/12/08 20:57:47 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll[2009/12/08 20:57:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll[2009/12/08 20:57:47 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE[2009/12/08 20:36:35 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys[2009/12/08 20:11:08 | 000,000,487 | ---- | C] () -- C:\WINDOWS\demo.INI[2009/12/08 20:06:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat[2009/12/08 19:58:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat[2009/12/08 15:53:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI[2009/12/08 15:51:50 | 000,091,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2004/08/12 09:36:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin[2004/08/12 09:36:06 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat[2004/08/12 09:28:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat[2004/08/12 09:26:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat[2004/08/12 09:26:07 | 000,312,172 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat[2004/08/12 09:26:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat[2004/08/12 09:26:05 | 000,040,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat[2004/08/12 09:24:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat[2004/08/12 09:22:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat[2004/08/12 09:22:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin[2004/08/12 09:18:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat[2004/08/12 09:18:32 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin< End of report > Link to post Share on other sites More sharing options...
Elise Posted June 3, 2011 ID:436230 Share Posted June 3, 2011 Hi again, please run the following fix in normal mode!OTL FIX------------We need to run an OTL FixPlease reopen on your desktop.Copy and Paste the following code into the textbox.:otlO35 - HKU\S-1-5-21-299502267-492894223-1343024091-1003..exefile [open] -- "C:\Documents and Settings\Kelly\Local Settings\Application Data\ced.exe" -a "%1" %*O37 - HKU\S-1-5-21-299502267-492894223-1343024091-1003\...exe [@ = exefile] -- "C:\Documents and Settings\Kelly\Local Settings\Application Data\ced.exe" -a "%1" %*:commands[reboot]Push OTL may ask to reboot the machine. Please do so if asked.Click the OK button.A report will open. Copy and Paste that report in your next reply.When done, let me know how normal mode is behaving. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 9, 2011 Root Admin ID:438688 Share Posted June 9, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts