1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer is playing random ads

Discussion in 'Virus & Other Malware Removal' started by janonjalay, Apr 17, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. janonjalay

    janonjalay Thread Starter

    Joined:
    Apr 16, 2011
    Messages:
    14
    I have been fighting to remove a virus or sometype of malware from my computer for about a week or so now. I have ran several different anti virus scan and thought I had removed everything however, when I go back to use my laptop it plays random ads and audio clips. Nothing else is open on my computer and no other programs that I am aware of are running in the background. I am also getting multiple script errors and redirecting to different websites that seem to try and download more malware when online. None of the other programs that i have run such as malewarebytes and hitmanpro are picking up in malicious files and I am really at a loss of what to do. I have google aroung and the only answer I could find was to re install the os but I would lose everything. Is there some other option? Here are the logs requested

    HijackThis
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:21:53 PM, on 4/16/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Safe mode with network support
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2600 Series\ezprint.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1282894705203
    O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
    O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
    --
    End of file - 4709 bytes

    dds
    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Andrea Lamb at 21:55:30.14 on Sat 04/16/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.278 [GMT -5:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\lxdncoms.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
    C:\Program Files\Lexmark 2600 Series\ezprint.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Andrea Lamb\Desktop\dds.com
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
    mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
    mRun: [EzPrint] "c:\program files\lexmark 2600 series\ezprint.exe"
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282894705203
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\andrea~1\applic~1\mozilla\firefox\profiles\1rladtfc.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2011-4-16 18816]
    R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2010-8-25 87936]
    S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2010-8-28 98984]
    S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-3-26 16968]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-4-13 38224]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\6.tmp --> c:\windows\system32\6.tmp [?]
    .
    =============== Created Last 30 ================
    .
    2011-04-17 02:55:09 388096 ----a-r- c:\docume~1\andrea~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-04-17 02:55:08 -------- d-----w- c:\program files\Trend Micro
    2011-04-17 01:25:10 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
    2011-04-17 00:41:03 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2011-04-16 23:55:07 6144 ------w- c:\windows\system32\11.tmp
    2011-04-16 21:15:38 6144 ------w- c:\windows\system32\5.tmp
    2011-04-16 21:15:04 6144 ------w- c:\windows\system32\4.tmp
    2011-04-16 21:14:25 6144 ------w- c:\windows\system32\3.tmp
    2011-04-14 03:40:41 -------- d-----w- c:\docume~1\andrea~1\applic~1\Malwarebytes
    2011-04-14 03:39:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-14 03:39:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-04-14 03:39:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-13 13:16:00 -------- d-----w- c:\program files\Sophos
    2011-03-27 04:41:34 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-03-27 04:39:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
    2011-03-27 00:58:14 -------- d--h--w- c:\windows\system32\GroupPolicy
    .
    ==================== Find3M ====================
    .
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    .
    ============= FINISH: 21:56:25.37 ===============

    ark.txt/gmer
    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit scan 2011-04-17 18:50:32
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHT2030AT rev.009B
    Running: juroepdq.exe; Driver: C:\DOCUME~1\ANDREA~1\LOCALS~1\Temp\kglyypob.sys

    ---- Kernel code sections - GMER 1.0.15 ----
    INITc VolSnap.sys F8560BD0 4 Bytes [36, 9A, 4D, 80]
    INITc VolSnap.sys F8560BF8 4 Bytes [94, 87, 4E, 80] {XCHG ESP, EAX; XCHG [ESI-0x80], ECX}
    INITc VolSnap.sys F8560C20 4 Bytes [A0, C1, 4D, 80]
    INITc VolSnap.sys F8560C48 4 Bytes [B0, C8, 4D, 80]
    INITc VolSnap.sys F8560C70 4 Bytes [09, BF, 4D, 80]
    INITc ...
    ---- User code sections - GMER 1.0.15 ----
    .text C:\WINDOWS\Explorer.EXE[2024] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00BC164F
    .text C:\WINDOWS\Explorer.EXE[2024] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00BC1817
    ---- Threads - GMER 1.0.15 ----
    Thread System [4:112] 82283E84
    Thread System [4:116] 82286084
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016414c5ef5
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016414c5ef5 (not active ControlSet)
    ---- Files - GMER 1.0.15 ----
    File C:\Documents and Settings\Andrea Lamb\Local Settings\Temporary Internet Files\Content.IE5\TCMDW0TN\l7b4796b26460[1].rss 9236 bytes
    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. janonjalay

    janonjalay Thread Starter

    Joined:
    Apr 16, 2011
    Messages:
    14
  3. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,775
    Hiya and welcome to Tech Support Guy :)

    Download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.



    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    Please include the MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log in your next reply

    eddie
     
  4. janonjalay

    janonjalay Thread Starter

    Joined:
    Apr 16, 2011
    Messages:
    14
    here are the requested logs I wasn't sure if you wanted these scans done in safe mode or not so I just ran the computer like normal since no specification hope that is not a problem.

    Malewarbytes:
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org
    Database version: 6460
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702
    4/27/2011 9:46:59 PM
    mbam-log-2011-04-27 (21-46-59).txt
    Scan type: Quick scan
    Objects scanned: 157958
    Time elapsed: 1 hour(s), 32 minute(s), 15 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    c:\documents and settings\andrea lamb\local settings\application data\ijn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    superantispyware:
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com
    Generated 04/28/2011 at 09:19 AM
    Application Version : 4.51.1000
    Core Rules Database Version : 6943
    Trace Rules Database Version: 4755
    Scan type : Complete Scan
    Total Scan Time : 01:31:43
    Memory items scanned : 407
    Memory threats detected : 0
    Registry items scanned : 4917
    Registry threats detected : 1
    File items scanned : 34294
    File threats detected : 104
    System.BrokenFileAssociation
    HKCR\.exe
    Adware.Tracking Cookie
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@eyewonder[2].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@apmebf[1].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@doubleclick[1].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@atdmt[1].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@statcounter[1].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@trafficmp[2].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][5].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@serving-sys[1].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][4].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@fastclick[1].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@realmedia[3].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    convoad.technoratimedia.net [ C:\Documents and Settings\Andrea Lamb\Application Data\Macromedia\Flash Player\#SharedObjects\25ESRYEM ]
    media.mtvnservices.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Macromedia\Flash Player\#SharedObjects\25ESRYEM ]
    secure-us.imrworldwide.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Macromedia\Flash Player\#SharedObjects\25ESRYEM ]
    .adxpose.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .edgeadx.net [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .legolas-media.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .legolas-media.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .legolas-media.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .richmedia.yahoo.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .specificmedia.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .lucidmedia.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .eyewonder.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .imrworldwide.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .imrworldwide.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    dc.tremormedia.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .media.adfrontiers.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .media.adfrontiers.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .mediabrandsww.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .adecn.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@adbrite[1].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@advertise[1].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@atdmt[2].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@collective-media[1].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@collective-media[2].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][3].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@doubleclick[2].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@imrworldwide[2].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@invitemedia[1].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@media6degrees[1].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@media6degrees[2].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@media6degrees[3].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@mediabrandsww[1].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@questionmarket[1].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@realmedia[1].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@realmedia[2].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@revsci[2].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@serving-sys[2].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\andrea_lamb@tribalfusion[1].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][3].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][4].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][3].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
    C:\Documents and Settings\Leon Davis\Cookies\leon_davis@2o7[1].txt
    C:\Documents and Settings\Leon Davis\Cookies\leon_davis@collective-media[2].txt
    C:\Documents and Settings\Leon Davis\Cookies\[email protected][2].txt
    C:\Documents and Settings\Leon Davis\Cookies\[email protected][3].txt
    C:\Documents and Settings\Leon Davis\Cookies\[email protected][1].txt
    C:\Documents and Settings\Leon Davis\Cookies\leon_davis@insightexpressai[2].txt
    C:\Documents and Settings\Leon Davis\Cookies\leon_davis@realmedia[1].txt
    C:\Documents and Settings\Leon Davis\Cookies\leon_davis@revsci[1].txt
    C:\Documents and Settings\Leon Davis\Cookies\leon_davis@tacoda[1].txt
    C:\Documents and Settings\Leon Davis\Cookies\leon_davis@tribalfusion[1].txt

    hijackthis log:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:17:05 AM, on 4/28/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\lxdncoms.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
    C:\Program Files\Lexmark 2600 Series\ezprint.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2600 Series\ezprint.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1282894705203
    O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
    O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
    --
    End of file - 5693 bytes
     
  5. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,775
    Normal mode is fine :)

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Remember to re-enable the protection again afterwards before connecting to the Internet.
    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    eddie
     
  6. janonjalay

    janonjalay Thread Starter

    Joined:
    Apr 16, 2011
    Messages:
    14
    Combo fix log:
    ComboFix 11-04-29.04 - Andrea Lamb 04/30/2011 14:25:51.1.1 - x86
    Running from: c:\documents and settings\Andrea Lamb\Desktop\andrea123.exe
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    .
    Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-30 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-28 03:02 . 2011-04-28 03:02 -------- d-----w- c:\documents and settings\Andrea Lamb\Application Data\SUPERAntiSpyware.com
    2011-04-28 03:02 . 2011-04-28 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-04-28 03:01 . 2011-04-28 03:03 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-04-20 01:41 . 2011-04-20 01:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2011-04-17 02:55 . 2011-04-17 02:55 388096 ----a-r- c:\documents and settings\Andrea Lamb\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-04-17 02:55 . 2011-04-17 02:55 -------- d-----w- c:\program files\Trend Micro
    2011-04-17 01:25 . 2010-05-26 15:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
    2011-04-17 00:41 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2011-04-16 20:10 . 2011-04-16 20:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2011-04-16 00:45 . 2011-04-16 00:45 -------- d-----w- c:\documents and settings\Leon Davis\Application Data\Malwarebytes
    2011-04-14 03:40 . 2011-04-14 03:40 -------- d-----w- c:\documents and settings\Andrea Lamb\Application Data\Malwarebytes
    2011-04-14 03:39 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-14 03:39 . 2011-04-14 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-04-14 03:39 . 2011-04-14 03:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-13 13:16 . 2011-04-13 13:16 -------- d-----w- c:\program files\Sophos
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-20 01:53 . 2011-03-27 04:41 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-02-09 13:53 . 2010-08-26 04:34 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2010-08-26 04:33 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 07:58 . 2010-08-26 04:33 2067456 ----a-w- c:\windows\system32\mstscax.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-20 2423752]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
    "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
    "lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
    "EzPrint"="c:\program files\Lexmark 2600 Series\ezprint.exe" [2008-03-27 107176]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-11 344064]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\lxdncoms.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
    "c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
    R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [4/16/2011 8:25 PM 18816]
    R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [8/25/2010 11:36 PM 87936]
    S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [8/28/2010 1:13 PM 98984]
    S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [3/26/2011 11:41 PM 16968]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\6.tmp --> c:\windows\system32\6.tmp [?]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
    FF - ProfilePath - c:\documents and settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-30 14:30
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\6.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(864)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll
    c:\windows\System32\BCMLogon.dll
    .
    Completion time: 2011-04-30 14:34:29
    ComboFix-quarantined-files.txt 2011-04-30 19:34
    .
    Pre-Run: 16,699,887,616 bytes free
    Post-Run: 16,664,641,536 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - FA5FF48B796F3F3D8E11207691110DB5
     
  7. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,775
    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

    eddie
     
  8. janonjalay

    janonjalay Thread Starter

    Joined:
    Apr 16, 2011
    Messages:
    14
    otl.txt as follows:

    OTL logfile created on: 5/3/2011 8:25:32 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Andrea Lamb\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.00 Mb Total Physical Memory | 231.00 Mb Available Physical Memory | 45.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 24.03 Gb Total Space | 15.52 Gb Free Space | 64.58% Space Free | Partition Type: NTFS
    Drive D: | 492.37 Mb Total Space | 393.89 Mb Free Space | 80.00% Space Free | Partition Type: FAT32

    Computer Name: LAMBS-KORNER | User Name: Andrea Lamb | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/05/03 20:16:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
    PRC - [2011/04/20 10:57:04 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2010/07/05 08:15:56 | 000,755,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\dce73325c50b43822620b32408bb3b50\update\update.exe
    PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/03/27 10:13:23 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2600 Series\ezprint.exe
    PRC - [2008/03/27 10:13:18 | 000,660,136 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
    PRC - [2008/02/27 18:07:26 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdncoms.exe
    PRC - [2002/12/17 15:28:00 | 000,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/05/03 20:16:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2008/02/27 18:07:26 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdncoms.exe -- (lxdn_device)
    SRV - [2008/02/27 18:07:14 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/04/19 20:53:05 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
    DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
    DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/03/04 20:10:50 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
    DRV - [2009/03/04 20:10:50 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
    DRV - [2009/03/04 20:10:50 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
    DRV - [2009/03/04 20:10:50 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
    DRV - [2007/06/06 13:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2007/03/16 20:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2006/10/29 10:16:56 | 000,087,936 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
    DRV - [2006/10/29 10:12:16 | 003,298,432 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
    DRV - [2005/05/03 17:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
    DRV - [2005/05/03 17:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
    DRV - [2005/05/03 17:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005/03/10 10:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
    DRV - [2005/01/11 15:18:22 | 000,800,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2002/12/17 15:32:58 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2002/12/17 15:32:46 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2002/12/17 15:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/29 01:42:11 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/04 21:59:46 | 000,000,000 | ---D | M]

    [2010/08/29 01:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Extensions
    [2010/08/29 01:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\extensions
    [2010/12/12 13:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/09/04 21:59:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/09/04 21:59:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010/09/04 21:59:23 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2011/04/30 14:30:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
    O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
    O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1282894705203 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/03/04 19:33:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKCU\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/03 20:26:14 | 000,000,000 | ---D | C] -- C:\81e5deaae2f83a2663a5
    [2011/05/03 20:24:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
    [2011/05/03 20:22:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2011/04/30 14:24:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/04/30 14:14:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/04/30 14:14:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/04/30 14:14:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/04/30 14:14:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/04/30 14:10:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/04/30 14:08:37 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/04/27 22:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea Lamb\Application Data\SUPERAntiSpyware.com
    [2011/04/27 22:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2011/04/27 22:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2011/04/27 22:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/04/27 22:00:10 | 010,994,344 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Andrea Lamb\Desktop\SUPERAntiSpyware.exe
    [2011/04/27 19:55:53 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\TFC.exe
    [2011/04/19 20:41:35 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
    [2011/04/16 21:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/04/16 21:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea Lamb\Start Menu\Programs\HiJackThis
    [2011/04/16 20:25:10 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
    [2011/04/16 19:41:03 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
    [2011/04/13 22:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea Lamb\Application Data\Malwarebytes
    [2011/04/13 22:39:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/04/13 22:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/04/13 22:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/04/13 22:37:51 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andrea Lamb\Desktop\mbam-setup.exe
    [2011/04/13 08:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
    [2011/04/13 08:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
    [2011/04/13 07:15:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrea Lamb\Start Menu\Programs\Administrative Tools
    [2011/04/12 22:01:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrea Lamb\Recent
    [2010/08/28 13:12:00 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll
    [2010/08/28 13:12:00 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll
    [2010/08/28 13:12:00 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
    [2010/08/28 13:11:59 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
    [2010/08/28 13:11:59 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
    [2010/08/28 13:11:59 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
    [2010/08/28 13:11:59 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll
    [2010/08/28 13:11:58 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
    [2010/08/28 13:11:58 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
    [2010/08/28 13:11:58 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnih.exe
    [2010/08/28 13:11:57 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoms.exe
    [2010/08/28 13:11:57 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
    [2010/08/28 13:11:56 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
    [2010/08/28 13:11:56 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncfg.exe

    ========== Files - Modified Within 30 Days ==========

    [2011/05/03 20:20:17 | 000,012,688 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/05/03 20:18:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/05/03 20:16:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
    [2011/04/30 14:30:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/04/30 14:24:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/04/30 14:11:25 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
    [2011/04/30 14:01:09 | 004,333,869 | R--- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\andrea123.exe
    [2011/04/28 10:14:58 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\HiJackThis.lnk
    [2011/04/27 22:01:58 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/04/27 22:00:09 | 010,994,344 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Andrea Lamb\Desktop\SUPERAntiSpyware.exe
    [2011/04/27 19:55:58 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\TFC.exe
    [2011/04/20 00:04:04 | 000,013,566 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6vn137o21jcqg4041
    [2011/04/20 00:04:03 | 000,013,566 | -HS- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\6vn137o21jcqg4041
    [2011/04/19 23:10:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/04/19 21:14:33 | 000,013,302 | -HS- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\74naa86484b4h4547ab5g2x7g1n374va28l
    [2011/04/19 21:14:33 | 000,013,302 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\74naa86484b4h4547ab5g2x7g1n374va28l
    [2011/04/19 20:53:05 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2011/04/19 20:41:35 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
    [2011/04/19 20:35:06 | 000,014,974 | -HS- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\b684au650dp60j3dm0h778613303jr1au0v087g42ip5
    [2011/04/19 20:35:06 | 000,014,974 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\b684au650dp60j3dm0h778613303jr1au0v087g42ip5
    [2011/04/17 14:03:33 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\juroepdq.exe
    [2011/04/17 13:57:48 | 000,003,325 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\Attach.zip
    [2011/04/16 19:32:08 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\housecall.guid.cache
    [2011/04/16 19:26:08 | 000,007,052 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2011/04/16 18:41:14 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\dds.com
    [2011/04/16 18:40:15 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\HijackThis.msi
    [2011/04/16 18:21:47 | 000,001,504 | ---- | M] () -- C:\WINDOWS\System32\.crusader
    [2011/04/16 18:19:40 | 000,014,008 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\y26fl6u3dlvqhk4y3xi2gf658qow21ch7426l1f62q7
    [2011/04/16 18:19:39 | 000,014,008 | -HS- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\y26fl6u3dlvqhk4y3xi2gf658qow21ch7426l1f62q7
    [2011/04/14 16:28:22 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\Shortcut to Application Data.lnk
    [2011/04/13 22:39:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/04/13 22:37:51 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andrea Lamb\Desktop\mbam-setup.exe
    [2011/04/13 08:13:38 | 001,376,832 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\sar_15_sfx.exe
    [2011/04/11 00:18:36 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18407220r
    [2011/04/11 00:18:36 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18407220
    [2011/04/11 00:18:27 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18407220
    [2011/04/10 14:40:04 | 000,029,719 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\My Documents\Miami_sondi_drea.JPG
    [2011/04/05 16:54:05 | 000,000,991 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\leonnn.csv
    [2011/04/05 15:00:05 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== Files Created - No Company Name ==========

    [2011/04/30 14:24:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/04/30 14:24:22 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/04/30 14:14:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/04/30 14:14:48 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/04/30 14:14:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/04/30 14:14:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/04/30 14:14:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/04/30 14:01:09 | 004,333,869 | R--- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\andrea123.exe
    [2011/04/27 22:01:58 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/04/20 00:01:47 | 000,013,566 | -HS- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\6vn137o21jcqg4041
    [2011/04/20 00:01:47 | 000,013,566 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6vn137o21jcqg4041
    [2011/04/19 21:12:37 | 000,013,302 | -HS- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\74naa86484b4h4547ab5g2x7g1n374va28l
    [2011/04/19 21:12:37 | 000,013,302 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\74naa86484b4h4547ab5g2x7g1n374va28l
    [2011/04/19 14:25:40 | 000,014,974 | -HS- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\b684au650dp60j3dm0h778613303jr1au0v087g42ip5
    [2011/04/19 14:25:40 | 000,014,974 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\b684au650dp60j3dm0h778613303jr1au0v087g42ip5
    [2011/04/17 14:03:28 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\juroepdq.exe
    [2011/04/17 13:57:48 | 000,003,325 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\Attach.zip
    [2011/04/16 21:55:08 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\HiJackThis.lnk
    [2011/04/16 19:32:08 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\housecall.guid.cache
    [2011/04/16 19:19:19 | 000,007,052 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2011/04/16 18:41:06 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\dds.com
    [2011/04/16 18:40:15 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\HijackThis.msi
    [2011/04/16 18:21:47 | 000,001,504 | ---- | C] () -- C:\WINDOWS\System32\.crusader
    [2011/04/16 18:12:47 | 000,014,008 | -HS- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\y26fl6u3dlvqhk4y3xi2gf658qow21ch7426l1f62q7
    [2011/04/16 18:12:47 | 000,014,008 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\y26fl6u3dlvqhk4y3xi2gf658qow21ch7426l1f62q7
    [2011/04/14 16:28:22 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\Shortcut to Application Data.lnk
    [2011/04/13 22:39:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/04/13 08:13:38 | 001,376,832 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\sar_15_sfx.exe
    [2011/04/11 00:18:36 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18407220r
    [2011/04/11 00:18:35 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18407220
    [2011/04/11 00:18:27 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18407220
    [2011/04/10 14:40:03 | 000,029,719 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\My Documents\Miami_sondi_drea.JPG
    [2011/04/05 16:54:02 | 000,000,991 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\leonnn.csv
    [2011/03/26 23:41:34 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2011/02/19 21:38:21 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/29 19:35:35 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2010/08/29 19:35:35 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2010/08/29 04:44:39 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/08/29 01:42:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/08/28 13:13:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
    [2010/08/28 13:13:08 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdncoin.dll
    [2010/08/28 13:12:36 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
    [2010/08/28 13:12:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
    [2010/08/28 13:12:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
    [2010/08/28 13:12:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdnrwrd.ini
    [2010/08/28 13:12:00 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll
    [2010/08/28 13:11:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
    [2010/08/27 02:34:49 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2010/08/27 02:34:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
    [2010/08/27 02:34:46 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2010/08/26 01:10:29 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
    [2010/08/25 23:34:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
    [2010/08/25 23:34:10 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2010/08/25 23:34:08 | 000,432,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/08/25 23:34:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2010/08/25 23:34:08 | 000,067,714 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/08/25 23:34:08 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2010/08/25 23:34:07 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2010/08/25 23:34:07 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
    [2010/08/25 23:34:04 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2010/08/25 23:34:01 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2010/08/25 23:33:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2010/08/25 23:33:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2010/08/25 23:33:37 | 000,110,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/25 23:33:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2010/08/25 23:33:33 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2010/08/25 23:33:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2010/08/25 23:29:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2010/08/25 23:29:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2010/08/25 23:29:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

    ========== LOP Check ==========

    [2011/03/26 23:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2011/02/19 21:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2010/09/01 18:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrea Lamb\Application Data\OpenOffice.org
    [2011/02/19 21:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrea Lamb\Application Data\Research In Motion

    ========== Purity Check ==========


    < End of report >
     
  9. janonjalay

    janonjalay Thread Starter

    Joined:
    Apr 16, 2011
    Messages:
    14
    extras.txt as follows:

    OTL Extras logfile created on: 5/3/2011 8:25:32 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Andrea Lamb\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.00 Mb Total Physical Memory | 231.00 Mb Available Physical Memory | 45.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 24.03 Gb Total Space | 15.52 Gb Free Space | 64.58% Space Free | Partition Type: NTFS
    Drive D: | 492.37 Mb Total Space | 393.89 Mb Free Space | 80.00% Space Free | Partition Type: FAT32

    Computer Name: LAMBS-KORNER | User Name: Andrea Lamb | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002
    "4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
    "4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
    "4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
    "4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\lxdncoms.exe" = C:\WINDOWS\system32\lxdncoms.exe:*:Enabled:2600 Series Server -- ( )
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe:*:Enabled:printer Status Window Interface -- ()
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
    "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe" = C:\Program Files\Lexmark 2600 Series\lxdnmon.exe:*:Enabled:printer Device Monitor -- ()
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe:*:Enabled:Job Status Window Interface -- ()
    "C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
    "C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe" = C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe:*:Enabled: -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
    "CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "ie8" = Windows Internet Explorer 8
    "kSolo" = kSolo Recorder
    "Lexmark 2600 Series" = Lexmark 2600 Series
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
    "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "WinGimp-2.0_is1" = GIMP 2.6.4
    "Xvid_is1" = Xvid 1.2.1 final uninstall

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/9/2011 8:19:16 AM | Computer Name = LAMBS-KORNER | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 1/13/2011 1:43:23 PM | Computer Name = LAMBS-KORNER | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module mshtml.dll, version 8.0.6001.18999, fault address 0x001b95b9.

    Error - 1/20/2011 11:49:52 PM | Computer Name = LAMBS-KORNER | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 1/21/2011 6:52:24 PM | Computer Name = LAMBS-KORNER | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 1/22/2011 6:56:46 PM | Computer Name = LAMBS-KORNER | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 2/6/2011 3:40:41 AM | Computer Name = LAMBS-KORNER | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 2/19/2011 5:53:15 AM | Computer Name = LAMBS-KORNER | Source = MsiInstaller | ID = 11305
    Description = Product: BlackBerry Desktop Software 6.0.1 -- Error 1305.Error reading
    from file C:\DOCUME~1\ANDREA~1\LOCALS~1\Temp\WZSE0.TMP\BlackBerry Desktop Software.msi.
    Verify that the file exists and that you can access it.

    Error - 2/19/2011 5:53:16 AM | Computer Name = LAMBS-KORNER | Source = MsiInstaller | ID = 11305
    Description = Product: BlackBerry Desktop Software 6.0.1 -- Error 1305.Error reading
    from file C:\DOCUME~1\ANDREA~1\LOCALS~1\Temp\WZSE0.TMP\BlackBerry Desktop Software.msi.
    Verify that the file exists and that you can access it.

    Error - 2/19/2011 5:53:18 AM | Computer Name = LAMBS-KORNER | Source = MsiInstaller | ID = 11305
    Description = Product: BlackBerry Desktop Software 6.0.1 -- Error 1305.Error reading
    from file C:\DOCUME~1\ANDREA~1\LOCALS~1\Temp\WZSE0.TMP\BlackBerry Desktop Software.msi.
    Verify that the file exists and that you can access it.

    Error - 2/20/2011 1:37:29 PM | Computer Name = LAMBS-KORNER | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 4/30/2011 3:13:39 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService
    service to connect.

    Error - 4/30/2011 3:13:39 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7000
    Description = The lxdnCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 4/30/2011 3:13:39 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7031
    Description = The Print Spooler service terminated unexpectedly. It has done this
    1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 4/30/2011 3:14:33 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7031
    Description = The Print Spooler service terminated unexpectedly. It has done this
    2 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 4/30/2011 3:16:04 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7034
    Description = The Print Spooler service terminated unexpectedly. It has done this
    3 time(s).

    Error - 4/30/2011 3:25:36 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7034
    Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 4/30/2011 3:25:36 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7034
    Description = The Smart Card service terminated unexpectedly. It has done this
    1 time(s).

    Error - 5/3/2011 9:20:12 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService
    service to connect.

    Error - 5/3/2011 9:20:12 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7000
    Description = The lxdnCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 5/3/2011 9:20:12 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7034
    Description = The Print Spooler service terminated unexpectedly. It has done this
    1 time(s).


    < End of report >
     
  10. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,775
    Okay, can you update MBAm and run another scan, this time selecting Full Scan, and post the log like you did before.

    Also, can you run a scan here as well:

    Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
    • Click Eset Online Scanner button.
    • Tick the box next to YES, I accept the Terms of Use
    • If it wants to install an Addon, allow it.
    • If asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic


    eddie
     
  11. janonjalay

    janonjalay Thread Starter

    Joined:
    Apr 16, 2011
    Messages:
    14
    Sorry for the delay, my internet service was down for a while. Here are the requested logs:

    Malwarebytes
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org
    Database version: 6528
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702
    5/8/2011 1:12:07 PM
    mbam-log-2011-05-08 (13-12-06).txt
    Scan type: Full scan (C:\|)
    Objects scanned: 189113
    Time elapsed: 3 hour(s), 51 minute(s), 16 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)

    Eset Online Scanner
    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6427
    # api_version=3.0.2
    # EOSSerial=a7d0dbe015dcae458bce1d580b1f2cb1
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-05-08 07:17:16
    # local_time=2011-05-08 02:17:16 (-0600, Central Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 949080 949080 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=34916
    # found=0
    # cleaned=0
    # scan_time=2649
     
  12. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,775
    That's okay, I'm always around, so anytime is fine :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      Code:
      :OTL
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O34 - HKLM BootExecute: (autocheck autochk *) - File not found
      [2011/04/20 00:04:04 | 000,013,566 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6vn137o21jcqg4041
      [2011/04/20 00:04:03 | 000,013,566 | -HS- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\6vn137o21jcqg4041
      [2011/04/19 21:14:33 | 000,013,302 | -HS- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\74naa86484b4h4547ab5g2x7g1n374va28l
      [2011/04/19 21:14:33 | 000,013,302 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\74naa86484b4h4547ab5g2x7g1n374va28l
      [2011/04/19 20:35:06 | 000,014,974 | -HS- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\b684au650dp60j3dm0h778613303jr1au0v087g42ip5
      [2011/04/19 20:35:06 | 000,014,974 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\b684au650dp60j3dm0h778613303jr1au0v087g42ip5
      [2011/04/16 18:19:40 | 000,014,008 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\y26fl6u3dlvqhk4y3xi2gf658qow21ch7426l1f62q7
      [2011/04/16 18:19:39 | 000,014,008 | -HS- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\y26fl6u3dlvqhk4y3xi2gf658qow21ch7426l1f62q7
      :Files
      ipconfig /flushdns /c 
      :Commands 
      [purity] 
      [resethosts] 
      [emptytemp] 
      [EMPTYFLASH] 
      [CREATERESTOREPOINT] 
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


    eddie
     
  13. janonjalay

    janonjalay Thread Starter

    Joined:
    Apr 16, 2011
    Messages:
    14
    OTL logfile created on: 5/11/2011 1:58:30 PM - Run 2
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Andrea Lamb\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.00 Mb Total Physical Memory | 210.00 Mb Available Physical Memory | 41.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 24.03 Gb Total Space | 16.30 Gb Free Space | 67.83% Space Free | Partition Type: NTFS

    Computer Name: LAMBS-KORNER | User Name: Andrea Lamb | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/05/03 20:16:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
    PRC - [2011/04/20 10:57:04 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/03/27 10:13:23 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2600 Series\ezprint.exe
    PRC - [2008/03/27 10:13:18 | 000,660,136 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
    PRC - [2008/02/27 18:07:26 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdncoms.exe
    PRC - [2002/12/17 15:28:00 | 000,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/05/03 20:16:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2008/02/27 18:07:26 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdncoms.exe -- (lxdn_device)
    SRV - [2008/02/27 18:07:14 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/04/19 20:53:05 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
    DRV - [2011/02/17 08:18:24 | 000,455,936 | ---- | M] () [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
    DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
    DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/03/04 20:10:50 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
    DRV - [2009/03/04 20:10:50 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
    DRV - [2009/03/04 20:10:50 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
    DRV - [2009/03/04 20:10:50 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
    DRV - [2007/06/06 13:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2007/03/16 20:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2006/10/29 10:16:56 | 000,087,936 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
    DRV - [2006/10/29 10:12:16 | 003,298,432 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
    DRV - [2005/05/03 17:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
    DRV - [2005/05/03 17:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
    DRV - [2005/05/03 17:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005/03/10 10:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
    DRV - [2005/01/11 15:18:22 | 000,800,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2002/12/17 15:32:58 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2002/12/17 15:32:46 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2002/12/17 15:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/29 01:42:11 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/04 21:59:46 | 000,000,000 | ---D | M]

    [2010/08/29 01:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Extensions
    [2010/08/29 01:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\extensions
    [2010/12/12 13:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/09/04 21:59:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/09/04 21:59:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010/09/04 21:59:23 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2011/05/11 13:52:21 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
    O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
    O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1282894705203 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.7.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/03/04 19:33:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKCU\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/11 13:52:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/05/11 13:52:16 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/05/08 13:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/05/08 09:08:44 | 000,000,000 | -HSD | C] -- C:\found.000
    [2011/05/07 17:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\PCHealth
    [2011/05/07 17:16:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2011/05/03 20:44:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2011/05/03 20:24:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
    [2011/04/30 14:24:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/04/30 14:14:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/04/30 14:14:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/04/30 14:14:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/04/30 14:14:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/04/30 14:10:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/04/30 14:08:37 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/04/27 22:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea Lamb\Application Data\SUPERAntiSpyware.com
    [2011/04/27 22:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2011/04/27 22:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2011/04/27 22:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/04/27 22:00:10 | 010,994,344 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Andrea Lamb\Desktop\SUPERAntiSpyware.exe
    [2011/04/27 19:55:53 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\TFC.exe
    [2011/04/19 20:41:35 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
    [2011/04/16 21:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/04/16 21:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea Lamb\Start Menu\Programs\HiJackThis
    [2011/04/16 20:25:10 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
    [2011/04/16 19:41:03 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
    [2011/04/13 22:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea Lamb\Application Data\Malwarebytes
    [2011/04/13 22:39:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/04/13 22:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/04/13 22:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/04/13 22:37:51 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andrea Lamb\Desktop\mbam-setup.exe
    [2011/04/13 08:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
    [2011/04/13 08:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
    [2011/04/13 07:15:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrea Lamb\Start Menu\Programs\Administrative Tools
    [2011/04/12 22:01:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrea Lamb\Recent
    [2010/08/28 13:12:00 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll
    [2010/08/28 13:12:00 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll
    [2010/08/28 13:12:00 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
    [2010/08/28 13:11:59 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
    [2010/08/28 13:11:59 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
    [2010/08/28 13:11:59 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
    [2010/08/28 13:11:59 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll
    [2010/08/28 13:11:58 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
    [2010/08/28 13:11:58 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
    [2010/08/28 13:11:58 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnih.exe
    [2010/08/28 13:11:57 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoms.exe
    [2010/08/28 13:11:57 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
    [2010/08/28 13:11:56 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
    [2010/08/28 13:11:56 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncfg.exe

    ========== Files - Modified Within 30 Days ==========

    [2011/05/11 13:56:28 | 000,012,688 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/05/11 13:54:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/05/11 13:53:30 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
    [2011/05/11 13:52:21 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2011/05/09 03:18:05 | 000,110,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/05/07 18:18:28 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/05/03 20:16:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
    [2011/04/30 14:24:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/04/30 14:01:09 | 004,333,869 | R--- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\andrea123.exe
    [2011/04/28 10:14:58 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\HiJackThis.lnk
    [2011/04/27 22:01:58 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/04/27 22:00:09 | 010,994,344 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Andrea Lamb\Desktop\SUPERAntiSpyware.exe
    [2011/04/27 19:55:58 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\TFC.exe
    [2011/04/19 23:10:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/04/19 20:53:05 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2011/04/19 20:41:35 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
    [2011/04/17 14:03:33 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\juroepdq.exe
    [2011/04/17 13:57:48 | 000,003,325 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\Attach.zip
    [2011/04/16 19:32:08 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\housecall.guid.cache
    [2011/04/16 19:26:08 | 000,007,052 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2011/04/16 18:41:14 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\dds.com
    [2011/04/16 18:40:15 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\HijackThis.msi
    [2011/04/16 18:21:47 | 000,001,504 | ---- | M] () -- C:\WINDOWS\System32\.crusader
    [2011/04/14 16:28:22 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\Shortcut to Application Data.lnk
    [2011/04/13 22:39:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/04/13 22:37:51 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andrea Lamb\Desktop\mbam-setup.exe
    [2011/04/13 08:13:38 | 001,376,832 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\sar_15_sfx.exe

    ========== Files Created - No Company Name ==========

    [2011/04/30 14:24:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/04/30 14:24:22 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/04/30 14:14:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/04/30 14:14:48 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/04/30 14:14:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/04/30 14:14:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/04/30 14:14:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/04/30 14:01:09 | 004,333,869 | R--- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\andrea123.exe
    [2011/04/27 22:01:58 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/04/17 14:03:28 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\juroepdq.exe
    [2011/04/17 13:57:48 | 000,003,325 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\Attach.zip
    [2011/04/16 21:55:08 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\HiJackThis.lnk
    [2011/04/16 19:32:08 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\housecall.guid.cache
    [2011/04/16 19:19:19 | 000,007,052 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2011/04/16 18:41:06 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\dds.com
    [2011/04/16 18:40:15 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\HijackThis.msi
    [2011/04/16 18:21:47 | 000,001,504 | ---- | C] () -- C:\WINDOWS\System32\.crusader
    [2011/04/14 16:28:22 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\Shortcut to Application Data.lnk
    [2011/04/13 22:39:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/04/13 08:13:38 | 001,376,832 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\sar_15_sfx.exe
    [2011/04/11 00:18:36 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18407220r
    [2011/04/11 00:18:35 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18407220
    [2011/04/11 00:18:27 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18407220
    [2011/03/26 23:41:34 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2011/02/19 21:38:21 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/29 19:35:35 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2010/08/29 19:35:35 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2010/08/29 04:44:39 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/08/29 01:42:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/08/28 13:13:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
    [2010/08/28 13:13:08 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdncoin.dll
    [2010/08/28 13:12:36 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
    [2010/08/28 13:12:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
    [2010/08/28 13:12:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
    [2010/08/28 13:12:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdnrwrd.ini
    [2010/08/28 13:12:00 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll
    [2010/08/28 13:11:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
    [2010/08/27 02:34:49 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2010/08/27 02:34:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
    [2010/08/27 02:34:46 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2010/08/26 01:10:29 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
    [2010/08/25 23:36:20 | 000,455,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\mrxsmb.sys
    [2010/08/25 23:34:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
    [2010/08/25 23:34:10 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2010/08/25 23:34:08 | 000,432,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/08/25 23:34:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2010/08/25 23:34:08 | 000,067,714 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/08/25 23:34:08 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2010/08/25 23:34:07 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2010/08/25 23:34:07 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
    [2010/08/25 23:34:04 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2010/08/25 23:34:01 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2010/08/25 23:33:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2010/08/25 23:33:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2010/08/25 23:33:37 | 000,110,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/25 23:33:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2010/08/25 23:33:33 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2010/08/25 23:33:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2010/08/25 23:29:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2010/08/25 23:29:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2010/08/25 23:29:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

    ========== LOP Check ==========

    [2011/03/26 23:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2011/02/19 21:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2010/09/01 18:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrea Lamb\Application Data\OpenOffice.org
    [2011/02/19 21:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrea Lamb\Application Data\Research In Motion

    ========== Purity Check ==========


    < End of report >
     
  14. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,775
    Just to let you know, I'm on holiday on may 20th until May 27th, but will do what I can until then :)


    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :reg
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8CFCF42C-1C64-47D6-AEEC-F9D001832ED3}
      :dir /s
      C:\81e5deaae2f83a2663a5
      C:\Documents and Settings\All Users\Application Data\~18407220r
      C:\Documents and Settings\All Users\Application Data\~18407220
      C:\Documents and Settings\All Users\Application Data\18407220
      :file
      C:\Documents and Settings\All Users\Application Data\~18407220r
      C:\Documents and Settings\All Users\Application Data\~18407220
      C:\Documents and Settings\All Users\Application Data\18407220
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found at on your Desktop entitled SystemLook.txt

    eddie
     
  15. janonjalay

    janonjalay Thread Starter

    Joined:
    Apr 16, 2011
    Messages:
    14
    SystemLook 04.09.10 by jpshortstuff
    Log created at 04:06 on 18/05/2011 by Andrea Lamb
    Administrator - Elevation successful
    ========== reg ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8CFCF42C-1C64-47D6-AEEC-F9D001832ED3}]
    "SystemComponent"= 0x0000000000 (0)
    "Installer"="MSICD"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8CFCF42C-1C64-47D6-AEEC-F9D001832ED3}\Contains]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8CFCF42C-1C64-47D6-AEEC-F9D001832ED3}\DownloadInformation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8CFCF42C-1C64-47D6-AEEC-F9D001832ED3}\InstalledVersion]

    Invalid Context: dir /s
    No Context: C:\81e5deaae2f83a2663a5
    No Context: C:\Documents and Settings\All Users\Application Data\~18407220r
    No Context: C:\Documents and Settings\All Users\Application Data\~18407220
    No Context: C:\Documents and Settings\All Users\Application Data\18407220
    ========== file ==========
    C:\Documents and Settings\All Users\Application Data\~18407220r - File found and opened.
    MD5: 560C73632B53210B7CA195E12DBF8D6D
    Created at 05:18 on 11/04/2011
    Modified at 05:18 on 11/04/2011
    Size: 136 bytes
    Attributes: --a----
    No version information available.
    C:\Documents and Settings\All Users\Application Data\~18407220 - File found and opened.
    MD5: 32B1093F122A12615288BAE015843902
    Created at 05:18 on 11/04/2011
    Modified at 05:18 on 11/04/2011
    Size: 104 bytes
    Attributes: --a----
    No version information available.
    C:\Documents and Settings\All Users\Application Data\18407220 - File found and opened.
    MD5: BA8923C8AB2C71B97C86EFB08774E00D
    Created at 05:18 on 11/04/2011
    Modified at 05:18 on 11/04/2011
    Size: 336 bytes
    Attributes: --a----
    No version information available.
    -= EOF =-
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/992000