Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Computer is playing random ads


(!)

janonjalay's Avatar
janonjalay janonjalay is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Apr 2011
Experience: Intermediate
17-Apr-2011, 08:05 PM #1
Computer is playing random ads
I have been fighting to remove a virus or sometype of malware from my computer for about a week or so now. I have ran several different anti virus scan and thought I had removed everything however, when I go back to use my laptop it plays random ads and audio clips. Nothing else is open on my computer and no other programs that I am aware of are running in the background. I am also getting multiple script errors and redirecting to different websites that seem to try and download more malware when online. None of the other programs that i have run such as malewarebytes and hitmanpro are picking up in malicious files and I am really at a loss of what to do. I have google aroung and the only answer I could find was to re install the os but I would lose everything. Is there some other option? Here are the logs requested

HijackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:21:53 PM, on 4/16/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2600 Series\ezprint.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1282894705203
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofil...SystemLite.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 4709 bytes

dds
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Andrea Lamb at 21:55:30.14 on Sat 04/16/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.278 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Lexmark 2600 Series\ezprint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Andrea Lamb\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2600 series\ezprint.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282894705203
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\andrea~1\applic~1\mozilla\firefox\profiles\1rladtfc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2011-4-16 18816]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2010-8-25 87936]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\s pool\drivers\w32x86\3\lxdnserv.exe [2010-8-28 98984]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-3-26 16968]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-4-13 38224]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\6.tmp --> c:\windows\system32\6.tmp [?]
.
=============== Created Last 30 ================
.
2011-04-17 02:55:09 388096 ----a-r- c:\docume~1\andrea~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-17 02:55:08 -------- d-----w- c:\program files\Trend Micro
2011-04-17 01:25:10 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-04-17 00:41:03 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-04-16 23:55:07 6144 ------w- c:\windows\system32\11.tmp
2011-04-16 21:15:38 6144 ------w- c:\windows\system32\5.tmp
2011-04-16 21:15:04 6144 ------w- c:\windows\system32\4.tmp
2011-04-16 21:14:25 6144 ------w- c:\windows\system32\3.tmp
2011-04-14 03:40:41 -------- d-----w- c:\docume~1\andrea~1\applic~1\Malwarebytes
2011-04-14 03:39:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-14 03:39:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-14 03:39:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-13 13:16:00 -------- d-----w- c:\program files\Sophos
2011-03-27 04:41:34 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-27 04:39:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-03-27 00:58:14 -------- d--h--w- c:\windows\system32\GroupPolicy
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 21:56:25.37 ===============

ark.txt/gmer
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-17 18:50:32
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHT2030AT rev.009B
Running: juroepdq.exe; Driver: C:\DOCUME~1\ANDREA~1\LOCALS~1\Temp\kglyypob.sys

---- Kernel code sections - GMER 1.0.15 ----
INITc VolSnap.sys F8560BD0 4 Bytes [36, 9A, 4D, 80]
INITc VolSnap.sys F8560BF8 4 Bytes [94, 87, 4E, 80] {XCHG ESP, EAX; XCHG [ESI-0x80], ECX}
INITc VolSnap.sys F8560C20 4 Bytes [A0, C1, 4D, 80]
INITc VolSnap.sys F8560C48 4 Bytes [B0, C8, 4D, 80]
INITc VolSnap.sys F8560C70 4 Bytes [09, BF, 4D, 80]
INITc ...
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[2024] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00BC164F
.text C:\WINDOWS\Explorer.EXE[2024] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00BC1817
---- Threads - GMER 1.0.15 ----
Thread System [4:112] 82283E84
Thread System [4:116] 82286084
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016414c5ef5
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016414c5ef5 (not active ControlSet)
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Andrea Lamb\Local Settings\Temporary Internet Files\Content.IE5\TCMDW0TN\l7b4796b26460[1].rss 9236 bytes
---- EOF - GMER 1.0.15 ----
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
janonjalay's Avatar
janonjalay janonjalay is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Apr 2011
Experience: Intermediate
19-Apr-2011, 09:32 PM #2
bump
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,286 posts.
 
Join Date: Mar 2001
Location: Bradford, England
26-Apr-2011, 02:38 PM #3
Hiya and welcome to Tech Support Guy

Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.



Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Please include the MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log in your next reply

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
janonjalay's Avatar
janonjalay janonjalay is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Apr 2011
Experience: Intermediate
28-Apr-2011, 11:29 AM #4
here are the requested logs I wasn't sure if you wanted these scans done in safe mode or not so I just ran the computer like normal since no specification hope that is not a problem.

Malewarbytes:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6460
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4/27/2011 9:46:59 PM
mbam-log-2011-04-27 (21-46-59).txt
Scan type: Quick scan
Objects scanned: 157958
Time elapsed: 1 hour(s), 32 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\andrea lamb\local settings\application data\ijn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

superantispyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/28/2011 at 09:19 AM
Application Version : 4.51.1000
Core Rules Database Version : 6943
Trace Rules Database Version: 4755
Scan type : Complete Scan
Total Scan Time : 01:31:43
Memory items scanned : 407
Memory threats detected : 0
Registry items scanned : 4917
Registry threats detected : 1
File items scanned : 34294
File threats detected : 104
System.BrokenFileAssociation
HKCR\.exe
Adware.Tracking Cookie
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@eyewonder[2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@ad.yieldmanager[2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@apmebf[1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@doubleclick[1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@atdmt[1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@statcounter[1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@trafficmp[2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@content.yieldmanager[5].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@serving-sys[1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@content.yieldmanager[4].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@fastclick[1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@realmedia[3].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@dc.tremormedia[2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@cdn1.trafficmp[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@digitalentertainment.122.2o7[1].txt
convoad.technoratimedia.net [ C:\Documents and Settings\Andrea Lamb\Application Data\Macromedia\Flash Player\#SharedObjects\25ESRYEM ]
media.mtvnservices.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Macromedia\Flash Player\#SharedObjects\25ESRYEM ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Macromedia\Flash Player\#SharedObjects\25ESRYEM ]
.adxpose.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.edgeadx.net [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.richmedia.yahoo.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.specificmedia.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.lucidmedia.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.eyewonder.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
dc.tremormedia.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.media.adfrontiers.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.media.adfrontiers.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.mediabrandsww.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.adecn.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@ad.wsod[2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@adbrite[1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@ads.pointroll[2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@adserver.adtechus[1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@advertise[1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@atdmt[2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@bs.serving-sys[1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@click.fastpartner[1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@collective-media[1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@collective-media[2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@content.yieldmanager[2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@content.yieldmanager[3].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@dc.tremormedia[1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@doubleclick[2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@imrworldwide[2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@invitemedia[1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@media6degrees[1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@media6degrees[2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@media6degrees[3].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@mediabrandsww[1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@network.realmedia[1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@network.realmedia[2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@optimize.indieclick[1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@pixel.invitemedia[1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@questionmarket[1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@r1-ads.ace.advertising[2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@realmedia[1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@realmedia[2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@revsci[2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@serving-sys[2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@tribalfusion[1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@user.lucidmedia[1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@user.lucidmedia[2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@user.lucidmedia[3].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@user.lucidmedia[4].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@viacom.adbureau[2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@viacom.adbureau[3].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@www.plomedia[1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@xml.trafficengine[1].txt
C:\Documents and Settings\Leon Davis\Cookies\leon_davis@2o7[1].txt
C:\Documents and Settings\Leon Davis\Cookies\leon_davis@collective-media[2].txt
C:\Documents and Settings\Leon Davis\Cookies\leon_davis@content.yieldmanager[2].txt
C:\Documents and Settings\Leon Davis\Cookies\leon_davis@content.yieldmanager[3].txt
C:\Documents and Settings\Leon Davis\Cookies\leon_davis@extrovert.122.2o7[1].txt
C:\Documents and Settings\Leon Davis\Cookies\leon_davis@insightexpressai[2].txt
C:\Documents and Settings\Leon Davis\Cookies\leon_davis@realmedia[1].txt
C:\Documents and Settings\Leon Davis\Cookies\leon_davis@revsci[1].txt
C:\Documents and Settings\Leon Davis\Cookies\leon_davis@tacoda[1].txt
C:\Documents and Settings\Leon Davis\Cookies\leon_davis@tribalfusion[1].txt

hijackthis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:17:05 AM, on 4/28/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Lexmark 2600 Series\ezprint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2600 Series\ezprint.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1282894705203
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofil...SystemLite.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 5693 bytes
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,286 posts.
 
Join Date: Mar 2001
Location: Bradford, England
29-Apr-2011, 03:46 PM #5
Normal mode is fine

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.
  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

eddie
janonjalay's Avatar
janonjalay janonjalay is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Apr 2011
Experience: Intermediate
30-Apr-2011, 03:40 PM #6
Combo fix log:
ComboFix 11-04-29.04 - Andrea Lamb 04/30/2011 14:25:51.1.1 - x86
Running from: c:\documents and settings\Andrea Lamb\Desktop\andrea123.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-30 )))))))))))))))))))))))))))))))
.
.
2011-04-28 03:02 . 2011-04-28 03:02 -------- d-----w- c:\documents and settings\Andrea Lamb\Application Data\SUPERAntiSpyware.com
2011-04-28 03:02 . 2011-04-28 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-28 03:01 . 2011-04-28 03:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-20 01:41 . 2011-04-20 01:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-04-17 02:55 . 2011-04-17 02:55 388096 ----a-r- c:\documents and settings\Andrea Lamb\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-17 02:55 . 2011-04-17 02:55 -------- d-----w- c:\program files\Trend Micro
2011-04-17 01:25 . 2010-05-26 15:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-04-17 00:41 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-04-16 20:10 . 2011-04-16 20:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-04-16 00:45 . 2011-04-16 00:45 -------- d-----w- c:\documents and settings\Leon Davis\Application Data\Malwarebytes
2011-04-14 03:40 . 2011-04-14 03:40 -------- d-----w- c:\documents and settings\Andrea Lamb\Application Data\Malwarebytes
2011-04-14 03:39 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-14 03:39 . 2011-04-14 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-14 03:39 . 2011-04-14 03:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-13 13:16 . 2011-04-13 13:16 -------- d-----w- c:\program files\Sophos
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-20 01:53 . 2011-03-27 04:41 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-02-09 13:53 . 2010-08-26 04:34 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2010-08-26 04:33 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2010-08-26 04:33 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-20 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"EzPrint"="c:\program files\Lexmark 2600 Series\ezprint.exe" [2008-03-27 107176]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-11 344064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [4/16/2011 8:25 PM 18816]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [8/25/2010 11:36 PM 87936]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\s pool\drivers\w32x86\3\lxdnserv.exe [8/28/2010 1:13 PM 98984]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [3/26/2011 11:41 PM 16968]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\6.tmp --> c:\windows\system32\6.tmp [?]
.
.
------- Supplementary Scan -------
.
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
FF - ProfilePath - c:\documents and settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-30 14:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\6.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_Ac tiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(864)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2011-04-30 14:34:29
ComboFix-quarantined-files.txt 2011-04-30 19:34
.
Pre-Run: 16,699,887,616 bytes free
Post-Run: 16,664,641,536 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FA5FF48B796F3F3D8E11207691110DB5
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,286 posts.
 
Join Date: Mar 2001
Location: Bradford, England
02-May-2011, 01:26 PM #7
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

eddie
janonjalay's Avatar
janonjalay janonjalay is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Apr 2011
Experience: Intermediate
03-May-2011, 09:48 PM #8
otl.txt as follows:

OTL logfile created on: 5/3/2011 8:25:32 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Andrea Lamb\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 231.00 Mb Available Physical Memory | 45.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.03 Gb Total Space | 15.52 Gb Free Space | 64.58% Space Free | Partition Type: NTFS
Drive D: | 492.37 Mb Total Space | 393.89 Mb Free Space | 80.00% Space Free | Partition Type: FAT32

Computer Name: LAMBS-KORNER | User Name: Andrea Lamb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/03 20:16:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
PRC - [2011/04/20 10:57:04 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/07/05 08:15:56 | 000,755,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\dce73325c50b43822620b32408bb3b50\u pdate\update.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/27 10:13:23 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2600 Series\ezprint.exe
PRC - [2008/03/27 10:13:18 | 000,660,136 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
PRC - [2008/02/27 18:07:26 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdncoms.exe
PRC - [2002/12/17 15:28:00 | 000,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe


========== Modules (SafeList) ==========

MOD - [2011/05/03 20:16:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2008/02/27 18:07:26 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2008/02/27 18:07:14 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)


========== Driver Services (SafeList) ==========

DRV - [2011/04/19 20:53:05 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/03/04 20:10:50 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2009/03/04 20:10:50 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2009/03/04 20:10:50 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2009/03/04 20:10:50 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2007/06/06 13:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/03/16 20:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/10/29 10:16:56 | 000,087,936 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2006/10/29 10:12:16 | 003,298,432 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/05/03 17:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 17:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 17:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 10:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/01/11 15:18:22 | 000,800,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/12/17 15:32:58 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2002/12/17 15:32:46 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2002/12/17 15:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.microsoft.com/isapi/redir...r=6&ar=msnhome"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/29 01:42:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/04 21:59:46 | 000,000,000 | ---D | M]

[2010/08/29 01:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Extensions
[2010/08/29 01:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\extensions
[2010/12/12 13:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/04 21:59:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/09/04 21:59:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/04 21:59:23 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/30 14:30:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1282894705203 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofil...SystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/04 19:33:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/03 20:26:14 | 000,000,000 | ---D | C] -- C:\81e5deaae2f83a2663a5
[2011/05/03 20:24:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
[2011/05/03 20:22:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/04/30 14:24:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/30 14:14:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/30 14:14:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/30 14:14:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/30 14:14:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/30 14:10:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/30 14:08:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/27 22:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea Lamb\Application Data\SUPERAntiSpyware.com
[2011/04/27 22:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/27 22:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/27 22:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/27 22:00:10 | 010,994,344 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Andrea Lamb\Desktop\SUPERAntiSpyware.exe
[2011/04/27 19:55:53 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\TFC.exe
[2011/04/19 20:41:35 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/04/16 21:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/16 21:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea Lamb\Start Menu\Programs\HiJackThis
[2011/04/16 20:25:10 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2011/04/16 19:41:03 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/04/13 22:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea Lamb\Application Data\Malwarebytes
[2011/04/13 22:39:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/13 22:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/13 22:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/13 22:37:51 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andrea Lamb\Desktop\mbam-setup.exe
[2011/04/13 08:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2011/04/13 08:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/04/13 07:15:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrea Lamb\Start Menu\Programs\Administrative Tools
[2011/04/12 22:01:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrea Lamb\Recent
[2010/08/28 13:12:00 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll
[2010/08/28 13:12:00 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll
[2010/08/28 13:12:00 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
[2010/08/28 13:11:59 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
[2010/08/28 13:11:59 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
[2010/08/28 13:11:59 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
[2010/08/28 13:11:59 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll
[2010/08/28 13:11:58 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
[2010/08/28 13:11:58 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
[2010/08/28 13:11:58 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnih.exe
[2010/08/28 13:11:57 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoms.exe
[2010/08/28 13:11:57 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
[2010/08/28 13:11:56 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
[2010/08/28 13:11:56 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncfg.exe

========== Files - Modified Within 30 Days ==========

[2011/05/03 20:20:17 | 000,012,688 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/03 20:18:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/03 20:16:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
[2011/04/30 14:30:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/30 14:24:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/30 14:11:25 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011/04/30 14:01:09 | 004,333,869 | R--- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\andrea123.exe
[2011/04/28 10:14:58 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\HiJackThis.lnk
[2011/04/27 22:01:58 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/27 22:00:09 | 010,994,344 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Andrea Lamb\Desktop\SUPERAntiSpyware.exe
[2011/04/27 19:55:58 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\TFC.exe
[2011/04/20 00:04:04 | 000,013,566 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6vn137o21jcqg4041
[2011/04/20 00:04:03 | 000,013,566 | -HS- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\6vn137o21jcqg4041
[2011/04/19 23:10:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/19 21:14:33 | 000,013,302 | -HS- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\74naa86484b4h4547ab5g2x7g1n374va28l
[2011/04/19 21:14:33 | 000,013,302 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\74naa86484b4h4547ab5g2x7g1n374va28l
[2011/04/19 20:53:05 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/19 20:41:35 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/04/19 20:35:06 | 000,014,974 | -HS- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\b684au650dp60j3dm0h778613303jr1au0v087g42ip5
[2011/04/19 20:35:06 | 000,014,974 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\b684au650dp60j3dm0h778613303jr1au0v087g42ip5
[2011/04/17 14:03:33 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\juroepdq.exe
[2011/04/17 13:57:48 | 000,003,325 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\Attach.zip
[2011/04/16 19:32:08 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\housecall.guid.cache
[2011/04/16 19:26:08 | 000,007,052 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/04/16 18:41:14 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\dds.com
[2011/04/16 18:40:15 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\HijackThis.msi
[2011/04/16 18:21:47 | 000,001,504 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/04/16 18:19:40 | 000,014,008 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\y26fl6u3dlvqhk4y3xi2gf658qow21ch7426l1f62q7
[2011/04/16 18:19:39 | 000,014,008 | -HS- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\y26fl6u3dlvqhk4y3xi2gf658qow21ch7426l1f62q7
[2011/04/14 16:28:22 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\Shortcut to Application Data.lnk
[2011/04/13 22:39:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 22:37:51 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andrea Lamb\Desktop\mbam-setup.exe
[2011/04/13 08:13:38 | 001,376,832 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\sar_15_sfx.exe
[2011/04/11 00:18:36 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18407220r
[2011/04/11 00:18:36 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18407220
[2011/04/11 00:18:27 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18407220
[2011/04/10 14:40:04 | 000,029,719 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\My Documents\Miami_sondi_drea.JPG
[2011/04/05 16:54:05 | 000,000,991 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\leonnn.csv
[2011/04/05 15:00:05 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/04/30 14:24:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/30 14:24:22 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/30 14:14:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/30 14:14:48 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/30 14:14:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/30 14:14:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/30 14:14:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/30 14:01:09 | 004,333,869 | R--- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\andrea123.exe
[2011/04/27 22:01:58 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/20 00:01:47 | 000,013,566 | -HS- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\6vn137o21jcqg4041
[2011/04/20 00:01:47 | 000,013,566 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6vn137o21jcqg4041
[2011/04/19 21:12:37 | 000,013,302 | -HS- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\74naa86484b4h4547ab5g2x7g1n374va28l
[2011/04/19 21:12:37 | 000,013,302 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\74naa86484b4h4547ab5g2x7g1n374va28l
[2011/04/19 14:25:40 | 000,014,974 | -HS- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\b684au650dp60j3dm0h778613303jr1au0v087g42ip5
[2011/04/19 14:25:40 | 000,014,974 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\b684au650dp60j3dm0h778613303jr1au0v087g42ip5
[2011/04/17 14:03:28 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\juroepdq.exe
[2011/04/17 13:57:48 | 000,003,325 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\Attach.zip
[2011/04/16 21:55:08 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\HiJackThis.lnk
[2011/04/16 19:32:08 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\housecall.guid.cache
[2011/04/16 19:19:19 | 000,007,052 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/04/16 18:41:06 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\dds.com
[2011/04/16 18:40:15 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\HijackThis.msi
[2011/04/16 18:21:47 | 000,001,504 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/04/16 18:12:47 | 000,014,008 | -HS- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\y26fl6u3dlvqhk4y3xi2gf658qow21ch7426l1f62q7
[2011/04/16 18:12:47 | 000,014,008 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\y26fl6u3dlvqhk4y3xi2gf658qow21ch7426l1f62q7
[2011/04/14 16:28:22 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\Shortcut to Application Data.lnk
[2011/04/13 22:39:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 08:13:38 | 001,376,832 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\sar_15_sfx.exe
[2011/04/11 00:18:36 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18407220r
[2011/04/11 00:18:35 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18407220
[2011/04/11 00:18:27 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18407220
[2011/04/10 14:40:03 | 000,029,719 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\My Documents\Miami_sondi_drea.JPG
[2011/04/05 16:54:02 | 000,000,991 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\leonnn.csv
[2011/03/26 23:41:34 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/19 21:38:21 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/29 19:35:35 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/29 19:35:35 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/29 04:44:39 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/29 01:42:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/28 13:13:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
[2010/08/28 13:13:08 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdncoin.dll
[2010/08/28 13:12:36 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
[2010/08/28 13:12:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
[2010/08/28 13:12:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
[2010/08/28 13:12:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdnrwrd.ini
[2010/08/28 13:12:00 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll
[2010/08/28 13:11:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
[2010/08/27 02:34:49 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/08/27 02:34:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/08/27 02:34:46 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/08/26 01:10:29 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2010/08/25 23:34:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2010/08/25 23:34:10 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/08/25 23:34:08 | 000,432,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/25 23:34:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010/08/25 23:34:08 | 000,067,714 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/25 23:34:08 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010/08/25 23:34:07 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010/08/25 23:34:07 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2010/08/25 23:34:04 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010/08/25 23:34:01 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2010/08/25 23:33:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010/08/25 23:33:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2010/08/25 23:33:37 | 000,110,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/25 23:33:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/25 23:33:33 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010/08/25 23:33:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2010/08/25 23:29:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/25 23:29:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/25 23:29:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

========== LOP Check ==========

[2011/03/26 23:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/02/19 21:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/09/01 18:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrea Lamb\Application Data\OpenOffice.org
[2011/02/19 21:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrea Lamb\Application Data\Research In Motion

========== Purity Check ==========


< End of report >
janonjalay's Avatar
janonjalay janonjalay is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Apr 2011
Experience: Intermediate
03-May-2011, 09:53 PM #9
extras.txt as follows:

OTL Extras logfile created on: 5/3/2011 8:25:32 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Andrea Lamb\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 231.00 Mb Available Physical Memory | 45.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.03 Gb Total Space | 15.52 Gb Free Space | 64.58% Space Free | Partition Type: NTFS
Drive D: | 492.37 Mb Total Space | 393.89 Mb Free Space | 80.00% Space Free | Partition Type: FAT32

Computer Name: LAMBS-KORNER | User Name: Andrea Lamb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil e]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf ile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\lxdncoms.exe" = C:\WINDOWS\system32\lxdncoms.exe:*:Enabled:2600 Series Server -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\Program Files\Lexmark 2600 Series\lxdnmon.exe" = C:\Program Files\Lexmark 2600 Series\lxdnmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe" = C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe:*:Enabled: -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ie8" = Windows Internet Explorer 8
"kSolo" = kSolo Recorder
"Lexmark 2600 Series" = Lexmark 2600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinGimp-2.0_is1" = GIMP 2.6.4
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/9/2011 8:19:16 AM | Computer Name = LAMBS-KORNER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/13/2011 1:43:23 PM | Computer Name = LAMBS-KORNER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18999, fault address 0x001b95b9.

Error - 1/20/2011 11:49:52 PM | Computer Name = LAMBS-KORNER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/21/2011 6:52:24 PM | Computer Name = LAMBS-KORNER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/22/2011 6:56:46 PM | Computer Name = LAMBS-KORNER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/6/2011 3:40:41 AM | Computer Name = LAMBS-KORNER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/19/2011 5:53:15 AM | Computer Name = LAMBS-KORNER | Source = MsiInstaller | ID = 11305
Description = Product: BlackBerry Desktop Software 6.0.1 -- Error 1305.Error reading
from file C:\DOCUME~1\ANDREA~1\LOCALS~1\Temp\WZSE0.TMP\BlackBerry Desktop Software.msi.
Verify that the file exists and that you can access it.

Error - 2/19/2011 5:53:16 AM | Computer Name = LAMBS-KORNER | Source = MsiInstaller | ID = 11305
Description = Product: BlackBerry Desktop Software 6.0.1 -- Error 1305.Error reading
from file C:\DOCUME~1\ANDREA~1\LOCALS~1\Temp\WZSE0.TMP\BlackBerry Desktop Software.msi.
Verify that the file exists and that you can access it.

Error - 2/19/2011 5:53:18 AM | Computer Name = LAMBS-KORNER | Source = MsiInstaller | ID = 11305
Description = Product: BlackBerry Desktop Software 6.0.1 -- Error 1305.Error reading
from file C:\DOCUME~1\ANDREA~1\LOCALS~1\Temp\WZSE0.TMP\BlackBerry Desktop Software.msi.
Verify that the file exists and that you can access it.

Error - 2/20/2011 1:37:29 PM | Computer Name = LAMBS-KORNER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/30/2011 3:13:39 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService
service to connect.

Error - 4/30/2011 3:13:39 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7000
Description = The lxdnCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 4/30/2011 3:13:39 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 4/30/2011 3:14:33 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 4/30/2011 3:16:04 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
3 time(s).

Error - 4/30/2011 3:25:36 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/30/2011 3:25:36 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7034
Description = The Smart Card service terminated unexpectedly. It has done this
1 time(s).

Error - 5/3/2011 9:20:12 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService
service to connect.

Error - 5/3/2011 9:20:12 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7000
Description = The lxdnCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 5/3/2011 9:20:12 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s).


< End of report >
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,286 posts.
 
Join Date: Mar 2001
Location: Bradford, England
04-May-2011, 04:01 PM #10
Okay, can you update MBAm and run another scan, this time selecting Full Scan, and post the log like you did before.

Also, can you run a scan here as well:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Click Eset Online Scanner button.
  • Tick the box next to YES, I accept the Terms of Use
  • If it wants to install an Addon, allow it.
  • If asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


eddie
janonjalay's Avatar
janonjalay janonjalay is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Apr 2011
Experience: Intermediate
08-May-2011, 04:14 PM #11
Sorry for the delay, my internet service was down for a while. Here are the requested logs:

Malwarebytes
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6528
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/8/2011 1:12:07 PM
mbam-log-2011-05-08 (13-12-06).txt
Scan type: Full scan (C:\|)
Objects scanned: 189113
Time elapsed: 3 hour(s), 51 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

Eset Online Scanner
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=a7d0dbe015dcae458bce1d580b1f2cb1
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-08 07:17:16
# local_time=2011-05-08 02:17:16 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 949080 949080 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=34916
# found=0
# cleaned=0
# scan_time=2649
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,286 posts.
 
Join Date: Mar 2001
Location: Bradford, England
09-May-2011, 05:58 PM #12
That's okay, I'm always around, so anytime is fine

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    [2011/04/20 00:04:04 | 000,013,566 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6vn137o21jcqg4041
    [2011/04/20 00:04:03 | 000,013,566 | -HS- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\6vn137o21jcqg4041
    [2011/04/19 21:14:33 | 000,013,302 | -HS- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\74naa86484b4h4547ab5g2x7g1n374va28l
    [2011/04/19 21:14:33 | 000,013,302 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\74naa86484b4h4547ab5g2x7g1n374va28l
    [2011/04/19 20:35:06 | 000,014,974 | -HS- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\b684au650dp60j3dm0h778613303jr1au0v087g42ip5
    [2011/04/19 20:35:06 | 000,014,974 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\b684au650dp60j3dm0h778613303jr1au0v087g42ip5
    [2011/04/16 18:19:40 | 000,014,008 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\y26fl6u3dlvqhk4y3xi2gf658qow21ch7426l1f62q7
    [2011/04/16 18:19:39 | 000,014,008 | -HS- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\y26fl6u3dlvqhk4y3xi2gf658qow21ch7426l1f62q7
    :Files
    ipconfig /flushdns /c 
    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp] 
    [EMPTYFLASH] 
    [CREATERESTOREPOINT] 
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


eddie
janonjalay's Avatar
janonjalay janonjalay is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Apr 2011
Experience: Intermediate
11-May-2011, 03:07 PM #13
OTL logfile created on: 5/11/2011 1:58:30 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Andrea Lamb\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 210.00 Mb Available Physical Memory | 41.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.03 Gb Total Space | 16.30 Gb Free Space | 67.83% Space Free | Partition Type: NTFS

Computer Name: LAMBS-KORNER | User Name: Andrea Lamb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/03 20:16:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
PRC - [2011/04/20 10:57:04 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/27 10:13:23 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2600 Series\ezprint.exe
PRC - [2008/03/27 10:13:18 | 000,660,136 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
PRC - [2008/02/27 18:07:26 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdncoms.exe
PRC - [2002/12/17 15:28:00 | 000,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe


========== Modules (SafeList) ==========

MOD - [2011/05/03 20:16:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2008/02/27 18:07:26 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2008/02/27 18:07:14 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)


========== Driver Services (SafeList) ==========

DRV - [2011/04/19 20:53:05 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/02/17 08:18:24 | 000,455,936 | ---- | M] () [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/03/04 20:10:50 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2009/03/04 20:10:50 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2009/03/04 20:10:50 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2009/03/04 20:10:50 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2007/06/06 13:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/03/16 20:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/10/29 10:16:56 | 000,087,936 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2006/10/29 10:12:16 | 003,298,432 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/05/03 17:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 17:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 17:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 10:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/01/11 15:18:22 | 000,800,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/12/17 15:32:58 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2002/12/17 15:32:46 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2002/12/17 15:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.microsoft.com/isapi/redir...r=6&ar=msnhome"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/29 01:42:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/04 21:59:46 | 000,000,000 | ---D | M]

[2010/08/29 01:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Extensions
[2010/08/29 01:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\extensions
[2010/12/12 13:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/04 21:59:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/09/04 21:59:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/04 21:59:23 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/11 13:52:21 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1282894705203 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofil...SystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.7.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/04 19:33:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/11 13:52:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/11 13:52:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/08 13:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/08 09:08:44 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/05/07 17:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\PCHealth
[2011/05/07 17:16:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/05/03 20:44:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/03 20:24:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
[2011/04/30 14:24:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/30 14:14:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/30 14:14:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/30 14:14:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/30 14:14:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/30 14:10:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/30 14:08:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/27 22:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea Lamb\Application Data\SUPERAntiSpyware.com
[2011/04/27 22:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/27 22:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/27 22:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/27 22:00:10 | 010,994,344 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Andrea Lamb\Desktop\SUPERAntiSpyware.exe
[2011/04/27 19:55:53 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\TFC.exe
[2011/04/19 20:41:35 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/04/16 21:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/16 21:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea Lamb\Start Menu\Programs\HiJackThis
[2011/04/16 20:25:10 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2011/04/16 19:41:03 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/04/13 22:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea Lamb\Application Data\Malwarebytes
[2011/04/13 22:39:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/13 22:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/13 22:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/13 22:37:51 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andrea Lamb\Desktop\mbam-setup.exe
[2011/04/13 08:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2011/04/13 08:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/04/13 07:15:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrea Lamb\Start Menu\Programs\Administrative Tools
[2011/04/12 22:01:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrea Lamb\Recent
[2010/08/28 13:12:00 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll
[2010/08/28 13:12:00 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll
[2010/08/28 13:12:00 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
[2010/08/28 13:11:59 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
[2010/08/28 13:11:59 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
[2010/08/28 13:11:59 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
[2010/08/28 13:11:59 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll
[2010/08/28 13:11:58 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
[2010/08/28 13:11:58 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
[2010/08/28 13:11:58 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnih.exe
[2010/08/28 13:11:57 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoms.exe
[2010/08/28 13:11:57 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
[2010/08/28 13:11:56 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
[2010/08/28 13:11:56 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncfg.exe

========== Files - Modified Within 30 Days ==========

[2011/05/11 13:56:28 | 000,012,688 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/11 13:54:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/11 13:53:30 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011/05/11 13:52:21 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/09 03:18:05 | 000,110,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/07 18:18:28 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/03 20:16:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
[2011/04/30 14:24:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/30 14:01:09 | 004,333,869 | R--- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\andrea123.exe
[2011/04/28 10:14:58 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\HiJackThis.lnk
[2011/04/27 22:01:58 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/27 22:00:09 | 010,994,344 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Andrea Lamb\Desktop\SUPERAntiSpyware.exe
[2011/04/27 19:55:58 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\TFC.exe
[2011/04/19 23:10:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/19 20:53:05 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/19 20:41:35 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/04/17 14:03:33 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\juroepdq.exe
[2011/04/17 13:57:48 | 000,003,325 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\Attach.zip
[2011/04/16 19:32:08 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\housecall.guid.cache
[2011/04/16 19:26:08 | 000,007,052 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/04/16 18:41:14 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\dds.com
[2011/04/16 18:40:15 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\HijackThis.msi
[2011/04/16 18:21:47 | 000,001,504 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/04/14 16:28:22 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\Shortcut to Application Data.lnk
[2011/04/13 22:39:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 22:37:51 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andrea Lamb\Desktop\mbam-setup.exe
[2011/04/13 08:13:38 | 001,376,832 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\sar_15_sfx.exe

========== Files Created - No Company Name ==========

[2011/04/30 14:24:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/30 14:24:22 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/30 14:14:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/30 14:14:48 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/30 14:14:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/30 14:14:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/30 14:14:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/30 14:01:09 | 004,333,869 | R--- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\andrea123.exe
[2011/04/27 22:01:58 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/17 14:03:28 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\juroepdq.exe
[2011/04/17 13:57:48 | 000,003,325 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\Attach.zip
[2011/04/16 21:55:08 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\HiJackThis.lnk
[2011/04/16 19:32:08 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\housecall.guid.cache
[2011/04/16 19:19:19 | 000,007,052 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/04/16 18:41:06 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\dds.com
[2011/04/16 18:40:15 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\HijackThis.msi
[2011/04/16 18:21:47 | 000,001,504 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/04/14 16:28:22 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\Shortcut to Application Data.lnk
[2011/04/13 22:39:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 08:13:38 | 001,376,832 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\sar_15_sfx.exe
[2011/04/11 00:18:36 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18407220r
[2011/04/11 00:18:35 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18407220
[2011/04/11 00:18:27 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18407220
[2011/03/26 23:41:34 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/19 21:38:21 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/29 19:35:35 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/29 19:35:35 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/29 04:44:39 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/29 01:42:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/28 13:13:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
[2010/08/28 13:13:08 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdncoin.dll
[2010/08/28 13:12:36 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
[2010/08/28 13:12:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
[2010/08/28 13:12:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
[2010/08/28 13:12:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdnrwrd.ini
[2010/08/28 13:12:00 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll
[2010/08/28 13:11:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
[2010/08/27 02:34:49 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/08/27 02:34:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/08/27 02:34:46 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/08/26 01:10:29 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2010/08/25 23:36:20 | 000,455,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2010/08/25 23:34:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2010/08/25 23:34:10 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/08/25 23:34:08 | 000,432,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/25 23:34:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010/08/25 23:34:08 | 000,067,714 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/25 23:34:08 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010/08/25 23:34:07 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010/08/25 23:34:07 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2010/08/25 23:34:04 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010/08/25 23:34:01 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2010/08/25 23:33:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010/08/25 23:33:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2010/08/25 23:33:37 | 000,110,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/25 23:33:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/25 23:33:33 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010/08/25 23:33:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2010/08/25 23:29:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/25 23:29:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/25 23:29:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

========== LOP Check ==========

[2011/03/26 23:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/02/19 21:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/09/01 18:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrea Lamb\Application Data\OpenOffice.org
[2011/02/19 21:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrea Lamb\Application Data\Research In Motion

========== Purity Check ==========


< End of report >
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,286 posts.
 
Join Date: Mar 2001
Location: Bradford, England
16-May-2011, 05:46 PM #14
Just to let you know, I'm on holiday on may 20th until May 27th, but will do what I can until then


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8CFCF42C-1C64-47D6-AEEC-F9D001832ED3}
    :dir /s
    C:\81e5deaae2f83a2663a5
    C:\Documents and Settings\All Users\Application Data\~18407220r
    C:\Documents and Settings\All Users\Application Data\~18407220
    C:\Documents and Settings\All Users\Application Data\18407220
    :file
    C:\Documents and Settings\All Users\Application Data\~18407220r
    C:\Documents and Settings\All Users\Application Data\~18407220
    C:\Documents and Settings\All Users\Application Data\18407220
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

eddie
janonjalay's Avatar
janonjalay janonjalay is offline
Computer Specs
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Apr 2011
Experience: Intermediate
18-May-2011, 05:08 AM #15
SystemLook 04.09.10 by jpshortstuff
Log created at 04:06 on 18/05/2011 by Andrea Lamb
Administrator - Elevation successful
========== reg ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8CFCF42C-1C64-47D6-AEEC-F9D001832ED3}]
"SystemComponent"= 0x0000000000 (0)
"Installer"="MSICD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8CFCF42C-1C64-47D6-AEEC-F9D001832ED3}\Contains]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8CFCF42C-1C64-47D6-AEEC-F9D001832ED3}\DownloadInformation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8CFCF42C-1C64-47D6-AEEC-F9D001832ED3}\InstalledVersion]

Invalid Context: dir /s
No Context: C:\81e5deaae2f83a2663a5
No Context: C:\Documents and Settings\All Users\Application Data\~18407220r
No Context: C:\Documents and Settings\All Users\Application Data\~18407220
No Context: C:\Documents and Settings\All Users\Application Data\18407220
========== file ==========
C:\Documents and Settings\All Users\Application Data\~18407220r - File found and opened.
MD5: 560C73632B53210B7CA195E12DBF8D6D
Created at 05:18 on 11/04/2011
Modified at 05:18 on 11/04/2011
Size: 136 bytes
Attributes: --a----
No version information available.
C:\Documents and Settings\All Users\Application Data\~18407220 - File found and opened.
MD5: 32B1093F122A12615288BAE015843902
Created at 05:18 on 11/04/2011
Modified at 05:18 on 11/04/2011
Size: 104 bytes
Attributes: --a----
No version information available.
C:\Documents and Settings\All Users\Application Data\18407220 - File found and opened.
MD5: BA8923C8AB2C71B97C86EFB08774E00D
Created at 05:18 on 11/04/2011
Modified at 05:18 on 11/04/2011
Size: 336 bytes
Attributes: --a----
No version information available.
-= EOF =-
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