1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

A virus has disabled my Anti-virus

Discussion in 'Virus & Other Malware Removal' started by pacpie, Apr 17, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. pacpie

    pacpie Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    7
    Below is my log from hijack this. I have a Dell Inspiron E1505 laptop that runs Windows XP. It is running really slow now. After every restart, there's a message from my anti-virus that says "Autoprotect has been disabled" and I use symantec as my anti-virus. I'm assuming a virus has caused this. This has been going on for a while. I've seen a problem similar to this on this forum in the past and I'm hoping it's the same procedure to fix it.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:35:46 AM, on 4/17/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\FinePixViewer\QuickDCF2.exe
    C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {8158acf6-1f0e-40ed-8503-b9233a0760ed} - C:\WINDOWS\system32\yakubaho.dll (file missing)
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [CPM0b0ee028] Rundll32.exe "c:\windows\system32\gilimedo.dll",a
    O4 - HKLM\..\Run: [maluwohibe] Rundll32.exe "C:\WINDOWS\system32\hiyubigi.dll",s
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [maluwohibe] Rundll32.exe "C:\WINDOWS\system32\hiyubigi.dll",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [maluwohibe] Rundll32.exe "C:\WINDOWS\system32\hiyubigi.dll",s (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: ExifLauncher2.lnk = ?
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - AppInit_DLLs: c:\windows\system32\larayuka.dll c:\windows\system32\kofemube.dll C:\WINDOWS\system32\kusavapu.dll c:\windows\system32\vubuwiwu.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
     
  2. pacpie

    pacpie Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    7
    anybody?? My laptop is still running dirt slow and I need some help. Any feedback would be appreciated.
     
  3. SweetTech

    SweetTech

    Joined:
    Dec 31, 1969
    Messages:
    1,016
    Hello and welcome to the forums! My name is SweetTech, it's a pleasure to meet you. :)

    I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

    If you have already received help elsewhere please inform me so that this topic can be closed.

    If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

    • Logs from malware removal programs (DDS is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
    • Please make sure to carefully read any instruction that I give you.
      Reading too lightly will cause you to miss important steps, which could have destructive effects.
    • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
    • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
    • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
    • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
    • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
    • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
      Because of this, you must reply within three days
      failure to reply will result in the topic being closed!
    • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message on here. ;)
    • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
      Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

    ____________________________________________________


    OTL Custom Scan

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      netsvcs
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\drivers\*.sys /180
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
      • You may need two posts to fit them both in.



    NEXT:



    Scanning with GMER

    Please download GMER from one of the following locations and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zipped Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.


    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
    • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
    • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

      [​IMG]
    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
    -- If you encounter any problems, try running GMER in safe mode.
    -- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
    .


    NEXT:



    Please make sure you include the following items in your next post:
    1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
    2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)
    3. The log that was produced after running GMER
    4. An update on how your computer is currently running.​
    It would be helpful if you could answer each question in the order asked, as well as numbering your answers.
     
  4. pacpie

    pacpie Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    7
    Here is the OTL.txt file:

    OTL logfile created on: 5/23/2010 11:40:37 AM - Run 1
    OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Amanda\My Documents\Downloads
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    502.00 Mb Total Physical Memory | 151.00 Mb Available Physical Memory | 30.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 38.74 Gb Total Space | 17.92 Gb Free Space | 46.27% Space Free | Partition Type: NTFS
    Drive D: | 12.55 Gb Total Space | 12.48 Gb Free Space | 99.49% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: DDCC0MB1
    Current User Name: Amanda
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Amanda\My Documents\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
    PRC - C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
    PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
    PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
    PRC - C:\Program Files\Symantec AntiVirus\DWHWizrd.exe (Symantec Corporation)
    PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
    PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
    PRC - C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
    PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
    PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
    PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
    PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
    PRC - C:\Program Files\NetWaiting\netwaiting.exe ()


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Amanda\My Documents\Downloads\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
    SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
    SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
    SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
    SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
    SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
    SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
    SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
    SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
    SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
    SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
    SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100521.002\NAVEX15.SYS (Symantec Corporation)
    DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100521.002\NAVENG.SYS (Symantec Corporation)
    DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
    DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
    DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
    DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
    DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
    DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
    DRV - (ASCTRM) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
    DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
    DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
    DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
    DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
    DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
    DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
    DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
    DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
    DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
    DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
    DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
    DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
    DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
    DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
    DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
    DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
    DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
    DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
    DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
    DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
    DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
    DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
    DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
    DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
    DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
    DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
    DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
    DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
    DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
    DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
    DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
    DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
    DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
    DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
    DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
    DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
    DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
    DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
    DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
    DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
    DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
    DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..keyword.URL: "http://urlseek.vmn.net/search.php?lg=fr&mkt=fr&type=dns&tbn=vmntoolbar&tbo=toolbar__2evmn__2enet__2ffr__2foptions__2ephp&q="
    FF - prefs.js..network.proxy.type: 4

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 19:08:36 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 19:08:36 | 000,000,000 | ---D | M]

    [2008/12/06 16:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\Mozilla\Extensions
    [2010/05/18 09:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\h3gug9bg.default\extensions
    [2009/01/24 23:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\h3gug9bg.default\extensions\[email protected]
    [2010/01/13 10:02:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (no name) - {8158acf6-1f0e-40ed-8503-b9233a0760ed} - C:\WINDOWS\System32\yakubaho.dll File not found
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [CPM0b0ee028] C:\WINDOWS\System32\gilimedo.DLL File not found
    O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [maluwohibe] C:\WINDOWS\System32\hiyubigi.DLL File not found
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
    O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
    O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
    O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab (DLM Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
    O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Java Plug-in 1.5.0_08)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O20 - AppInit_DLLs: (c:\windows\system32\larayuka.dll) - C:\WINDOWS\System32\larayuka.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\kofemube.dll) - C:\WINDOWS\System32\kofemube.dll File not found
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\kusavapu.dll) - C:\WINDOWS\System32\kusavapu.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\vubuwiwu.dll) - C:\WINDOWS\System32\vubuwiwu.dll File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Amanda\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Amanda\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{7a5ca6e1-13ab-11dc-ad95-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{7a5ca6e1-13ab-11dc-ad95-00038a000015}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{7a5ca6e1-13ab-11dc-ad95-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{c546bb7c-b00b-11db-ad32-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{c546bb7c-b00b-11db-ad32-00038a000015}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{c546bb7c-b00b-11db-ad32-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 13:52:56 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16620634377289728)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/05/08 23:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle

    ========== Files - Modified Within 30 Days ==========

    [2010/05/23 11:30:35 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-810328663-4024632713-2062420923-1006UA.job
    [2010/05/22 08:08:07 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2010/05/22 08:08:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
    [2010/05/22 00:45:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2010/05/22 00:37:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
    [2010/05/21 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
    [2010/05/21 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
    [2010/05/21 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
    [2010/05/21 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
    [2010/05/21 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
    [2010/05/21 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
    [2010/05/19 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
    [2010/05/19 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
    [2010/05/19 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
    [2010/05/19 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
    [2010/05/19 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
    [2010/05/19 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
    [2010/05/19 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
    [2010/05/19 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
    [2010/05/19 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
    [2010/05/19 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
    [2010/05/19 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
    [2010/05/19 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
    [2010/05/19 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
    [2010/05/19 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
    [2010/05/18 09:05:29 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/05/18 09:02:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/05/18 09:01:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/05/18 09:01:39 | 526,843,904 | -HS- | M] () -- C:\hiberfil.sys
    [2010/05/17 23:31:16 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Amanda\NTUSER.DAT
    [2010/05/17 23:30:35 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Amanda\ntuser.ini
    [2010/05/17 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
    [2010/05/17 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
    [2010/05/17 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
    [2010/05/17 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
    [2010/05/17 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
    [2010/05/17 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
    [2010/05/17 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
    [2010/05/17 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
    [2010/05/17 18:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
    [2010/05/17 18:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
    [2010/05/17 17:29:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-810328663-4024632713-2062420923-1006Core.job
    [2010/05/17 17:20:45 | 000,004,704 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2010/05/17 17:20:19 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\B6BC575F1B.sys
    [2010/05/16 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
    [2010/05/16 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [2010/05/05 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
    [2010/05/05 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
    [2010/04/29 21:32:16 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\Google Chrome.lnk
    [2010/04/24 11:50:00 | 000,118,058 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\7day.JPG

    ========== Files Created - No Company Name ==========

    [2009/10/14 18:31:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2009/09/28 20:22:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acehtml6.ini
    [2008/11/29 21:47:59 | 000,000,120 | -HS- | C] () -- C:\WINDOWS\System32\unuritiv.ini
    [2008/11/28 01:37:14 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2008/09/13 12:46:33 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\1B5F57BCB6.sys
    [2008/03/04 19:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
    [2007/12/27 08:14:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\PosTickerLib.dll
    [2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
    [2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
    [2007/05/13 20:58:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
    [2007/01/24 12:37:57 | 000,000,377 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
    [2006/08/28 20:26:45 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2006/08/18 22:17:41 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2006/08/18 22:17:41 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\B6BC575F1B.sys
    [2006/08/18 13:17:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
    [2006/08/11 03:25:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/08/11 03:11:40 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
    [2006/08/11 03:07:35 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/08/11 02:35:54 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
    [2006/08/11 02:35:43 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2006/08/11 02:35:38 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2006/08/11 02:34:13 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/09/23 08:52:14 | 000,207,872 | ---- | C] () -- C:\WINDOWS\System32\OneWay.dll
    [2005/04/09 11:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2002/06/02 11:05:40 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\1Way.dll

    ========== LOP Check ==========

    [2007/02/27 01:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2008/12/06 21:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\Aim
    [2008/01/02 20:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\FUJIFILM
    [2009/02/16 04:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\uTorrent
    [2007/01/11 16:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\Viewpoint
    [2010/05/22 00:45:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
    [2010/05/19 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
    [2010/05/21 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
    [2010/05/21 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
    [2010/05/19 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
    [2010/05/19 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
    [2010/05/19 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
    [2010/05/19 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
    [2010/05/19 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
    [2010/05/21 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
    [2010/05/17 18:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
    [2010/05/16 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
    [2010/05/17 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
    [2010/05/17 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
    [2010/05/17 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
    [2010/05/17 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
    [2010/05/19 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
    [2010/05/22 00:37:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
    [2010/05/16 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
    [2010/05/22 08:08:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
    [2009/10/16 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
    [2009/10/16 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
    [2010/05/22 08:08:07 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
    [2010/05/05 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
    [2009/10/16 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
    [2010/02/04 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
    [2010/04/08 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
    [2010/05/19 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
    [2010/05/21 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
    [2010/05/21 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
    [2010/05/19 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
    [2010/05/19 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
    [2010/05/19 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
    [2009/10/16 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
    [2010/05/19 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
    [2010/05/19 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
    [2010/05/21 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
    [2010/05/17 18:00:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
    [2010/05/17 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
    [2010/05/17 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
    [2010/05/17 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
    [2010/05/17 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
    [2010/05/19 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
    [2009/10/16 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
    [2010/05/05 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
    [2009/10/16 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
    [2010/02/04 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
    [2010/04/08 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
    [2010/05/18 09:05:29 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/11/10 02:03:16 | 000,000,365 | ---- | M] () -- C:\aaw7boot.log
    [2006/11/21 22:09:52 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
    [2006/11/21 22:09:52 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
    [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2006/08/17 17:07:34 | 000,000,211 | RHS- | M] () -- C:\boot.ini
    [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2006/08/11 02:41:56 | 000,005,929 | RH-- | M] () -- C:\dell.sdr
    [2010/05/18 09:01:39 | 526,843,904 | -HS- | M] () -- C:\hiberfil.sys
    [2006/08/18 13:25:20 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2006/08/11 02:56:06 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/05/18 09:01:25 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
    [2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
    [2006/08/11 03:07:31 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
    [2008/04/28 15:51:23 | 000,088,255 | ---- | M] () -- C:\VETlog.dmp
    [2008/04/28 15:51:23 | 000,036,405 | ---- | M] () -- C:\VETlog.txt

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2004/08/10 13:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/10 13:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/10 13:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\drivers\*.sys /180 >
    < End of report >


    Here is the Extras.Txt file:

    OTL Extras logfile created on: 5/23/2010 11:40:37 AM - Run 1
    OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Amanda\My Documents\Downloads
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    502.00 Mb Total Physical Memory | 151.00 Mb Available Physical Memory | 30.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 38.74 Gb Total Space | 17.92 Gb Free Space | 46.27% Space Free | Partition Type: NTFS
    Drive D: | 12.55 Gb Total Space | 12.48 Gb Free Space | 99.49% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: DDCC0MB1
    Current User Name: Amanda
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation.)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 1
    "FirewallDisableNotify" = 1
    "UpdatesDisableNotify" = 1
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\S24L1113.exe" = C:\WINDOWS\system32\S24L1113.exe:*:Enabled:S24L1113 -- File not found
    "C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- File not found
    "C:\Program Files\Viewpoint\Common\ViewpointService.exe" = C:\Program Files\Viewpoint\Common\ViewpointService.exe:*:Enabled:ViewpointService -- (Viewpoint Corporation)
    "C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe" = C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe:*:Enabled:ITMRTSVC -- File not found
    "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
    "{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
    "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{19700927-105D-3812-8548-53EDA3F5A22D}" = Microsoft Visual Web Developer 2008 Express Edition - ENU
    "{2085C617-589C-40F8-BE40-EDBC9E2CA2EB}" = Symantec AntiVirus
    "{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.3
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
    "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
    "{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{32A3A4F4-B792-11D6-A78A-00B0D0160130}" = Java(TM) SE Development Kit 6 Update 13
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
    "{3C7EEEC3-464F-3FE9-8795-3CC8B4EAD82A}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Web
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
    "{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC
    "{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
    "{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
    "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
    "{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC
    "{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
    "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
    "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
    "{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
    "{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
    "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
    "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Camera Access Library
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
    "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
    "{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
    "{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
    "{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
    "{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
    "{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP 12
    "{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
    "{B093990A-AAF2-44AC-9216-14BB7A2189B6}" = ImageMixer VCD2 LE for FinePix
    "{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
    "{B147DC1B-49B3-4368-8A01-5AD9992CD58D}" = MovieEdit Task
    "{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
    "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
    "{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
    "{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
    "{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
    "{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
    "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
    "{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
    "AceHTML Freeware" = AceHTML Freeware
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
    "CCleaner" = CCleaner (remove only)
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "Dell Game Console" = Dell Game Console
    "HijackThis" = HijackThis 2.0.2
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
    "InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
    "InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Canon Camera Window MC 6 for ZoomBrowser EX
    "InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
    "InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Canon Camera Access Library
    "InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
    "InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
    "InstallShield_{B147DC1B-49B3-4368-8A01-5AD9992CD58D}" = Canon MovieEdit Task for ZoomBrowser EX
    "InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
    "Lexmark Z600 Series" = Lexmark Z600 Series
    "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
    "Microsoft Visual Web Developer 2008 Express Edition - ENU" = Microsoft Visual Web Developer 2008 Express Edition - ENU
    "Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
    "mtn5250" = Mocha W32 TN5250 -- software from MochaSoft
    "Photo Pos Pro" = Photo Pos Pro
    "PhotoScape" = PhotoScape
    "PokerStars" = PokerStars
    "PokerStars.net" = PokerStars.net
    "QuickTime" = QuickTime
    "RealPlayer 6.0" = RealPlayer Basic
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "Sweepi_is1" = Sweepi 5.4.00
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Veetle TV" = Veetle TV 0.9.17
    "Viewpoint Manager" = Viewpoint Manager (Remove Only)
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
    "WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
    "WIC" = Windows Imaging Component
    "WildTangent CDA" = WildTangent Web Driver
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/19/2009 9:26:34 PM | Computer Name = DDCC0MB1 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 11/21/2009 6:35:34 PM | Computer Name = DDCC0MB1 | Source = Application Error | ID = 1000
    Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
    ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

    Error - 12/9/2009 9:19:43 AM | Computer Name = DDCC0MB1 | Source = Google Update | ID = 20
    Description =

    Error - 12/17/2009 9:34:31 PM | Computer Name = DDCC0MB1 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 12/17/2009 9:34:31 PM | Computer Name = DDCC0MB1 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 12/17/2009 9:34:42 PM | Computer Name = DDCC0MB1 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: An internal certificate chaining error has occurred.

    Error - 2/20/2010 11:17:49 PM | Computer Name = DDCC0MB1 | Source = Google Update | ID = 20
    Description =

    Error - 4/3/2010 11:10:03 PM | Computer Name = DDCC0MB1 | Source = Application Hang | ID = 1002
    Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 4/3/2010 11:10:05 PM | Computer Name = DDCC0MB1 | Source = Application Hang | ID = 1002
    Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 5/5/2010 8:14:14 PM | Computer Name = DDCC0MB1 | Source = Google Update | ID = 20
    Description =

    [ Application Events ]
    Error - 11/19/2009 9:26:34 PM | Computer Name = DDCC0MB1 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 11/21/2009 6:35:34 PM | Computer Name = DDCC0MB1 | Source = Application Error | ID = 1000
    Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
    ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

    Error - 12/9/2009 9:19:43 AM | Computer Name = DDCC0MB1 | Source = Google Update | ID = 20
    Description =

    Error - 12/17/2009 9:34:31 PM | Computer Name = DDCC0MB1 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 12/17/2009 9:34:31 PM | Computer Name = DDCC0MB1 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 12/17/2009 9:34:42 PM | Computer Name = DDCC0MB1 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: An internal certificate chaining error has occurred.

    Error - 2/20/2010 11:17:49 PM | Computer Name = DDCC0MB1 | Source = Google Update | ID = 20
    Description =

    Error - 4/3/2010 11:10:03 PM | Computer Name = DDCC0MB1 | Source = Application Hang | ID = 1002
    Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 4/3/2010 11:10:05 PM | Computer Name = DDCC0MB1 | Source = Application Hang | ID = 1002
    Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 5/5/2010 8:14:14 PM | Computer Name = DDCC0MB1 | Source = Google Update | ID = 20
    Description =

    [ System Events ]
    Error - 5/21/2010 5:00:00 PM | Computer Name = DDCC0MB1 | Source = Schedule | ID = 7901
    Description = The At18.job command failed to start due to the following error: %%2147942402

    Error - 5/21/2010 5:00:00 PM | Computer Name = DDCC0MB1 | Source = Schedule | ID = 7901
    Description = The At42.job command failed to start due to the following error: %%2147942402

    Error - 5/22/2010 12:37:04 AM | Computer Name = DDCC0MB1 | Source = Schedule | ID = 7901
    Description = The At25.job command failed to start due to the following error: %%2147942402

    Error - 5/22/2010 12:45:04 AM | Computer Name = DDCC0MB1 | Source = Schedule | ID = 7901
    Description = The At1.job command failed to start due to the following error: %%2147942402

    Error - 5/22/2010 1:48:42 AM | Computer Name = DDCC0MB1 | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the stisvc service.

    Error - 5/22/2010 1:49:06 AM | Computer Name = DDCC0MB1 | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the stisvc service.

    Error - 5/22/2010 1:49:36 AM | Computer Name = DDCC0MB1 | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the stisvc service.

    Error - 5/22/2010 8:08:05 AM | Computer Name = DDCC0MB1 | Source = Schedule | ID = 7901
    Description = The At27.job command failed to start due to the following error: %%2147942402

    Error - 5/22/2010 8:08:08 AM | Computer Name = DDCC0MB1 | Source = Schedule | ID = 7901
    Description = The At3.job command failed to start due to the following error: %%2147942402

    Error - 5/23/2010 11:02:31 AM | Computer Name = DDCC0MB1 | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.1.101 on
    the Network Card with network address 0016CF1CE2F6.


    < End of report >

    Here is the GMER file:

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-05-23 18:17:54
    Windows 5.1.2600 Service Pack 2
    Running: 4ixe6pz3.exe; Driver: C:\DOCUME~1\Amanda\LOCALS~1\Temp\fgloapog.sys


    ---- System - GMER 1.0.15 ----

    SSDT 82AFEEB0 ZwAlertResumeThread
    SSDT 82B248B0 ZwAlertThread
    SSDT 8293A2F0 ZwAllocateVirtualMemory
    SSDT 82858300 ZwConnectPort
    SSDT 82B3A220 ZwCreateMutant
    SSDT 82B3BB10 ZwCreateThread
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA605C350]
    SSDT 82832130 ZwFreeVirtualMemory
    SSDT 82B27F88 ZwImpersonateAnonymousToken
    SSDT 82B31428 ZwImpersonateThread
    SSDT 82984B08 ZwMapViewOfSection
    SSDT 82B36A60 ZwOpenEvent
    SSDT 82A58370 ZwOpenProcessToken
    SSDT 82B6E3A0 ZwOpenThreadToken
    SSDT 82B33470 ZwQueryValueKey
    SSDT 827CC830 ZwResumeThread
    SSDT 82B6D9E0 ZwSetContextThread
    SSDT 82B6B7A8 ZwSetInformationProcess
    SSDT 82B27D38 ZwSetInformationThread
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA605C580]
    SSDT 82B38BB0 ZwSuspendProcess
    SSDT 82B23B00 ZwSuspendThread
    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA5D280B0]
    SSDT 82B27A28 ZwTerminateThread
    SSDT 82BCEB18 ZwUnmapViewOfSection
    SSDT 827F6168 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    ? System32\Drivers\hiber_WMILIB.SYS The system cannot find the path specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F29C
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F330
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F4BD
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[488] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F29C
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F330
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F4BD
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[656] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F29C
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F330
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F4BD
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 15, 00]
    .text C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    Device A38CFC8A

    AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

    ---- EOF - GMER 1.0.15 ----
     
  5. SweetTech

    SweetTech

    Joined:
    Dec 31, 1969
    Messages:
    1,016
    Hello,

    OTL Fix

    We need to run an OTL Fix

    1. Please reopen [​IMG] on your desktop.
    2. Copy and Paste the following code into the [​IMG] textbox. Do not include the word "Code"

      Code:
      :Services
      :OTL
      O2 - BHO: (no name) - {8158acf6-1f0e-40ed-8503-b9233a0760ed} - C:\WINDOWS\System32\yakubaho.dll File not found
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      O4 - HKLM..\Run: [CPM0b0ee028] C:\WINDOWS\System32\gilimedo.DLL File not found
      O4 - HKLM..\Run: [maluwohibe] C:\WINDOWS\System32\hiyubigi.DLL File not found
      O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
      O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
      O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O20 - AppInit_DLLs: (c:\windows\system32\larayuka.dll) - C:\WINDOWS\System32\larayuka.dll File not found
      O20 - AppInit_DLLs: (c:\windows\system32\kofemube.dll) - C:\WINDOWS\System32\kofemube.dll File not found
      O20 - AppInit_DLLs: (C:\WINDOWS\system32\kusavapu.dll) - C:\WINDOWS\System32\kusavapu.dll File not found
      O20 - AppInit_DLLs: (c:\windows\system32\vubuwiwu.dll) - C:\WINDOWS\System32\vubuwiwu.dll File not found
      O33 - MountPoints2\{7a5ca6e1-13ab-11dc-ad95-00038a000015}\Shell - "" = AutoRun
      O33 - MountPoints2\{7a5ca6e1-13ab-11dc-ad95-00038a000015}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{7a5ca6e1-13ab-11dc-ad95-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
      O33 - MountPoints2\{c546bb7c-b00b-11db-ad32-00038a000015}\Shell - "" = AutoRun
      O33 - MountPoints2\{c546bb7c-b00b-11db-ad32-00038a000015}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{c546bb7c-b00b-11db-ad32-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
      [2008/11/29 21:47:59 | 000,000,120 | -HS- | C] () -- C:\WINDOWS\System32\unuritiv.ini
      [2008/09/13 12:46:33 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\1B5F57BCB6.sys
      
      :Reg
      
      :Files
      C:\WINDOWS\tasks\At*.job
      :Commands
      [purity]
      [emptytemp]
      [EMPTYFLASH]
      [start explorer]
      [Reboot]
    3. Push [​IMG]
    4. OTL may ask to reboot the machine. Please do so if asked.
    5. Click [​IMG].
    6. A report will open. Copy and Paste that report in your next reply.
    7. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.



    NEXT:



    Running ComboFix
    Download ComboFix from one of the following locations:
    Link 1
    Link 2

    VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

    * IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    • Double click on ComboFix.exe & follow the prompts.

    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]


    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    [​IMG]


    • Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

    Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now



    NEXT:



    Please make sure you include the following items in your next post:
    1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
    2. The log that is produced after running the OTL fix.
    3. The log that is produced after running the ComboFix script.
    4. An update on how your computer is currently running.​
    It would be helpful if you could answer each question in the order asked, as well as numbering your answers.
     
  6. pacpie

    pacpie Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    7
    Here is the log that followed the OTL fix:

    All processes killed
    ========== SERVICES/DRIVERS ==========
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8158acf6-1f0e-40ed-8503-b9233a0760ed}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8158acf6-1f0e-40ed-8503-b9233a0760ed}\ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CPM0b0ee028 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\maluwohibe deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\musicmatch.com\online\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\larayuka.dll deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\kofemube.dll deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\kusavapu.dll deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\vubuwiwu.dll deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a5ca6e1-13ab-11dc-ad95-00038a000015}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a5ca6e1-13ab-11dc-ad95-00038a000015}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a5ca6e1-13ab-11dc-ad95-00038a000015}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a5ca6e1-13ab-11dc-ad95-00038a000015}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a5ca6e1-13ab-11dc-ad95-00038a000015}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a5ca6e1-13ab-11dc-ad95-00038a000015}\ not found.
    File F:\LaunchU3.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c546bb7c-b00b-11db-ad32-00038a000015}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c546bb7c-b00b-11db-ad32-00038a000015}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c546bb7c-b00b-11db-ad32-00038a000015}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c546bb7c-b00b-11db-ad32-00038a000015}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c546bb7c-b00b-11db-ad32-00038a000015}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c546bb7c-b00b-11db-ad32-00038a000015}\ not found.
    File F:\LaunchU3.exe not found.
    C:\WINDOWS\system32\unuritiv.ini moved successfully.
    C:\WINDOWS\system32\1B5F57BCB6.sys moved successfully.
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\WINDOWS\tasks\At1.job moved successfully.
    C:\WINDOWS\tasks\At10.job moved successfully.
    C:\WINDOWS\tasks\At11.job moved successfully.
    C:\WINDOWS\tasks\At12.job moved successfully.
    C:\WINDOWS\tasks\At13.job moved successfully.
    C:\WINDOWS\tasks\At14.job moved successfully.
    C:\WINDOWS\tasks\At15.job moved successfully.
    C:\WINDOWS\tasks\At16.job moved successfully.
    C:\WINDOWS\tasks\At17.job moved successfully.
    C:\WINDOWS\tasks\At18.job moved successfully.
    C:\WINDOWS\tasks\At19.job moved successfully.
    C:\WINDOWS\tasks\At2.job moved successfully.
    C:\WINDOWS\tasks\At20.job moved successfully.
    C:\WINDOWS\tasks\At21.job moved successfully.
    C:\WINDOWS\tasks\At22.job moved successfully.
    C:\WINDOWS\tasks\At23.job moved successfully.
    C:\WINDOWS\tasks\At24.job moved successfully.
    C:\WINDOWS\tasks\At25.job moved successfully.
    C:\WINDOWS\tasks\At26.job moved successfully.
    C:\WINDOWS\tasks\At27.job moved successfully.
    C:\WINDOWS\tasks\At28.job moved successfully.
    C:\WINDOWS\tasks\At29.job moved successfully.
    C:\WINDOWS\tasks\At3.job moved successfully.
    C:\WINDOWS\tasks\At30.job moved successfully.
    C:\WINDOWS\tasks\At31.job moved successfully.
    C:\WINDOWS\tasks\At32.job moved successfully.
    C:\WINDOWS\tasks\At33.job moved successfully.
    C:\WINDOWS\tasks\At34.job moved successfully.
    C:\WINDOWS\tasks\At35.job moved successfully.
    C:\WINDOWS\tasks\At36.job moved successfully.
    C:\WINDOWS\tasks\At37.job moved successfully.
    C:\WINDOWS\tasks\At38.job moved successfully.
    C:\WINDOWS\tasks\At39.job moved successfully.
    C:\WINDOWS\tasks\At4.job moved successfully.
    C:\WINDOWS\tasks\At40.job moved successfully.
    C:\WINDOWS\tasks\At41.job moved successfully.
    C:\WINDOWS\tasks\At42.job moved successfully.
    C:\WINDOWS\tasks\At43.job moved successfully.
    C:\WINDOWS\tasks\At44.job moved successfully.
    C:\WINDOWS\tasks\At45.job moved successfully.
    C:\WINDOWS\tasks\At46.job moved successfully.
    C:\WINDOWS\tasks\At47.job moved successfully.
    C:\WINDOWS\tasks\At48.job moved successfully.
    C:\WINDOWS\tasks\At5.job moved successfully.
    C:\WINDOWS\tasks\At6.job moved successfully.
    C:\WINDOWS\tasks\At7.job moved successfully.
    C:\WINDOWS\tasks\At8.job moved successfully.
    C:\WINDOWS\tasks\At9.job moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Amanda
    ->Temp folder emptied: 218070218 bytes
    ->Temporary Internet Files folder emptied: 57259598 bytes
    ->Java cache emptied: 28560532 bytes
    ->FireFox cache emptied: 38848336 bytes
    ->Google Chrome cache emptied: 7530581 bytes
    ->Flash cache emptied: 2058863 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32768 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 21340789 bytes
    ->Flash cache emptied: 348 bytes

    User: NetworkService
    ->Temp folder emptied: 683502 bytes
    ->Temporary Internet Files folder emptied: 1849225 bytes

    User: Owner

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 226688115 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 3570877118 bytes

    Total Files Cleaned = 3,980.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Amanda
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    User: Owner

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.5.0 log created on 05232010_190046

    Files\Folders moved on Reboot...
    C:\WINDOWS\temp\T30DebugLogFile.txt moved successfully.
    File\Folder C:\WINDOWS\temp\TMP0000000C654DF1A489A084E5 not found!

    Registry entries deleted on Reboot...


    Here is the log produced after running the ComboFix Script:

    ComboFix 10-05-23.05 - Amanda 05/23/2010 19:49:55.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.150 [GMT -4:00]
    Running from: c:\documents and settings\Amanda\Desktop\ComboFix.exe
    AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\3GxTm6ST.exe.a_a
    c:\windows\system32\S24L1113.exe.a_a

    .
    ((((((((((((((((((((((((( Files Created from 2010-04-24 to 2010-05-24 )))))))))))))))))))))))))))))))
    .

    2010-05-23 23:00 . 2010-05-23 23:00 -------- d-----w- C:\_OTL
    2010-05-09 03:19 . 2010-05-09 03:20 -------- d-----w- c:\program files\Veetle

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-24 00:04 . 2009-10-14 02:36 -------- d-----w- c:\program files\Symantec AntiVirus
    2010-05-17 21:20 . 2006-08-19 02:17 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2010-05-17 21:20 . 2006-08-19 02:17 88 --sh--r- c:\windows\system32\B6BC575F1B.sys
    2010-05-17 17:47 . 2008-01-02 23:49 -------- d-----w- c:\program files\FinePixViewer
    2010-04-17 15:29 . 2010-04-17 15:29 -------- d-----w- c:\program files\Trend Micro
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-14 2000112]
    "Google Update"="c:\documents and settings\Amanda\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-20 135664]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
    "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-13 98304]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-11 24576]
    ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-1-2 303104]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe"=
    "c:\\WINDOWS\\system32\\spoolsv.exe"=

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 2:50 PM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/13/2009 11:16 PM 102448]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-810328663-4024632713-2062420923-1006Core.job
    - c:\documents and settings\Amanda\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-20 04:11]

    2010-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-810328663-4024632713-2062420923-1006UA.job
    - c:\documents and settings\Amanda\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-20 04:11]

    2010-05-24 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
    FF - ProfilePath - c:\documents and settings\Amanda\Application Data\Mozilla\Firefox\Profiles\h3gug9bg.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - prefs.js: keyword.URL - hxxp://urlseek.vmn.net/search.php?lg=fr&mkt=fr&type=dns&tbn=vmntoolbar&tbo=toolbar__2evmn__2enet__2ffr__2foptions__2ephp&q=
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\documents and settings\Amanda\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\documents and settings\Amanda\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
    FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
    FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin9.dll
    FF - plugin: c:\program files\Veetle\Player\npvlc.dll
    FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .
    - - - - ORPHANS REMOVED - - - -

    HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    AddRemove-AOLAntivirus - c:\program files\mcafee.com\antivirus\uninst.exe
    AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-23 20:12
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\windows\system32\wuauclt.exe.wusetup.879640.new 53472 bytes executable

    scan completed successfully
    hidden files: 1

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vsdatant]
    "ImagePath"="a"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1000)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll

    - - - - - - - > 'explorer.exe'(3932)
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Windows Defender\MsMpEng.exe
    c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
    c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\windows\system32\bgsvcgen.exe
    c:\program files\Symantec AntiVirus\DefWatch.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
    c:\program files\Symantec AntiVirus\Rtvscan.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\Viewpoint\Common\ViewpointService.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    c:\windows\stsystra.exe
    c:\documents and settings\Amanda\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    c:\program files\Symantec AntiVirus\DoScan.exe
    .
    **************************************************************************
    .
    Completion time: 2010-05-23 20:35:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-05-24 00:34

    Pre-Run: 22,839,214,080 bytes free
    Post-Run: 22,813,442,048 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - 70CA4F57A82D8EAB925851B3B72C96EC





    The only thing that happened that was a little strange was after a reboot (for the ComboFix, I believe) my laptop produced a black screen that said [XLDR] ATA ERROR and I had to hit CTR ALT DEL to reboot it. But everything was okay after that and it still produced the log fine.

    Edit: And I can't tell if my CPU is running any faster yet but as I was browsing the web I noticed it was still going pretty slow.
     
  7. SweetTech

    SweetTech

    Joined:
    Dec 31, 1969
    Messages:
    1,016
    Hello,

    ComboFix Script

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
    • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

    Copy/paste the text inside the Codebox below into notepad:

    Here's how to do that:
    Click Start > Run type Notepad click OK.
    This will open an empty notepad file:

    Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

    Code:
    KillAll::
    FireFox::
    FF - ProfilePath - c:\documents and settings\Amanda\Application Data\Mozilla\Firefox\Profiles\h3gug9bg.default\
    FF - prefs.js: keyword.URL - hxxp://urlseek.vmn.net/search.php?lg=fr&mkt=fr&type=dns&tbn=vmntoolbar&tbo=toolbar__2evmn__2enet__ 2ffr__2foptions__2ephp&q=
    FF - prefs.js: network.proxy.type - 4
    File::
    c:\windows\system32\wuauclt.exe.wusetup.879640.new
    
    Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

    Save this file to your desktop, Save this as "CFScript"


    Here's how to do that:

    1.Click File;
    2.Click Save As... Change the directory to your desktop;
    3.Change the Save as type to "All Files";
    4.Type in the file name: CFScript
    5.Click Save ...

    [​IMG]

    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you.
    • Copy and paste the contents of the log in your next reply.


    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



    NEXT:



    Scanning with MalwareBytes' Anti-Malware
    Please download Malwarebytes' Anti-Malware to your desktop.


    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



    NEXT:



    ESET Online Scanner
    I'd like us to scan your machine with ESET Online Scan

    Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.




    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the [​IMG] button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the [​IMG] icon on your desktop.
    4. Check [​IMG]
    5. Click the [​IMG] button.
    6. Accept any security warnings from your browser.
    7. Check [​IMG]
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push [​IMG]
    12. Push [​IMG], and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the [​IMG] button.
    14. Push [​IMG]



    NEXT:



    OTL Custom Scan

    We need to run an OTL Custom Scan

    1. Please reopen [​IMG] on your desktop.
    2. Copy and Paste the following bolded text into the [​IMG] textbox.

      netsvcs
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\drivers\*.sys /180
    3. Push [​IMG]
    4. A report will open. Copy and Paste that report in your next reply.




    NEXT:


    Please make sure you include the following items in your next post:
    1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
    2. The log that was produced after running the ComboFix scan.
    3. The log that was produced after running the updated MalwareBytes' Anti-Malware scan.
    4. The log that was produced after running the ESET Online Virus Scanner.
    5. The log that was produced after running the OTL scan.
    6. An update on how your computer is currently running.​
    It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

    Cheers,
    SweetTech.
     
  8. pacpie

    pacpie Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    7
    2. Here is the log for the ComboFix scan:

    ComboFix 10-05-23.05 - Amanda 05/23/2010 21:23:13.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.217 [GMT -4:00]
    Running from: c:\documents and settings\Amanda\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Amanda\Desktop\CFScript.txt
    AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

    FILE ::
    "c:\windows\system32\wuauclt.exe.wusetup.879640.new"
    .

    ((((((((((((((((((((((((( Files Created from 2010-04-24 to 2010-05-24 )))))))))))))))))))))))))))))))
    .

    2010-05-23 23:00 . 2010-05-23 23:00 -------- d-----w- C:\_OTL
    2010-05-09 03:19 . 2010-05-09 03:20 -------- d-----w- c:\program files\Veetle

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-24 01:42 . 2009-10-14 02:36 -------- d-----w- c:\program files\Symantec AntiVirus
    2010-05-17 21:20 . 2006-08-19 02:17 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2010-05-17 21:20 . 2006-08-19 02:17 88 --sh--r- c:\windows\system32\B6BC575F1B.sys
    2010-05-17 17:47 . 2008-01-02 23:49 -------- d-----w- c:\program files\FinePixViewer
    2010-04-17 15:29 . 2010-04-17 15:29 -------- d-----w- c:\program files\Trend Micro
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-14 2000112]
    "Google Update"="c:\documents and settings\Amanda\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-20 135664]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
    "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-13 98304]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-11 24576]
    ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-1-2 303104]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe"=
    "c:\\WINDOWS\\system32\\spoolsv.exe"=

    R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2007-10-08 116664]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-04 9968]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-04 74480]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-09-17 102448]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-04 7408]

    .
    Contents of the 'Scheduled Tasks' folder

    2010-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-810328663-4024632713-2062420923-1006Core.job
    - c:\documents and settings\Amanda\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-20 04:11]

    2010-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-810328663-4024632713-2062420923-1006UA.job
    - c:\documents and settings\Amanda\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-20 04:11]

    2010-05-24 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
    FF - ProfilePath - c:\documents and settings\Amanda\Application Data\Mozilla\Firefox\Profiles\h3gug9bg.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - plugin: c:\documents and settings\Amanda\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\documents and settings\Amanda\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
    FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
    FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin9.dll
    FF - plugin: c:\program files\Veetle\Player\npvlc.dll
    FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-23 21:42
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vsdatant]
    "ImagePath"="a"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1016)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll

    - - - - - - - > 'explorer.exe'(2320)
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
    c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\windows\system32\bgsvcgen.exe
    c:\program files\Symantec AntiVirus\DefWatch.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
    c:\program files\Symantec AntiVirus\Rtvscan.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    c:\windows\stsystra.exe
    c:\documents and settings\Amanda\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    c:\program files\Symantec AntiVirus\DoScan.exe
    c:\windows\SoftwareDistribution\Download\1984e3975b80238804f38747104072d2\update\update.exe
    .
    **************************************************************************
    .
    Completion time: 2010-05-23 22:02:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-05-24 02:02
    ComboFix2.txt 2010-05-24 00:35

    Pre-Run: 22,449,790,976 bytes free
    Post-Run: 22,282,706,944 bytes free

    - - End Of File - - 8F49E6124FBBAF1044700B907D4FCE7A

    3. Here is the log for the MalwareByte's Anti-Malware scan:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4136

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18702

    5/23/2010 10:41:18 PM
    mbam-log-2010-05-23 (22-41-18).txt

    Scan type: Quick scan
    Objects scanned: 119433
    Time elapsed: 15 minute(s), 54 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    4. Here is the ESET log:

    C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe probably a variant of Win32/Agent trojan
    C:\_OTL\MovedFiles\05232010_190046\C_WINDOWS\system32\unuritiv.ini Win32/Adware.Virtumonde.NEO application


    5. Here is the OTL Scan:

    OTL logfile created on: 5/24/2010 8:04:01 AM - Run 2
    OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Amanda\Desktop
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    502.00 Mb Total Physical Memory | 186.00 Mb Available Physical Memory | 37.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 38.74 Gb Total Space | 20.62 Gb Free Space | 53.24% Space Free | Partition Type: NTFS
    Drive D: | 12.55 Gb Total Space | 12.48 Gb Free Space | 99.49% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: DDCC0MB1
    Current User Name: Amanda
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Amanda\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
    PRC - C:\Documents and Settings\Amanda\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
    PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
    PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
    PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
    PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
    PRC - C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
    PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
    PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
    PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
    PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
    PRC - C:\Program Files\NetWaiting\netwaiting.exe ()


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Amanda\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
    SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
    SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
    SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
    SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
    SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
    SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
    SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
    SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
    SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
    SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
    SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (catchme) -- File not found
    DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100521.002\NAVEX15.SYS (Symantec Corporation)
    DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100521.002\NAVENG.SYS (Symantec Corporation)
    DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
    DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
    DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
    DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
    DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
    DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
    DRV - (ASCTRM) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
    DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
    DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
    DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
    DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
    DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
    DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
    DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
    DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
    DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
    DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
    DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
    DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
    DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
    DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
    DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
    DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
    DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
    DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
    DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
    DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
    DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
    DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
    DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
    DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
    DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
    DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
    DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
    DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
    DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
    DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
    DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
    DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
    DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
    DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
    DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
    DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
    DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
    DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
    DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
    DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
    DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
    DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 19:08:36 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 19:08:36 | 000,000,000 | ---D | M]

    [2008/12/06 16:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\Mozilla\Extensions
    [2010/05/18 09:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\h3gug9bg.default\extensions
    [2009/01/24 23:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\h3gug9bg.default\extensions\[email protected]
    [2010/05/18 09:22:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/05/23 21:41:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
    O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab (DLM Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
    O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Java Plug-in 1.5.0_08)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Amanda\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Amanda\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 13:52:56 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16620634377289728)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/05/23 22:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010/05/23 22:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\Application Data\Malwarebytes
    [2010/05/23 22:23:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/05/23 22:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/05/23 22:22:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/05/23 22:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/05/23 22:16:41 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Amanda\Desktop\mbam-setup-1.46.exe
    [2010/05/23 21:53:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2010/05/23 21:32:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/05/23 19:47:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/05/23 19:42:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/05/23 19:42:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/05/23 19:42:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/05/23 19:42:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/05/23 19:40:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/05/23 19:40:02 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/05/23 19:00:46 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/05/23 11:38:16 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amanda\Desktop\OTL.exe
    [2010/05/08 23:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle

    ========== Files - Modified Within 30 Days ==========

    [2010/05/24 07:29:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-810328663-4024632713-2062420923-1006UA.job
    [2010/05/24 01:58:31 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/05/23 22:46:01 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\esetsmartinstaller_enu.exe
    [2010/05/23 22:23:08 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/05/23 22:16:45 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Amanda\Desktop\mbam-setup-1.46.exe
    [2010/05/23 21:42:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/05/23 21:41:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/05/23 21:40:30 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
    [2010/05/23 21:38:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/05/23 21:37:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/05/23 21:37:06 | 526,843,904 | -HS- | M] () -- C:\hiberfil.sys
    [2010/05/23 21:34:04 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Amanda\NTUSER.DAT
    [2010/05/23 21:33:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Amanda\ntuser.ini
    [2010/05/23 19:47:22 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/05/23 19:41:44 | 003,696,052 | R--- | M] () -- C:\Documents and Settings\Amanda\Desktop\ComboFix.exe
    [2010/05/23 17:29:05 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-810328663-4024632713-2062420923-1006Core.job
    [2010/05/23 11:38:16 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amanda\Desktop\OTL.exe
    [2010/05/17 17:20:45 | 000,004,704 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2010/05/17 17:20:19 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\B6BC575F1B.sys
    [2010/04/29 21:32:16 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\Google Chrome.lnk
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
    [2010/04/24 11:50:00 | 000,118,058 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\7day.JPG

