Jump to content

Recommended Posts

just the DDS log right now it will not let me run or install malewarebytes i can run it in safe mode but when i do it says im all clear and i can asure you that i am not

thanks guys your awosme

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21

Run by Kelly at 21:37:51 on 2011-05-27

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.771 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Internet Explorer\iexplore.exe

E:\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mscan.exe" /runcleanupscript

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\kelly\application data\mozilla\firefox\profiles\8r20qdfu.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

FF - component: c:\documents and settings\kelly\application data\mozilla\firefox\profiles\8r20qdfu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-7 64288]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

.

=============== Created Last 30 ================

.

2011-05-28 01:35:57 -------- d-s---w- c:\documents and settings\kelly\UserData

2011-05-23 02:31:45 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-05-23 02:31:39 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-05-07 14:13:26 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-05-07 14:13:25 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-05-07 14:13:25 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-05-07 14:13:25 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-05-07 14:13:25 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-05-07 14:13:24 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-05-07 14:13:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-05-07 14:13:23 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

.

==================== Find3M ====================

.

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 21:38:25.25 ===============

Link to post
Share on other sites

also just to let everyone know on the infected computer when i try to run anything that is not internet explorer it asks me how i want to open the program anything with .exe so i cannot redownload mbam to rerun it cheers

again thanks for the help

Link to post
Share on other sites

Hello and :welcome:

Try to run this from normal mode; if it doesn't work, try it from Safe Mode.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

heres the combfix log

ComboFix 11-05-29.01 - Administrator 05/29/2011 22:17:34.1.1 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.846 [GMT -4:00]

Running from: E:\ComboFix.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-30 )))))))))))))))))))))))))))))))

.

.

2011-05-28 01:35 . 2011-05-28 01:35 -------- d-s---w- c:\documents and settings\Kelly\UserData

2011-05-23 02:31 . 2011-05-23 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-05-23 02:31 . 2011-05-23 02:31 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-05-09 23:20 . 2011-05-24 22:01 -------- d-----w- c:\documents and settings\Administrator

2011-05-07 14:13 . 2011-05-07 14:13 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-05-07 14:13 . 2011-05-07 14:13 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-05-07 14:13 . 2011-05-07 14:13 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-05-07 14:13 . 2011-05-07 14:13 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-05-07 14:13 . 2011-05-07 14:13 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-05-07 14:13 . 2011-05-07 14:13 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll

2011-05-07 14:13 . 2011-05-07 14:13 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-05-07 14:13 . 2011-05-07 14:13 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-07 05:33 . 2009-12-08 23:59 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:45 . 2004-08-12 13:32 434176 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2004-08-12 13:33 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-05-07 14:13 . 2011-05-07 14:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-04 2424192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mscan.exe" [2010-01-07 1394000]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/7/2010 9:50 PM 64288]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 00:51]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 172.16.145.103 172.16.145.103

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mxmvipz3.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-29 22:20

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(760)

c:\windows\System32\BCMLogon.dll

.

Completion time: 2011-05-29 22:21:10

ComboFix-quarantined-files.txt 2011-05-30 02:21

.

Pre-Run: 67,850,076,160 bytes free

Post-Run: 68,669,673,472 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 54012AAC9A09EFCD3D2CD32CCAF25278

Link to post
Share on other sites

I take it it didn't run from Normal Mode?

In that case, right click the download link below and select "save link/target as...". Save the file as OTL.com to the desktop of the infected profile.

Then reboot in normal mode and doubleclick on OTL.com to run it.

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlicon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the runscan.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

Boot in safe mode with netowrking, given that the internet works there. Download the file from there and save it to the desktop of the infected profile (c:\documents and settings\<userprofile name>\desktop). Then reboot in the infected profile in normal mode and run OTL.com.

Link to post
Share on other sites

OTL logfile created on: 5/30/2011 4:25:27 PM - Run 2

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.23 Mb Total Physical Memory | 750.85 Mb Available Physical Memory | 73.38% Memory free

2.41 Gb Paging File | 2.26 Gb Available in Paging File | 93.91% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 63.98 Gb Free Space | 85.85% Space Free | Partition Type: NTFS

Computer Name: KELLYS-LAPTOP | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/30 16:24:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe

PRC - [2011/05/07 10:13:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/05/30 16:24:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - [2010/07/21 20:51:32 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

========== Driver Services (SafeList) ==========

DRV - [2010/07/21 20:51:47 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2005/11/02 14:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2005/05/03 16:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)

DRV - [2005/05/03 16:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)

DRV - [2005/05/03 16:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2004/11/15 16:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)

DRV - [2004/03/24 11:12:44 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)

DRV - [2003/09/26 11:41:10 | 000,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-492894223-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 10:13:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 10:13:34 | 000,000,000 | ---D | M]

[2011/05/22 21:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2011/05/22 22:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/09/09 18:19:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

File not found (No name found) --

[2010/02/06 21:36:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/05/07 10:13:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/03/30 20:29:55 | 000,002,401 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bardiscover116.xml

[2010/03/30 20:36:05 | 000,002,401 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bardiscover117.xml

[2011/05/07 10:13:28 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/12 09:19:39 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mscan.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-21-299502267-492894223-1343024091-500..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-299502267-492894223-1343024091-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-299502267-492894223-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-299502267-492894223-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-299502267-492894223-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.145.103 172.16.145.103

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/12/08 20:01:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/29 22:21:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2011/05/29 22:16:54 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/05/29 22:12:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/05/29 22:12:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/05/29 22:12:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/05/29 22:12:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/05/29 22:12:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/05/29 22:12:00 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/05/24 18:02:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos

[2011/05/24 18:02:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures

[2011/05/24 18:02:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music

[2011/05/24 18:02:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools

[2011/05/22 22:31:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2011/05/22 22:31:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

[2011/05/22 22:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware

[2011/05/22 22:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2011/05/22 21:58:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe

[2011/05/22 21:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads

[2011/05/22 21:46:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla

[2011/05/22 21:46:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla

[2011/05/09 19:58:52 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2011/05/09 19:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2011/05/09 19:20:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft

[2011/05/09 19:20:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies

[2011/05/09 19:20:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo

[2011/05/09 19:20:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data

[2011/05/09 19:20:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup

[2011/05/09 19:20:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories

[2011/05/09 19:20:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent

[2011/05/09 19:20:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood

[2011/05/09 19:20:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood

[2011/05/09 19:20:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings

[2011/05/09 19:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents

[2011/05/09 19:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft

[2011/05/09 19:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia

[2011/05/09 19:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites

[2011/05/09 19:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop

[2011/05/09 19:20:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu

[2011/05/09 19:20:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/30 16:09:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/05/30 16:09:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/05/30 09:35:25 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/05/30 09:35:25 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/05/29 22:16:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/05/26 16:38:38 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2011/05/24 18:01:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable

[2011/05/24 17:39:16 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/22 22:31:41 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011/05/22 21:51:34 | 000,018,794 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hf7o7oior1bgb4rqj6cype23nm1c7x37y

[2011/05/22 21:12:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/05/09 20:13:10 | 000,016,482 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\85yw0s80l85q07y82yemg8v447xyn7n67745ob208g2

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/29 22:16:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/05/29 22:16:55 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/05/29 22:12:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/05/29 22:12:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/05/29 22:12:18 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/05/29 22:12:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/05/29 22:12:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/05/24 18:01:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable

[2011/05/22 22:31:41 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011/05/22 21:12:58 | 000,018,794 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hf7o7oior1bgb4rqj6cype23nm1c7x37y

[2011/05/09 19:20:04 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk

[2011/05/09 19:20:04 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk

[2011/05/09 19:14:04 | 000,016,482 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\85yw0s80l85q07y82yemg8v447xyn7n67745ob208g2

[2011/05/07 10:13:35 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2010/04/25 20:27:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfo.dat

[2010/04/03 16:47:00 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/03/12 15:33:30 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2010/02/06 21:36:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/12/22 18:12:54 | 000,000,882 | ---- | C] () -- C:\WINDOWS\DC.ini

[2009/12/08 21:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/12/08 20:57:47 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2009/12/08 20:57:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2009/12/08 20:57:47 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE

[2009/12/08 20:36:35 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys

[2009/12/08 20:11:08 | 000,000,487 | ---- | C] () -- C:\WINDOWS\demo.INI

[2009/12/08 20:06:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/12/08 19:58:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/12/08 15:53:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/12/08 15:51:50 | 000,091,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/12 09:36:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/12 09:36:06 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/12 09:28:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/12 09:26:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/12 09:26:07 | 000,312,172 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/12 09:26:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/12 09:26:05 | 000,040,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/12 09:24:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/12 09:22:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/12 09:22:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/12 09:18:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/12 09:18:32 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

< End of report >

Link to post
Share on other sites

You have now run the scan from the Administrator profile in Safe mode with networking. That is not helpful as it does not show what we need to fix. This will only show up if you run the scan from the infected profile.

You need to use Safe mode with networking in order to download and rename OTL as instructed and save it to the infected profiles desktop.

Once you have done that, you have to reboot in normal mode and run OTL.com (this should run normally, without problems). When done the log will be saved in c:\otl.txt, and you can post it by rebooting in safe mode/networking and accessing the internet from there.

Link to post
Share on other sites

i downloaded it origonally and ran it normally and no text popped up afterward thats why i asked in my previous post what it nothing pops up... i ran it again in normal mode there is only one profile when not in safe mode so it ran under the right section and after finishing for a 2nd time still no log but when i ran it in safe mode it gave me the text file you see before you.... ill go run it again under normal boot and report my findings

Link to post
Share on other sites

Even if the log does not pop up in Normal mode, it will most likely have been saved as c:\otl.txt. So, after running the scan in normal mode, if the log does not come up, reboot in safe mode, do NOT rerun the scan, but look for the log in c:\otl.txt

Link to post
Share on other sites

OTL logfile created on: 6/2/2011 9:23:58 PM - Run 3

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Kelly\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.23 Mb Total Physical Memory | 815.02 Mb Available Physical Memory | 79.65% Memory free

2.41 Gb Paging File | 2.31 Gb Available in Paging File | 95.97% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 63.98 Gb Free Space | 85.85% Space Free | Partition Type: NTFS

Computer Name: KELLYS-LAPTOP | User Name: Kelly | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/30 09:33:00 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.com

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/05/30 09:33:00 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.com

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - [2010/07/21 20:51:32 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

========== Driver Services (SafeList) ==========

DRV - [2010/07/21 20:51:47 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2005/11/02 14:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2005/05/03 16:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)

DRV - [2005/05/03 16:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)

DRV - [2005/05/03 16:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2004/11/15 16:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)

DRV - [2004/03/24 11:12:44 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)

DRV - [2003/09/26 11:41:10 | 000,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-492894223-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81

FF - prefs.js..extensions.enabledItems: {AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2

FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 10:13:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 10:13:34 | 000,000,000 | ---D | M]

[2010/03/30 20:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Extensions

[2010/03/30 20:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2011/05/06 19:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\8r20qdfu.default\extensions

[2011/03/24 18:46:57 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\8r20qdfu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

[2011/03/24 18:46:57 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\8r20qdfu.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

[2011/05/22 22:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/09/09 18:19:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

File not found (No name found) --

[2010/02/06 21:36:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}

[2011/05/07 10:13:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/03/30 20:29:55 | 000,002,401 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bardiscover116.xml

[2010/03/30 20:36:05 | 000,002,401 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bardiscover117.xml

[2011/05/07 10:13:28 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/12 09:19:39 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mscan.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-299502267-492894223-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Kelly\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kelly\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/12/08 20:01:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKU\S-1-5-21-299502267-492894223-1343024091-1003..exefile [open] -- "C:\Documents and Settings\Kelly\Local Settings\Application Data\ced.exe" -a "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-299502267-492894223-1343024091-1003\...exe [@ = exefile] -- "C:\Documents and Settings\Kelly\Local Settings\Application Data\ced.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/30 09:32:46 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.com

[2011/05/29 22:21:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2011/05/29 22:16:54 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/05/29 22:12:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/05/29 22:12:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/05/29 22:12:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/05/29 22:12:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/05/29 22:12:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/05/29 22:12:00 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/05/27 21:37:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kelly\Start Menu\Programs\Administrative Tools

[2011/05/27 21:35:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Kelly\UserData

[2011/05/22 22:31:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2011/05/22 22:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware

[2011/05/22 22:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2011/05/09 22:08:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kelly\Desktop\Doom

[2011/05/09 19:58:52 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/02 21:17:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/06/02 21:17:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/05/30 09:35:25 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/05/30 09:35:25 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/05/30 09:33:00 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.com

[2011/05/29 22:16:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/05/26 16:38:38 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2011/05/24 17:39:16 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/22 22:31:41 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011/05/22 21:51:34 | 000,018,794 | -HS- | M] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\hf7o7oior1bgb4rqj6cype23nm1c7x37y

[2011/05/22 21:51:34 | 000,018,794 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hf7o7oior1bgb4rqj6cype23nm1c7x37y

[2011/05/22 21:12:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/05/18 17:17:28 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\letter of intent.rtf

[2011/05/18 17:00:17 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\resume.rtf

[2011/05/09 20:13:10 | 000,016,482 | -HS- | M] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\85yw0s80l85q07y82yemg8v447xyn7n67745ob208g2

[2011/05/09 20:13:10 | 000,016,482 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\85yw0s80l85q07y82yemg8v447xyn7n67745ob208g2

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/29 22:16:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/05/29 22:16:55 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/05/29 22:12:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/05/29 22:12:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/05/29 22:12:18 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/05/29 22:12:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/05/29 22:12:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/05/22 22:31:41 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011/05/22 21:12:58 | 000,018,794 | -HS- | C] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\hf7o7oior1bgb4rqj6cype23nm1c7x37y

[2011/05/22 21:12:58 | 000,018,794 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hf7o7oior1bgb4rqj6cype23nm1c7x37y

[2011/05/18 17:17:28 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\letter of intent.rtf

[2011/05/18 16:58:48 | 000,001,750 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\resume.rtf

[2011/05/09 19:14:04 | 000,016,482 | -HS- | C] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\85yw0s80l85q07y82yemg8v447xyn7n67745ob208g2

[2011/05/09 19:14:04 | 000,016,482 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\85yw0s80l85q07y82yemg8v447xyn7n67745ob208g2

[2011/05/07 10:13:35 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2010/04/25 20:27:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfo.dat

[2010/04/03 16:47:00 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/03/12 15:33:30 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2010/02/06 21:36:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/12/22 18:12:54 | 000,000,882 | ---- | C] () -- C:\WINDOWS\DC.ini

[2009/12/08 21:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/12/08 20:57:47 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2009/12/08 20:57:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2009/12/08 20:57:47 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE

[2009/12/08 20:36:35 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys

[2009/12/08 20:11:08 | 000,000,487 | ---- | C] () -- C:\WINDOWS\demo.INI

[2009/12/08 20:06:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/12/08 19:58:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/12/08 15:53:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/12/08 15:51:50 | 000,091,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/12 09:36:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/12 09:36:06 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/12 09:28:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/12 09:26:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/12 09:26:07 | 000,312,172 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/12 09:26:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/12 09:26:05 | 000,040,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/12 09:24:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/12 09:22:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/12 09:22:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/12 09:18:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/12 09:18:32 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

< End of report >

Link to post
Share on other sites

Hi again, please run the following fix in normal mode!

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlicon.png on your desktop.
  2. Copy and Paste the following code into the customscanfix.png textbox.
    :otl
    O35 - HKU\S-1-5-21-299502267-492894223-1343024091-1003..exefile [open] -- "C:\Documents and Settings\Kelly\Local Settings\Application Data\ced.exe" -a "%1" %*
    O37 - HKU\S-1-5-21-299502267-492894223-1343024091-1003\...exe [@ = exefile] -- "C:\Documents and Settings\Kelly\Local Settings\Application Data\ced.exe" -a "%1" %*

    :commands
    [reboot]


  3. Push runfix.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click the OK button.
  6. A report will open. Copy and Paste that report in your next reply.

When done, let me know how normal mode is behaving.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.