    ========== Files Created - No Company Name ==========

    [2010/05/23 22:45:52 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Amanda\Desktop\esetsmartinstaller_enu.exe
    [2010/05/23 22:23:08 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/05/23 19:47:21 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/05/23 19:47:13 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/05/23 19:42:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/05/23 19:42:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/05/23 19:42:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/05/23 19:42:31 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/05/23 19:42:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/05/23 19:29:05 | 003,696,052 | R--- | C] () -- C:\Documents and Settings\Amanda\Desktop\ComboFix.exe
    [2009/10/14 18:31:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2009/09/28 20:22:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acehtml6.ini
    [2008/11/28 01:37:14 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2008/03/04 19:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
    [2007/12/27 08:14:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\PosTickerLib.dll
    [2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
    [2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
    [2007/05/13 20:58:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
    [2007/01/24 12:37:57 | 000,000,377 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
    [2006/08/28 20:26:45 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2006/08/18 22:17:41 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2006/08/18 22:17:41 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\B6BC575F1B.sys
    [2006/08/18 13:17:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
    [2006/08/11 03:25:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/08/11 03:11:40 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
    [2006/08/11 03:07:35 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/08/11 02:35:54 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
    [2006/08/11 02:35:43 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2006/08/11 02:35:38 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2006/08/11 02:34:13 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/09/23 08:52:14 | 000,207,872 | ---- | C] () -- C:\WINDOWS\System32\OneWay.dll
    [2005/04/09 11:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2002/06/02 11:05:40 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\1Way.dll

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/11/10 02:03:16 | 000,000,365 | ---- | M] () -- C:\aaw7boot.log
    [2006/11/21 22:09:52 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
    [2006/11/21 22:09:52 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
    [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2006/08/17 17:07:34 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/05/23 19:47:22 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2010/05/23 22:03:04 | 000,009,035 | ---- | M] () -- C:\ComboFix.txt
    [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2006/08/11 02:41:56 | 000,005,929 | RH-- | M] () -- C:\dell.sdr
    [2010/05/23 21:37:06 | 526,843,904 | -HS- | M] () -- C:\hiberfil.sys
    [2006/08/18 13:25:20 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2006/08/11 02:56:06 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/05/23 21:36:50 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
    [2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
    [2006/08/11 03:07:31 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
    [2008/04/28 15:51:23 | 000,088,255 | ---- | M] () -- C:\VETlog.dmp
    [2008/04/28 15:51:23 | 000,036,405 | ---- | M] () -- C:\VETlog.txt

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2004/08/10 13:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/10 13:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/10 13:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\drivers\*.sys /180 >
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    < End of report >




    I had to run the ESET Scan overnight because it was taking a very long amount of time..
     
  9. SweetTech

    SweetTech

    Joined:
    Dec 31, 1969
    Messages:
    1,016
    Hello,

    OTL Fix

    We need to run an OTL Fix

    1. Please reopen [​IMG] on your desktop.
    2. Copy and Paste the following code into the [​IMG] textbox. Do not include the word "Code"

      Code:
      :Services
      :OTL
      DRV - (catchme) -- File not found
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      [2010/05/23 22:46:01 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\esetsmartinstaller_enu.exe
      [2010/05/23 22:16:45 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Amanda\Desktop\mbam-setup-1.46.exe
      :Files
      C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe
      :Commands
      [purity]
      [emptytemp]
      [EMPTYFLASH]
      [start explorer]
      [Reboot]
    3. Push [​IMG]
    4. OTL may ask to reboot the machine. Please do so if asked.
    5. Click [​IMG].
    6. A report will open. Copy and Paste that report in your next reply.
    7. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.



    NEXT:



    Update FireFox
    While in Firefox go to the Help menu.
    Locate Check for Updates.
    Allow Firefox to install the latest update. Which is 3.6.3



    NEXT:



    Java Outdated
    Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Look for "JDK 6 Update 20 (JDK or JRE)".
    • Click the "Download JRE" button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
    • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
    • When the Java Setup - Welcome window opens, click the Install > button.
    • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
    -- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
    -- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


    Note:
    The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.
    To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
    Click Ok and reboot your computer.


    NEXT



    Clean Java Cache & Temporary Files

    • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
      • On the General tab, under Temporary Internet Files, click the Settings button.
      • Next, click on the Delete Files button
      • There are two options in the window to clear the cache - Leave BOTH Checked
        • Applications and AppletsTrace and Log Files
      • Click OK on Delete Temporary Files Window

        Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
      • Click OK to leave the Temporary Files Window
      • Click OK to leave the Java Control Panel.



    NEXT



    Update Adobe Reader
    Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
    • Go to Start > Control Panel > Add/Remove Programs
    • Remove ALL instances of Adobe Reader
    • Re-boot your computer as required.
    • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
    Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.
     
  10. pacpie

    pacpie Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    7
    Here is the latest OTL Fix report you requested:

    All processes killed
    ========== SERVICES/DRIVERS ==========
    ========== OTL ==========
    Service catchme stopped successfully!
    Service catchme deleted successfully!
    File File not found not found.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    C:\Documents and Settings\Amanda\Desktop\esetsmartinstaller_enu.exe moved successfully.
    C:\Documents and Settings\Amanda\Desktop\mbam-setup-1.46.exe moved successfully.
    ========== FILES ==========
    C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Amanda
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32969 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 23525254 bytes
    ->Flash cache emptied: 1218 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 1176 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Owner

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 828 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 23.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Amanda
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    User: Owner

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.5.0 log created on 05242010_183617

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...





    I also updated the Java, Adobe, Firefox and cleaned the java cache
     
  11. pacpie

    pacpie Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    7
    I just wanted to add that after submitting that post I rebooted my computer and I got another [XLDR] ATA error.

    And when I was doing some of the stuff from the previous post, my auto protection was disabled. My internet browsing with the newest version of firefox seems to be moving really fast and ive yet to see my auto-protection disabled...
     
  12. SweetTech

    SweetTech

    Joined:
    Dec 31, 1969
    Messages:
    1,016
    Hello,

    If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



    NEXT:



    Time for some housekeeping
    The following will implement some cleanup procedures as well as reset System Restore points:

    Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



    NEXT:



    OTL Clean-Up
    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.



    NEXT:



    All Clean Speech

    ===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===
    Below I have included a number of recommendations for how to protect your computer against malware infections.

    • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
      Strong passwords: How to create and use them
      then consider a password keeper, to keep all your passwords safe.
    • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
      This will ensure your computer has always the latest security updates available installed on your computer.
    • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
    • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
    • Make Internet Explorer more secure
      • Click Start > Run
      • Type Inetcpl.cpl & click OK
      • Click on the Security tab
      • Click Reset all zones to default level
      • Make sure the Internet Zone is selected & Click Custom level
      • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
      • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
    • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
    • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
    • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
      • Green to go
      • Yellow for caution
      • Red to stop
      WOT has an addon available for both Firefox and IE
    • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here
      • If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
        • NoScript - for blocking ads and other potential website attacks
    • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
    • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
    • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

    Thank you for your patience, and performing all of the procedures requested.

    Please respond one last time so we can consider the thread resolved and close it, thank-you.

    Cheers,
    SweetTech.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/917477

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice