1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Random .exe Processes mutiplying itself in Task Mananger, and Slowing Down Computer

Discussion in 'Virus & Other Malware Removal' started by iLJ, Jan 17, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. iLJ

    iLJ Thread Starter

    Joined:
    Jan 16, 2011
    Messages:
    9
    Hi everyone,

    Recently I had caught a virus, and had noticed because my computer began to act up, I did a couple of restores and then eventually I restored it to the first day I got it with no programs installed, and the virus went away. My computer has been working fine for the past 2 weeks since I did this restore until today. Today I noticed that it began to process very slow, I am very good with computers so I know when my computer is fine or not, and once I noticed I went straight to the task manager and looked up processes, and saw some weird processes that were normally not there. I then refuted from restarting my computer even though It was unusable from the state that it was in. I start killing unknown .exe's processes from the normal 34 that I never seen and then as I did so they began to multiply. I didn't freak as I knew I been saving system system restores everyday, from the original date I bought the computer and since the computer didn't have the option of destructive restore, I did a system restore to the date of 1/11/11. My computer began to work fine but then a window popped up and said "Windows has closed this process or something and had done this to protect you from viruses," that is when I knew the virus had been something worse than a normal virus. I then immediately seen another popup, pop up and say the "touchpad" has been disable because another device has been connected to my computer???" That is when I did a system restore to when the first day I got the computer and I opened Task manager immediately with the Ethernet cable unplugged. Thirty-four processes were running, which meant that my computer was fine. But then when I reconnected the ethernet cord and connected to the internet, the process began to appear and that is when I googled this problem and saw that dvk01 on here had fixed this problem for someone. The process that multiplied at first was called ip something, then as I was trying to do the scans that you guys want, I saw something download called rtrui.exe (in winrar archive) and I got scared and immediately turned it off. I turned it back on in safe mode, then rtrui.exe began to multiply, and slow my computer and I restored again, and then when I clicked revo uninstaller, the process pfiw.exe began to multiply, right now it is only multiplying up to 4 processes, but when I kill it, it can multiply itself up to 26 times- more and slow my computer dramatically. Also I figured out that it has attached itself to my programs, so any program I start it begins to start itself as a process, but If i restore and do not open anything, it does not do anything. I tried to be as descriptive as possible and I will paste my scans below, I am hoping you guys can assist me with this problem as I am in need to use my computer badly. ;[

    Thanks in advance & Regards,

    Lanon Johnson
    Update: (Pictures Attached)
    Pictures of the first popup that popped up, it just popped up when I restored my computer. (Had to, it was in the state where I could not even move my mouse)
    Also pictures of the examples that it is doing... (Getting Scared)

    System Info
    OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
    Processor: Intel(R) Pentium(R) M processor 1.73GHz, x86 Family 6 Model 13 Stepping 8
    Processor Count: 1
    RAM: 1271 Mb
    Graphics Card: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family, 128 Mb
    Hard Drives: C: Total - 57224 MB, Free - 7402 MB;
    Motherboard: Hewlett-Packard, 3088, KBC Version 39.17,
    Antivirus: eTrust ITM, Updated: No, On-Demand Scanner: Enabled

    Hijackthis Scan
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:59:16 PM, on 1/16/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16981)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    C:\Documents and Settings\Administrator\Application Data\pfiw.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\mmc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Administrator\Application Data\pfiw.exe -dwup
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = centinela.k12.ca.us
    O17 - HKLM\Software\..\Telephony: DomainName = centinela.k12.ca.us
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = centinela.k12.ca.us
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
    O23 - Service: eTrust ITM RPC Service (InoRPC) - Unknown owner - C:\Program Files\CA\eTrustITM\InoRpc.exe (file missing)
    O23 - Service: eTrust Antivirus Realtime Service (InoRT) - Unknown owner - C:\Program Files\CA\eTrustITM\InoRT.exe (file missing)
    O23 - Service: eTrust ITM Job Service (InoTask) - Unknown owner - C:\Program Files\CA\eTrustITM\InoTask.exe (file missing)
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - Unknown owner - C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe (file missing)
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 9432 bytes


    DDS Scan

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Administrator at 18:03:16.50 on Sun 01/16/2011
    Internet Explorer: 7.0.5730.11
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1271.667 [GMT -8:00]

    AV: eTrust ITM *Enabled/Outdated* {33EA71EA-56CF-40B5-A06B-BD3A27397C44}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    C:\Documents and Settings\Administrator\Application Data\pfiw.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr
    C:\Documents and Settings\Administrator\Application Data\pfiw.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.hp.com
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\administrator\application data\pfiw.exe -dwup
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [12CFG214-K641-12SF-N85P] c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
    dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
    IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Authentication Packages = msv1_0 nwprovau
    mASetup: {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} - c:\recycler\s-1-5-21-1482476501-1644491937-682003330-1033\vmdcgr.exe

    ============= SERVICES / DRIVERS ===============

    R2 LogWatch;Event Log Watch;c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [2002-9-20 53248]
    S1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [2009-2-20 22272]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 135664]
    S3 CA_LIC_CLNT;CA License Client;c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe [2002-9-20 77824]
    S3 CA_LIC_SRVR;CA License Server;c:\program files\ca\sharedcomponents\ca_lic\lic98rmtd.exe [2002-9-20 77824]
    S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 80384]

    =============== Created Last 30 ================

    2011-01-17 01:31:35 40960 ----a-w- c:\docume~1\admini~1\locals~1\applic~1\3135234.exe
    2011-01-17 01:31:29 61440 --sh--w- c:\docume~1\admini~1\applic~1\pfiw.exe
    2011-01-17 01:31:20 61440 ----a-w- c:\documents and settings\administrator\hhdr.exe
    2011-01-17 01:18:30 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-01-17 01:18:30 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-01-13 14:58:49 -------- d-----w- c:\program files\AIM7
    2011-01-12 12:33:16 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-01-12 12:33:16 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-01-12 12:27:05 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Apple
    2011-01-12 10:14:31 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Temp
    2011-01-12 10:14:24 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Google
    2011-01-12 10:13:52 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Deployment
    2011-01-12 10:12:41 -------- d-----w- c:\program files\common files\Blizzard Entertainment
    2011-01-12 09:36:37 -------- d-----w- c:\windows\LastGood(2)
    2011-01-12 07:47:46 -------- d-----w- c:\program files\Mozilla Firefox(3)
    2011-01-12 07:31:10 -------- d-----w- c:\program files\common files\SureThing Shared
    2011-01-12 06:38:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
    2011-01-01 14:19:25 -------- d-----w- c:\program files\GHost Files
    2010-12-30 10:54:50 -------- d-----w- c:\docume~1\admini~1\applic~1\PCF-VLC
    2010-12-30 09:25:47 -------- d-----w- c:\docume~1\admini~1\applic~1\Participatory Culture Foundation
    2010-12-24 19:23:00 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\AOL
    2010-12-24 19:23:00 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\AIM
    2010-12-24 19:22:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\AIM
    2010-12-24 19:22:50 -------- d-----w- c:\program files\AIM
    2010-12-24 19:22:48 -------- d-----w- c:\program files\common files\AOL
    2010-12-21 15:48:36 -------- d-----w- c:\windows\pss
    2010-12-20 08:06:51 -------- d-----w- c:\program files\Warcraft III(2).temp
    2010-12-20 08:03:45 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Mozilla
    2010-12-20 08:03:38 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Apple Computer
    2010-12-19 17:46:40 -------- d-----w- c:\program files\SelectRebates
    2010-12-18 20:55:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
    2010-12-18 20:33:06 -------- d-----w- c:\program files\iPod
    2010-12-18 20:33:02 -------- d-----w- c:\program files\iTunes
    2010-12-18 20:33:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-12-18 20:31:40 -------- d-----w- c:\program files\QuickTime(2)
    2010-12-18 20:31:21 -------- d-----w- c:\program files\Apple Software Update(2)
    2010-12-18 20:29:06 -------- d-----w- c:\program files\Bonjour
    2010-12-18 18:50:14 -------- d-----w- c:\program files\common files\Blizzard Entertainment.temp
    2010-12-18 17:20:08 -------- d-----w- c:\windows\.jagex_cache_32
    2010-12-18 17:06:22 -------- d-----w- c:\windows\system32\Debug
    2010-12-18 08:39:44 -------- d-----w- c:\program files\GetMiro Toolbar
    2010-12-18 08:33:48 -------- d-----w- c:\program files\Participatory Culture Foundation
    2010-12-18 08:32:16 -------- d-----w- c:\program files\VS Revo Group

    ==================== Find3M ====================

    2010-12-17 00:30:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-12-17 00:30:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-30 01:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-19 18:04:06 0 ----a-w- C:\LOG94.tmp

    ============= FINISH: 18:05:05.45 ===============

    Gmer Scan
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-16 23:14:03
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS541060G9AT00 rev.MB3OA56J
    Running: ddcogt94.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uglyapob.sys


    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] [email protected]@Z 77C29CC5 5 Bytes JMP 0A90D480 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] [email protected]@Z 77C29CDD 5 Bytes JMP 0A90D2D0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] [email protected]@[email protected] 77C29D9F 5 Bytes JMP 0A90D500 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A90D3E0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_aligned_free 77C29E33 5 Bytes JMP 0A90D2D0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A90D3C0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A90D420 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A90D400 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_expand 77C29FE5 5 Bytes JMP 0A90D3A0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A90D550 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A90D560 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A90D581 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A90D650 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_heapused 77C2BE3A 5 Bytes JMP 0A90D620 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A90D590 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_msize 77C2BF6C 5 Bytes JMP 0A90D2E0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!calloc 77C2C0C3 5 Bytes JMP 0A90D270 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!free 77C2C21B 5 Bytes JMP 0A90D2D0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!malloc 77C2C407 5 Bytes JMP 0A90D230 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!realloc 77C2C437 5 Bytes JMP 0A90D2B0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)

    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

    ---- EOF - GMER 1.0.15 ----
     
  2. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following:

    Download ComboFix from one of the following locations:
    Link 1
    Link 2

    VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

    * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    • Double click on ComboFix.exe & follow the prompts.
    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    • Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
     
  3. iLJ

    iLJ Thread Starter

    Joined:
    Jan 16, 2011
    Messages:
    9
    Update: Last night I ran an eset scan, and it ran for 13 hours I believe and these are the results. (Just in case it helps)

    Following your procedure now, and will post very soon.


    ESET SCAN
    C:\Documents and Settings\Administrator\Local Settings\Application Data\3343546.exe a variant of Win32/Injector.EIF trojan cleaned by deleting - quarantined
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0IMWAKKL\m[2].s a variant of Win32/Injector.EHJ trojan cleaned by deleting - quarantined
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3X4HM1UC\header[1].png a variant of Win32/Injector.EFW trojan cleaned by deleting - quarantined
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\G2FR5VAO\dir[1].gif a variant of Win32/Injector.EIF trojan cleaned by deleting (after the next restart) - quarantined
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\HHS5CV4L\dir[1].gif a variant of Win32/Injector.EIF trojan cleaned by deleting - quarantined
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\HHS5CV4L\dir[2].gif a variant of Win32/Injector.EIF trojan cleaned by deleting - quarantined
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SBG33KQ9\dir[1].gif a variant of Win32/Injector.EIF trojan cleaned by deleting - quarantined
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WX9K15ZZ\m[1].s a variant of Win32/Injector.EHJ trojan cleaned by deleting - quarantined
    C:\Documents and Settings\Administrator\My Documents\Downloads\W3XNameSpooferPro11800.exe Win32/VB.NNA trojan cleaned by deleting - quarantined
    C:\Documents and Settings\Lanon\Local Settings\Temporary Internet Files\Content.IE5\I0JQBJL6\dir[1].gif a variant of Win32/Injector.EIF trojan cleaned by deleting - quarantined
    C:\Documents and Settings\Lanon\Local Settings\Temporary Internet Files\Content.IE5\RZCDDSUU\dir[1].gif a variant of Win32/Injector.EIF trojan cleaned by deleting - quarantined
    C:\Documents and Settings\LJ\Local Settings\Temporary Internet Files\Content.IE5\I0JQBJL6\m[1].s a variant of Win32/Injector.EHJ trojan cleaned by deleting - quarantined
    C:\Documents and Settings\mcastudent\Application Data\Sun\Java\Deployment\cache\6.0\40\3cda1268-51933822 probably a variant of Win32/Agent.JHBSDMY trojan deleted - quarantined
    C:\Documents and Settings\mcastudent\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-6219ad4d probably a variant of Win32/TrojanDownloader.Agent.KJVDHSG trojan deleted - quarantined
    C:\Documents and Settings\mcastudent\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-570bedc2 probably a variant of Win32/Agent.JHBSDMY trojan deleted - quarantined
    C:\Documents and Settings\mcastudent\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-396c70dc-44ad9e45.zip probably a variant of Win32/Agent.JHBSDMY trojan deleted - quarantined
    C:\Documents and Settings\mcastudent\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-7abe0d82.zip probably a variant of Win32/TrojanDownloader.Agent.KJVDHSG trojan deleted - quarantined
    C:\Documents and Settings\mcastudent\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-56174bad.zip probably a variant of Win32/Agent.JHBSDMY trojan deleted - quarantined
    C:\Documents and Settings\mcastudent\Local Settings\Temp\nsk4A1.tmp\Install.dll a variant of Win32/Adware.HotBar.E application cleaned by deleting - quarantined
    C:\Documents and Settings\mcastudent\Local Settings\Temp\nsw542.tmp\Install.dll a variant of Win32/Adware.HotBar.E application cleaned by deleting - quarantined
    C:\Documents and Settings\mcastudent\Local Settings\Temp\nsy546.tmp\Install.dll a variant of Win32/Adware.HotBar.E application cleaned by deleting - quarantined
    C:\Documents and Settings\mcastudent\Local Settings\Temp\ZAN543.exe a variant of Win32/Adware.HotBar.E application deleted - quarantined
    C:\Documents and Settings\mcastudent\Local Settings\Temporary Internet Files\Content.IE5\10T4HM5I\dir[1].gif a variant of Win32/Injector.EIF trojan cleaned by deleting - quarantined
    C:\Documents and Settings\mcastudent\Local Settings\Temporary Internet Files\Content.IE5\73NAZRSN\m[1].s a variant of Win32/Injector.EHJ trojan cleaned by deleting - quarantined
    C:\Documents and Settings\mcastudent\My Documents\Downloads\eMuleSetup.exe a variant of Win32/Adware.HotBar.H application cleaned by deleting - quarantined
    C:\Documents and Settings\mcastudent\My Documents\Downloads\FretsSetup.exe a variant of Win32/Adware.HotBar.H application cleaned by deleting - quarantined
    C:\Documents and Settings\mcastudent\rauoza.exe Win32/AutoRun.VB.GJ worm cleaned by deleting - quarantined
    C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe a variant of Win32/Injector.EIF trojan cleaned by deleting - quarantined
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\vmdcgr.exe a variant of Win32/Kryptik.EZC trojan cleaned by deleting (after the next restart) - quarantined
     

    Attached Files:

  4. iLJ

    iLJ Thread Starter

    Joined:
    Jan 16, 2011
    Messages:
    9
    I know this is going to sound crazy, but when I installed combo fix and double click to run it, it did a loading screen for about 19 seconds, (like a download screen with the green bars) and once it finished nothing else happened. No window popped up at all, so I clicked on the task manager and I saw that once I had launched combo fix, it started multiplying itself again and slowing my computer , it got to the point where I had to log off, and as I did a pev.exe pop up box had popped up, and said application error. (I don't even know what that is?, is that the process that was hiding in my processes that was causing all this behavior?)

    Anyways once I logged back in, I reread the post and it said not to re-run combo-fix if an error occurred just to report back here, and I am glad to say when my computer loaded back up a box on the top left had said waiting to load
    C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe a variant of Win32/Injector.EIF trojan cleaned by deleting - quarantined
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\vmdcgr.exe a variant of Win32/Kryptik.EZC trojan cleaned by deleting (after the next restart) - quarantined

    ^ One of those files for example you know you go "run" "msconfig" to get to the box where you can disable the startup menu or boot.ini, and then after reboot when you load your computer (or first login) the box will popup in the left top corner and then you will load normally, I guess that box had loaded but it was looking for the malware or infected file that was deleted I guess when I rebooted.

    Since it could not load the file my computer did not load as normal, it had a blue screen with no applications in the background, (I thought explorer.exe was not running, but I looked in the task manager, and it actually was) So I tried to kill it, then reload run it, and it still remained the same with that box in the top left corner. I then saw that .exe that had multiplied itself, and I proceeded to kill it, and when I did windows had started as normal, the crazy part about this is that the .exe did not multiply itself like usual when I killed it, so I do not know what has happened. Did Eset scan remove all the malware when I ran it overnight? I only followed this step because I saw that dvk told this one guy to do so, and after he said he didn't see this instance anymore. I ran a couple of speed test and since then (20 minutes ago) my computer speed is back to normal downloading movies at about 2mbps per sec/ and the internet is way faster.

    Any ideas?
     
  5. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi

    You are still infected or ComboFix would have run.

    Please do the following:


    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • Press Start Scan
      • Only if Malicious objects are found then ensure Cure is selected
      • Then click Continue > Reboot now
    • Copy and paste the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)


    NEXT

    Please delete the copy of ComboFix that you have on your desktop and download a fresh copy but rename it to iexplore before saving it to your desktop, now try and run it, make sure all your security programs are disabled or they will interfere.


    If it still wont run, try running it in safemode.
     
  6. iLJ

    iLJ Thread Starter

    Joined:
    Jan 16, 2011
    Messages:
    9
    I ran the scan, and it said no threats found. Do I run combo-fix now?

    TDSKiller Scan
    2011/01/17 17:05:20.0218 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11
    2011/01/17 17:05:20.0218 ================================================================================
    2011/01/17 17:05:20.0218 SystemInfo:
    2011/01/17 17:05:20.0218
    2011/01/17 17:05:20.0218 OS Version: 5.1.2600 ServicePack: 3.0
    2011/01/17 17:05:20.0218 Product type: Workstation
    2011/01/17 17:05:20.0218 ComputerName: LZMCA-07
    2011/01/17 17:05:20.0218 UserName: Administrator
    2011/01/17 17:05:20.0218 Windows directory: C:\WINDOWS
    2011/01/17 17:05:20.0218 System windows directory: C:\WINDOWS
    2011/01/17 17:05:20.0218 Processor architecture: Intel x86
    2011/01/17 17:05:20.0218 Number of processors: 1
    2011/01/17 17:05:20.0218 Page size: 0x1000
    2011/01/17 17:05:20.0218 Boot type: Normal boot
    2011/01/17 17:05:20.0218 ================================================================================
    2011/01/17 17:05:20.0515 Initialize success
    2011/01/17 17:05:25.0109 ================================================================================
    2011/01/17 17:05:25.0109 Scan started
    2011/01/17 17:05:25.0109 Mode: Manual;
    2011/01/17 17:05:25.0109 ================================================================================
    2011/01/17 17:05:28.0703 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/01/17 17:05:28.0765 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    2011/01/17 17:05:28.0859 aeaudio (ad707942e4ccb28d77cee5ed989c9e55) C:\WINDOWS\system32\drivers\aeaudio.sys
    2011/01/17 17:05:28.0906 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/01/17 17:05:28.0984 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/01/17 17:05:29.0125 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    2011/01/17 17:05:29.0531 aiptektp (d4944a84245f67094fd4867f2c1b6993) C:\WINDOWS\system32\DRIVERS\aiptektp.sys
    2011/01/17 17:05:29.0609 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2011/01/17 17:05:29.0781 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/01/17 17:05:29.0984 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/01/17 17:05:30.0000 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/01/17 17:05:30.0093 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/01/17 17:05:30.0140 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/01/17 17:05:30.0359 b57w2k (2dc524a5d9c4879e7a7cb7100a2d36b4) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    2011/01/17 17:05:30.0453 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
    2011/01/17 17:05:30.0484 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/01/17 17:05:30.0531 BTWUSB (fff2e9961021b3be82847690f54a2ef5) C:\WINDOWS\system32\Drivers\btwusb.sys
    2011/01/17 17:05:30.0578 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/01/17 17:05:30.0640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/01/17 17:05:30.0671 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/01/17 17:05:30.0703 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/01/17 17:05:30.0828 ClntMgmt.sys (573da08641afc8d940e0431945867906) C:\WINDOWS\System32\Drivers\ClntMgmt.sys
    2011/01/17 17:05:31.0046 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2011/01/17 17:05:31.0109 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2011/01/17 17:05:31.0250 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/01/17 17:05:31.0437 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/01/17 17:05:31.0500 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/01/17 17:05:31.0578 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/01/17 17:05:31.0656 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/01/17 17:05:31.0734 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/01/17 17:05:31.0812 drvmcdb (f41619ae216b51d68dda163805eefaa9) C:\WINDOWS\system32\drivers\drvmcdb.sys
    2011/01/17 17:05:31.0875 drvnddm (b295700e684ed1984db1d6be40354421) C:\WINDOWS\system32\drivers\drvnddm.sys
    2011/01/17 17:05:32.0000 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys
    2011/01/17 17:05:32.0140 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys
    2011/01/17 17:05:32.0390 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/01/17 17:05:32.0500 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/01/17 17:05:32.0593 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/01/17 17:05:32.0687 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/01/17 17:05:32.0859 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/01/17 17:05:33.0062 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/01/17 17:05:33.0109 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/01/17 17:05:33.0203 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/01/17 17:05:33.0375 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/01/17 17:05:33.0546 GTIPCI21 (7d074058804ad398f93ca0a08af83ff2) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
    2011/01/17 17:05:33.0765 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/01/17 17:05:34.0156 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/01/17 17:05:34.0546 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/01/17 17:05:34.0812 ialm (65e836680b2902ab7ff037a17b519cff) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    2011/01/17 17:05:35.0015 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/01/17 17:05:35.0296 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/01/17 17:05:35.0343 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/01/17 17:05:35.0421 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/01/17 17:05:35.0484 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/01/17 17:05:35.0625 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/01/17 17:05:35.0734 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/01/17 17:05:36.0031 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/01/17 17:05:36.0125 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
    2011/01/17 17:05:36.0312 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/01/17 17:05:36.0515 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/01/17 17:05:36.0750 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/01/17 17:05:36.0906 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/01/17 17:05:37.0000 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/01/17 17:05:37.0343 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/01/17 17:05:37.0578 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/01/17 17:05:37.0750 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/01/17 17:05:37.0812 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/01/17 17:05:37.0906 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/01/17 17:05:38.0078 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/01/17 17:05:38.0187 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/01/17 17:05:38.0437 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/01/17 17:05:38.0515 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/01/17 17:05:38.0687 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/01/17 17:05:38.0859 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/01/17 17:05:39.0031 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/01/17 17:05:39.0140 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/01/17 17:05:39.0312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/01/17 17:05:39.0390 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/01/17 17:05:39.0437 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/01/17 17:05:39.0531 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/01/17 17:05:39.0562 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/01/17 17:05:39.0609 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/01/17 17:05:39.0671 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/01/17 17:05:39.0781 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/01/17 17:05:39.0828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/01/17 17:05:39.0890 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/01/17 17:05:40.0000 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/01/17 17:05:40.0046 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/01/17 17:05:40.0078 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/01/17 17:05:40.0156 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
    2011/01/17 17:05:40.0203 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
    2011/01/17 17:05:40.0265 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
    2011/01/17 17:05:40.0375 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
    2011/01/17 17:05:40.0468 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/01/17 17:05:40.0546 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/01/17 17:05:40.0593 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/01/17 17:05:40.0656 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/01/17 17:05:40.0687 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/01/17 17:05:40.0765 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/01/17 17:05:40.0828 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    2011/01/17 17:05:41.0093 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/01/17 17:05:41.0140 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/01/17 17:05:41.0187 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/01/17 17:05:41.0250 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/01/17 17:05:41.0500 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/01/17 17:05:41.0609 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
    2011/01/17 17:05:41.0656 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/01/17 17:05:41.0687 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/01/17 17:05:41.0750 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/01/17 17:05:41.0828 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/01/17 17:05:41.0906 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/01/17 17:05:42.0000 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/01/17 17:05:42.0140 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/01/17 17:05:42.0234 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/01/17 17:05:43.0796 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    2011/01/17 17:05:45.0781 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/01/17 17:05:46.0453 Sentinel (8627c992b8a80504fc477b2e8ff8ec4f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
    2011/01/17 17:05:47.0328 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/01/17 17:05:48.0250 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/01/17 17:05:49.0531 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
    2011/01/17 17:05:51.0031 SMCIRDA (a8eb0aa07632a4c936ff6f8eda5bdead) C:\WINDOWS\system32\DRIVERS\smcirda.sys
    2011/01/17 17:05:52.0046 smwdm (858934c454bdc6664c752bf0cd3eaeae) C:\WINDOWS\system32\drivers\smwdm.sys
    2011/01/17 17:05:53.0156 Sntnlusb (87f799c486302aceff098e067d481d9c) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
    2011/01/17 17:05:54.0968 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/01/17 17:05:55.0968 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/01/17 17:05:56.0781 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/01/17 17:05:56.0828 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
    2011/01/17 17:05:56.0875 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
    2011/01/17 17:05:57.0140 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/01/17 17:05:57.0187 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/01/17 17:05:57.0328 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    2011/01/17 17:05:57.0359 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/01/17 17:05:57.0453 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/01/17 17:05:57.0734 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/01/17 17:05:58.0000 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/01/17 17:05:59.0078 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/01/17 17:05:59.0343 tfsnboio (2aceb9567639ff2db9d862104a80227a) C:\WINDOWS\system32\dla\tfsnboio.sys
    2011/01/17 17:05:59.0484 tfsncofs (d9f936eac2a6d55e3de87bedff8137a9) C:\WINDOWS\system32\dla\tfsncofs.sys
    2011/01/17 17:05:59.0515 tfsndrct (0fd9805bc047ada2cff540d4b7fa71fb) C:\WINDOWS\system32\dla\tfsndrct.sys
    2011/01/17 17:05:59.0546 tfsndres (f8b907198e2540a4a340f1e6775f7b71) C:\WINDOWS\system32\dla\tfsndres.sys
    2011/01/17 17:05:59.0640 tfsnifs (fb11349b31346290d098941f0216cc45) C:\WINDOWS\system32\dla\tfsnifs.sys
    2011/01/17 17:05:59.0687 tfsnopio (1994265f3a90e23a9434bba687f1a069) C:\WINDOWS\system32\dla\tfsnopio.sys
    2011/01/17 17:05:59.0781 tfsnpool (0b3d2bd550aa63bfd25ae8c5afbf7f76) C:\WINDOWS\system32\dla\tfsnpool.sys
    2011/01/17 17:05:59.0906 tfsnudf (716edddba259a2d699332df95301edda) C:\WINDOWS\system32\dla\tfsnudf.sys
    2011/01/17 17:05:59.0921 tfsnudfa (a8ee7bbdd0b8c01e38221d0dca2e7aaa) C:\WINDOWS\system32\dla\tfsnudfa.sys
    2011/01/17 17:06:00.0000 tifm21 (8778a553003a3d37a550a1f9cff6be28) C:\WINDOWS\system32\drivers\tifm21.sys
    2011/01/17 17:06:00.0156 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/01/17 17:06:00.0265 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/01/17 17:06:00.0375 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2011/01/17 17:06:00.0406 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/01/17 17:06:00.0453 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/01/17 17:06:00.0562 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/01/17 17:06:00.0609 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\WINDOWS\system32\Drivers\usbio.sys
    2011/01/17 17:06:00.0703 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/01/17 17:06:00.0890 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/01/17 17:06:00.0937 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/01/17 17:06:00.0984 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/01/17 17:06:01.0031 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/01/17 17:06:01.0062 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/01/17 17:06:01.0343 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys
    2011/01/17 17:06:01.0656 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/01/17 17:06:01.0734 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/01/17 17:06:01.0906 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    2011/01/17 17:06:01.0984 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2011/01/17 17:06:02.0078 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/01/17 17:06:02.0125 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/01/17 17:06:02.0234 ================================================================================
    2011/01/17 17:06:02.0234 Scan finished
    2011/01/17 17:06:02.0234 ================================================================================
     

    Attached Files:

  7. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    yes, please try running the renamed ComboFix, try it in safe mode if it still wont run in normal mode
     
  8. iLJ

    iLJ Thread Starter

    Joined:
    Jan 16, 2011
    Messages:
    9
    Tried it in safe mode, and in normal mode, but its not running, it just loads all the way and has a tab at the bottom by the start menu, and when it fully loads, it dissapears and then the .exe processes begin multiplying themselves all over again and slowing my computer.
    Added: Now when I shutdown or restart, a application error pops up that says pev.exe error or some crap.
     
  9. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi

    Please do the following:

    • Please go to VirSCAN.org FREE on-line scan service
    • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

      c:\windows\system32\userinit.exe
    • Click on the Upload button
    • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
    • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
    • Paste the contents of the Clipboard in your next reply.

    Please do the same for the following files:
    c:\windows\explorer.exe
    c:\windows\system32\ctfmon.exe
    c:\windows\system32\spoolsv.exe



    NEXT



    • Download OTL and save it to your desktop.
    • Double click on the [​IMG] icon to run it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top, make sure Standard output is selected.
    • Under the Extra Registry section, check Use SafeList
    • Download the following file scan.txt and save it to your Desktop. (You may need to right click on it and select "Save")
    • Double click inside the Custom Scan box at the bottom
    • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
    • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
    • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
     
  10. iLJ

    iLJ Thread Starter

    Joined:
    Jan 16, 2011
    Messages:
    9
    Sorry it took so long, my computer is going very slow right now, here are the files scanned by virscan.org Posting the otl in a few.

    c:\windows\system32\userinit.exe Content :
    VirSCAN.org Scanned Report :
    Scanned time : 2011/01/17 18:44:27 (PST)
    Scanner results: Scanners did not find malware!
    File Name : userinit.exe
    File Size : 26112 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : a93aee1928a9d7ce3e16d24ec7380f89
    SHA1 : 513f8bdf67a5a9e09803cfb61f590b39f2683853
    Online report : http://virscan.org/report/425db76687e7a0c8743e1d2b811cf709.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 5.1.0.2 20110118002000 2011-01-18 5.61 -
    AhnLab V3 2011.01.11.00 2011.01.11 2011-01-11 1.50 -
    AntiVir 8.2.4.134 7.11.0.248 2010-12-31 0.28 -
    Antiy 2.0.18 20101228.6954489 2010-12-28 0.02 -
    Arcavir 2010 201101181043 2011-01-18 0.05 -
    Authentium 5.1.1 201101171726 2011-01-17 1.71 -
    AVAST! 4.7.4 110117-1 2011-01-17 0.01 -
    AVG 8.5.850 271.1.1/3387 2011-01-18 0.26 -
    BitDefender 7.90123.6660429 7.35760 2011-01-18 6.87 -
    ClamAV 0.96.5 12536 2011-01-18 0.00 -
    Comodo 4.0 7424 2011-01-17 0.98 -
    CP Secure 1.3.0.5 2011.01.17 2011-01-17 0.05 -
    Dr.Web 5.0.2.3300 2011.01.18 2011-01-18 10.93 -
    F-Prot 4.4.4.56 20110117 2011-01-17 1.49 -
    F-Secure 7.02.73807 2011.01.17.07 2011-01-17 0.30 -
    Fortinet 4.2.254 12.806 2011-01-17 0.27 -
    GData 21.1583/21.624 20110118 2011-01-18 21.56 -
    ViRobot 20110117 2011.01.17 2011-01-17 2.25 -
    Ikarus T3.1.32.15.0 2011.01.17.77549 2011-01-17 4.96 -
    JiangMin 13.0.900 2011.01.17 2011-01-17 1.62 -
    Kaspersky 5.5.10 2011.01.17 2011-01-17 0.18 -
    KingSoft 2009.2.5.15 2011.1.17.18 2011-01-17 0.97 -
    McAfee 5400.1158 6229 2011-01-17 19.74 -
    Microsoft 1.6402 2011.01.17 2011-01-17 15.44 -
    Norman 6.06.12 6.06.00 2011-01-17 14.01 -
    Panda 9.05.01 2011.01.17 2011-01-17 2.49 -
    Trend Micro 9.200-1012 7.774.20 2011-01-17 0.04 -
    Quick Heal 11.00 2011.01.17 2011-01-17 1.18 -
    Rising 20.0 22.83.00.03 2011-01-17 2.37 -
    Sophos 3.15.0 4.61 2011-01-18 3.16 -
    Sunbelt 3.9.2464.2 8105 2011-01-17 2.22 -
    Symantec 1.3.0.24 20110116.003 2011-01-16 0.17 -
    nProtect 20110116.01 9619968 2011-01-16 21.34 -
    The Hacker 6.7.0.1 v00115 2011-01-14 0.65 -
    VBA32 3.12.14.2 20110116.1511 2011-01-16 3.67 -
    VirusBuster 5.2.0.28 13.6.151.0/42813722011-01-17 0.00 -



    c:\windows\explorer.exe Content :
    VirSCAN.org Scanned Report :
    Scanned time : 2011/01/17 18:48:37 (PST)
    Scanner results: Scanners did not find malware!
    File Name : explorer.exe
    File Size : 1033728 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : 12896823fb95bfb3dc9b46bcaedc9923
    SHA1 : 9d2bf84874abc5b6e9a2744b7865c193c08d362f
    Online report : http://virscan.org/report/dd23ee426492f550a91ef5c0d7b0bc73.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 5.1.0.2 20110118002000 2011-01-18 7.04 -
    AhnLab V3 2011.01.11.00 2011.01.11 2011-01-11 2.41 -
    AntiVir 8.2.4.134 7.11.0.248 2010-12-31 0.30 -
    Antiy 2.0.18 20101228.6954489 2010-12-28 0.02 -
    Arcavir 2010 201101181043 2011-01-18 0.14 -
    Authentium 5.1.1 201101172247 2011-01-17 2.63 -
    AVAST! 4.7.4 110117-1 2011-01-17 0.06 -
    AVG 8.5.850 271.1.1/3387 2011-01-18 0.25 -
    BitDefender 7.90123.6660429 7.35760 2011-01-18 6.10 -
    ClamAV 0.96.5 12537 2011-01-18 0.23 -
    Comodo 4.0 7424 2011-01-17 1.19 -
    CP Secure 1.3.0.5 2011.01.17 2011-01-17 0.11 -
    Dr.Web 5.0.2.3300 2011.01.18 2011-01-18 10.87 -
    F-Prot 4.4.4.56 20110117 2011-01-17 2.41 -
    F-Secure 7.02.73807 2011.01.17.07 2011-01-17 0.18 -
    Fortinet 4.2.254 12.806 2011-01-17 0.35 -
    GData 21.1583/21.624 20110118 2011-01-18 9.74 -
    ViRobot 20110117 2011.01.17 2011-01-17 0.38 -
    Ikarus T3.1.32.15.0 2011.01.18.77550 2011-01-18 4.97 -
    JiangMin 13.0.900 2011.01.17 2011-01-17 1.82 -
    Kaspersky 5.5.10 2011.01.17 2011-01-17 0.10 -
    KingSoft 2009.2.5.15 2011.1.17.18 2011-01-17 2.49 -
    McAfee 5400.1158 6229 2011-01-17 22.11 -
    Microsoft 1.6402 2011.01.17 2011-01-17 3.84 -
    Norman 6.06.12 6.06.00 2011-01-17 14.02 -
    Panda 9.05.01 2011.01.17 2011-01-17 22.43 -
    Trend Micro 9.200-1012 7.774.20 2011-01-17 0.04 -
    Quick Heal 11.00 2011.01.17 2011-01-17 10.43 -
    Rising 20.0 22.83.00.03 2011-01-17 2.32 -
    Sophos 3.15.0 4.61 2011-01-18 3.13 -
    Sunbelt 3.9.2464.2 8105 2011-01-17 0.59 -
    Symantec 1.3.0.24 20110116.003 2011-01-16 0.10 -
    nProtect 20110116.01 9619968 2011-01-16 14.76 -
    The Hacker 6.7.0.1 v00115 2011-01-14 0.54 -
    VBA32 3.12.14.2 20110116.1511 2011-01-16 3.54 -
    VirusBuster 5.2.0.28 13.6.151.0/42813722011-01-17 0.00 -



    c:\windows\system32\ctfmon.exe Content :
    VirSCAN.org Scanned Report :
    Scanned time : 2011/01/17 19:00:42 (PST)
    Scanner results: Scanners did not find malware!
    File Name : ctfmon.exe
    File Size : 15360 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : 5f1d5f88303d4a4dbc8e5f97ba967cc3
    SHA1 : 99cb7370f16773c8e2d0c86fe805ec638ab126e9
    Online report : http://virscan.org/report/5f9261794eb1244cbeb86a914197f25e.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 5.1.0.2 20110118002000 2011-01-18 6.83 -
    AhnLab V3 2011.01.11.00 2011.01.11 2011-01-11 1.64 -
    AntiVir 8.2.4.134 7.11.0.248 2010-12-31 0.28 -
    Antiy 2.0.18 20101228.6954489 2010-12-28 0.02 -
    Arcavir 2010 201101181043 2011-01-18 0.04 -
    Authentium 5.1.1 201101172247 2011-01-17 1.64 -
    AVAST! 4.7.4 110117-1 2011-01-17 0.01 -
    AVG 8.5.850 271.1.1/3387 2011-01-18 0.45 -
    BitDefender 7.90123.6660429 7.35760 2011-01-18 7.39 -
    ClamAV 0.96.5 12537 2011-01-18 0.04 -
    Comodo 4.0 7424 2011-01-17 0.98 -
    CP Secure 1.3.0.5 2011.01.17 2011-01-17 0.05 -
    Dr.Web 5.0.2.3300 2011.01.18 2011-01-18 10.63 -
    F-Prot 4.4.4.56 20110117 2011-01-17 1.55 -
    F-Secure 7.02.73807 2011.01.17.07 2011-01-17 0.20 -
    Fortinet 4.2.254 12.806 2011-01-17 0.78 -
    GData 21.1583/21.624 20110118 2011-01-18 17.58 -
    ViRobot 20110117 2011.01.17 2011-01-17 0.97 -
    Ikarus T3.1.32.15.0 2011.01.18.77550 2011-01-18 4.97 -
    JiangMin 13.0.900 2011.01.17 2011-01-17 1.44 -
    Kaspersky 5.5.10 2011.01.17 2011-01-17 0.15 -
    KingSoft 2009.2.5.15 2011.1.17.18 2011-01-17 0.71 -
    McAfee 5400.1158 6229 2011-01-17 18.39 -
    Microsoft 1.6402 2011.01.17 2011-01-17 22.81 -
    Norman 6.06.12 6.06.00 2011-01-17 14.03 -
    Panda 9.05.01 2011.01.17 2011-01-17 4.45 -
    Trend Micro 9.200-1012 7.774.20 2011-01-17 0.04 -
    Quick Heal 11.00 2011.01.17 2011-01-17 2.37 -
    Rising 20.0 22.83.00.03 2011-01-17 2.37 -
    Sophos 3.15.0 4.61 2011-01-18 3.11 -
    Sunbelt 3.9.2464.2 8105 2011-01-17 0.63 -
    Symantec 1.3.0.24 20110116.003 2011-01-16 2.00 -
    nProtect 20110116.01 9619968 2011-01-16 33.68 -
    The Hacker 6.7.0.1 v00115 2011-01-14 0.65 -
    VBA32 3.12.14.2 20110116.1511 2011-01-16 3.45 -
    VirusBuster 5.2.0.28 13.6.151.0/42813722011-01-17 0.00 -



    c:\windows\system32\spoolsv.exe Content :

    VirSCAN.org Scanned Report :
    Scanned time : 2011/01/17 19:14:53 (PST)
    Scanner results: Scanners did not find malware!
    File Name : spoolsv.exe
    File Size : 57856 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : d8e14a61acc1d4a6cd0d38aebac7fa3b
    SHA1 : 0e5d1a09a103eae3bd693c7a1c7531fde2e2402b
    Online report : http://virscan.org/report/75520c9fe309a729168ed456220c9e3a.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 5.1.0.2 20110118002000 2011-01-18 21.07 -
    AhnLab V3 2011.01.11.00 2011.01.11 2011-01-11 10.72 -
    AntiVir 8.2.4.134 7.11.0.248 2010-12-31 0.34 -
    Antiy 2.0.18 20101228.6954489 2010-12-28 0.07 -
    Arcavir 2010 201101181043 2011-01-18 0.30 -
    Authentium 5.1.1 201101172247 2011-01-17 2.92 -
    AVAST! 4.7.4 110117-1 2011-01-17 0.01 -
    AVG 8.5.850 271.1.1/3387 2011-01-18 1.25 -
    BitDefender 7.90123.6660429 7.35760 2011-01-18 14.28 -
    ClamAV 0.96.5 12537 2011-01-18 0.05 -
    Comodo 4.0 7424 2011-01-17 1.31 -
    CP Secure 1.3.0.5 2011.01.17 2011-01-17 0.34 -
    Dr.Web 5.0.2.3300 2011.01.18 2011-01-18 18.60 -
    F-Prot 4.4.4.56 20110117 2011-01-17 5.27 -
    F-Secure 7.02.73807 2011.01.17.07 2011-01-17 14.80 -
    Fortinet 4.2.254 12.806 2011-01-17 22.26 -
    GData 21.1583/21.624 20110118 2011-01-18 23.34 -
    ViRobot 20110117 2011.01.17 2011-01-17 0.56 -
    Ikarus T3.1.32.15.0 2011.01.18.77550 2011-01-18 10.93 -
    JiangMin 13.0.900 2011.01.17 2011-01-17 1.62 -
    Kaspersky 5.5.10 2011.01.17 2011-01-17 0.10 -
    KingSoft 2009.2.5.15 2011.1.17.18 2011-01-17 1.25 -
    McAfee 5400.1158 6229 2011-01-17 0.00 -
    Microsoft 1.6402 2011.01.17 2011-01-17 4.01 -
    Norman 6.06.12 6.06.00 2011-01-17 59.95 -
    Panda 9.05.01 2011.01.17 2011-01-17 7.86 -
    Trend Micro 9.200-1012 7.774.20 2011-01-17 0.04 -
    Quick Heal 11.00 2011.01.17 2011-01-17 12.02 -
    Rising 20.0 22.83.00.03 2011-01-17 8.55 -
    Sophos 3.15.0 4.61 2011-01-18 3.05 -
    Sunbelt 3.9.2464.2 8105 2011-01-17 2.62 -
    Symantec 1.3.0.24 20110116.003 2011-01-16 0.29 -
    nProtect 20110116.01 9619968 2011-01-16 38.04 -
    The Hacker 6.7.0.1 v00115 2011-01-14 0.71 -
    VBA32 3.12.14.2 20110116.1511 2011-01-16 4.33 -
    VirusBuster 5.2.0.28 13.6.151.0/42813722011-01-17 0.01 -
     
  11. iLJ

    iLJ Thread Starter

    Joined:
    Jan 16, 2011
    Messages:
    9
    OTL logfile created on: 1/17/2011 7:27:10 PM - Run 2
    OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55.88 Gb Total Space | 2.31 Gb Free Space | 4.14% Space Free | Partition Type: NTFS

    Computer Name: LZMCA-07 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/17 18:42:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2011/01/17 03:33:26 | 000,061,440 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\ljua.exe
    PRC - [2011/01/12 02:14:24 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/06/03 02:52:54 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    PRC - [2005/04/04 17:58:30 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    PRC - [2005/02/03 09:37:40 | 000,286,720 | ---- | M] (Aiptek) -- C:\WINDOWS\system32\atwtusb.exe
    PRC - [2004/12/14 01:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
    PRC - [2004/11/04 10:40:08 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    PRC - [2004/11/01 10:11:46 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
    PRC - [2004/10/14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    PRC - [2004/07/16 22:26:44 | 000,126,976 | ---- | M] () -- C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
    PRC - [2004/05/07 09:20:52 | 000,024,681 | ---- | M] () -- C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
    PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    PRC - [2002/09/20 09:29:28 | 000,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/17 18:42:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    MOD - [2004/11/04 10:39:58 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (ITMRTSVC)
    SRV - File not found [Auto | Stopped] -- -- (InoTask)
    SRV - File not found [Auto | Stopped] -- -- (InoRT)
    SRV - File not found [Auto | Stopped] -- -- (InoRPC)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [Auto | Stopped] -- -- (AVGIDSAgent)
    SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2007/02/05 07:57:24 | 000,106,496 | ---- | M] (CA, Inc.) [Auto | Stopped] -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe -- (iGateway)
    SRV - [2005/04/04 17:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
    SRV - [2004/07/16 22:26:44 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\Program Files\Alias\Maya7.0\docs\wrapper.exe -- (maya70docserver)
    SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
    SRV - [2002/09/20 09:41:00 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe -- (CA_LIC_SRVR)
    SRV - [2002/09/20 09:29:28 | 000,053,248 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)
    SRV - [2002/09/20 09:27:04 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT)


    ========== Driver Services (SafeList) ==========

    DRV - [2008/04/13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
    DRV - [2005/02/10 16:52:36 | 000,157,056 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2004/11/16 02:37:48 | 003,222,784 | ---- | M] (IntelĀ® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
    DRV - [2004/11/04 10:26:42 | 000,186,016 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2004/11/04 02:24:12 | 000,055,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2004/09/23 17:01:02 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2004/08/24 03:20:08 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2004/08/17 03:21:00 | 000,087,168 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
    DRV - [2004/08/04 00:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
    DRV - [2004/08/04 00:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
    DRV - [2004/08/03 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
    DRV - [2004/08/03 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
    DRV - [2004/08/03 01:05:00 | 000,086,138 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
    DRV - [2004/08/03 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
    DRV - [2004/08/03 01:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
    DRV - [2004/08/03 01:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
    DRV - [2004/08/03 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
    DRV - [2004/08/03 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
    DRV - [2004/08/03 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
    DRV - [2004/08/01 15:34:58 | 000,190,336 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2004/07/14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
    DRV - [2004/07/14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
    DRV - [2004/07/14 02:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
    DRV - [2004/07/07 16:02:14 | 000,022,272 | ---- | M] (AIPTEK International Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aiptektp.sys -- (aiptektp)
    DRV - [2004/06/16 10:19:58 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
    DRV - [2004/05/03 08:26:16 | 000,080,384 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
    DRV - [2004/04/14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
    DRV - [2004/02/20 10:35:28 | 000,059,044 | R--- | M] (Hewlett-Packard) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\ClntMgmt.sys -- (ClntMgmt.sys)
    DRV - [2003/06/06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
    DRV - [2001/08/17 07:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/06/21 20:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
    DRV - [2001/06/21 20:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
    DRV - [2001/05/07 02:56:02 | 000,019,805 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..network.proxy.type: 0


    [2011/01/17 03:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2011/01/17 03:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\84p77748.default\extensions
    [2011/01/17 02:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/01/17 03:20:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2010/12/16 16:30:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2004/08/04 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
    O4 - HKLM..\Run: [atwtusb] C:\WINDOWS\System32\atwtusb.exe (Aiptek)
    O4 - HKLM..\Run: [ChangeResolution] File not found
    O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
    O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
    O4 - HKLM..\Run: [Realtime Monitor] File not found
    O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
    O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
    O4 - HKCU..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe ()
    O4 - HKCU..\Run: [Aim] C:\Program Files\AIM7\aim.exe (AOL Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
    O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = centinela.k12.ca.us
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Administrator\Application Data\ljua.exe -dwup) - C:\Documents and Settings\Administrator\Application Data\ljua.exe ()
    O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\HP Cityscape.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Cityscape.bmp
    O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: SENTINEL - C:\WINDOWS\System32\SNTI386.DLL (Rainbow Technologies, Inc.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 2
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 0

    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PEVSystemStart - Service
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: procexp90.Sys - Driver
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vds - Service
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PEVSystemStart - Service
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: procexp90.Sys - Driver
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} - C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\vmdcgr.exe
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
    ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/17 18:42:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2011/01/17 18:13:29 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/01/17 18:11:53 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
    [2011/01/17 17:05:08 | 001,344,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
    [2011/01/17 04:20:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/01/17 04:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2011/01/17 04:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2011/01/17 04:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/01/17 03:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
    [2011/01/17 03:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2011/01/17 03:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
    [2011/01/17 03:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Revo Uninstaller
    [2011/01/17 03:22:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
    [2011/01/17 03:22:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
    [2011/01/17 03:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
    [2011/01/17 03:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Warcraft III
    [2011/01/17 03:22:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Google Chrome
    [2011/01/17 03:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
    [2011/01/17 03:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
    [2011/01/17 03:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\WinRAR
    [2011/01/17 03:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Miro
    [2011/01/17 03:20:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
    [2011/01/17 03:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RecordNow! CD&DVD Recording
    [2011/01/17 03:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
    [2011/01/17 03:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared
    [2011/01/17 03:08:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
    [2011/01/17 03:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
    [2011/01/17 00:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\MWSnap(2)
    [2011/01/13 06:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\AIM7
    [2011/01/12 05:20:00 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
    [2011/01/12 05:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2011/01/12 04:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2011/01/12 04:33:16 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
    [2011/01/12 02:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\Warcraft III
    [2011/01/12 02:14:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
    [2011/01/12 02:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
    [2011/01/12 01:53:19 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/01/12 01:36:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
    [2011/01/11 23:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox(3)
    [2011/01/11 22:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/01/11 00:44:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Updater
    [2011/01/01 06:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\GHost Files
    [2011/01/01 05:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder(2)
    [2010/12/30 02:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PCF-VLC
    [2010/12/30 01:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
    [2010/12/30 01:25:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Participatory Culture Foundation
    [2010/12/30 01:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Games
    [2010/12/29 17:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\LJ Pictures
    [2010/12/24 11:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\acccore
    [2010/12/24 11:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AOL
    [2010/12/24 11:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AIM
    [2010/12/24 11:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
    [2010/12/24 11:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AIM
    [2010/12/24 11:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
    [2010/12/24 11:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
    [2010/12/23 09:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\maya
    [2010/12/21 07:48:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2010/12/20 16:19:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Diag tool
    [2010/12/20 02:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
    [2010/12/20 00:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
    [2010/12/20 00:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
    [2010/12/20 00:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
    [2010/12/20 00:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Warcraft III(2).temp
    [2010/12/20 00:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
    [2010/12/20 00:03:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
    [2010/12/20 00:03:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
    [2010/12/20 00:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
    [2010/12/20 00:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
    [2010/12/19 20:18:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Warcraft III 1.21b TFT Installer enUS
    [2010/12/19 20:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Warcraft IIII
    [2010/12/19 09:46:40 | 000,000,000 | ---D | C] -- C:\Program Files\SelectRebates
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/01/17 19:19:01 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3494177053-862362492-3914617089-500UA.job
    [2011/01/17 18:42:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2011/01/17 18:15:13 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    [2011/01/17 18:15:10 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\158734.exe
    [2011/01/17 18:10:53 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\1034312.exe
    [2011/01/17 18:05:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/01/17 18:05:23 | 1333,186,560 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/17 17:47:53 | 004,156,942 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\iexplore.exe
    [2011/01/17 10:25:28 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Administrator\hhdr.exe
    [2011/01/17 03:33:26 | 000,061,440 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\ljua.exe
    [2011/01/17 02:34:06 | 000,447,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/01/17 02:34:06 | 000,074,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/01/16 16:52:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/01/14 02:19:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3494177053-862362492-3914617089-500Core.job
    [2011/01/13 06:58:55 | 000,001,601 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
    [2011/01/13 06:58:55 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
    [2011/01/13 06:58:47 | 000,000,344 | -H-- | M] () -- C:\IPH.PH
    [2011/01/12 23:13:42 | 000,001,641 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Retry AIM Installation.lnk
    [2011/01/12 20:25:04 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011/01/12 20:25:03 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
    [2011/01/12 09:52:16 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
    [2011/01/12 05:27:05 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
    [2011/01/12 05:20:06 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\iTunes.lnk
    [2011/01/12 05:20:06 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2011/01/12 05:17:27 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2011/01/12 05:14:45 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
    [2011/01/12 04:19:40 | 000,000,211 | RHS- | M] () -- C:\boot.ini
    [2011/01/12 02:49:38 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Warcraft III - The Frozen Throne.lnk
    [2011/01/12 02:45:08 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Warcraft III.lnk
    [2011/01/11 00:54:25 | 000,069,284 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Transcript For Burger King, (School did not want to release it until friday) So I had to take a picture.pdf
    [2011/01/11 00:50:03 | 000,537,088 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Doc1.doc
    [2011/01/10 01:13:23 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\The Change a Life Foundation Scholarships.doc
    [2011/01/10 01:07:42 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\American Liberty Scholarship.doc
    [2011/01/10 00:43:44 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Wells Fargo $1,000 Scholarship.doc
    [2011/01/10 00:33:33 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Scholarship Points $10,000 Scholarship.doc
    [2011/01/10 00:26:59 | 000,155,136 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Scholarship Zone $10,000 Scholarship.doc
    [2011/01/10 00:21:13 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\The College JumpStart Scholarship Fund Scholarship.doc
    [2011/01/09 22:01:22 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Courage to Grow Scholarship.doc
    [2011/01/09 21:33:35 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Zinch $20,000 Scholarship.doc
    [2011/01/09 21:25:11 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\College Prowler No Essay Scholarship.doc
    [2011/01/09 21:18:27 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\U.S. Bank Scholarship.doc
    [2011/01/09 19:50:01 | 000,010,631 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ED-AL097_1teenw_NS_20100304202254.gif
    [2011/01/06 00:26:42 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Lanon Johnson.doc
    [2010/12/23 13:17:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/12/19 13:19:34 | 000,000,064 | ---- | M] () -- C:\WINDOWS\GPlrLanc.dat
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/01/17 18:15:08 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\158734.exe
    [2011/01/17 18:10:34 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\1034312.exe
    [2011/01/17 18:05:23 | 1333,186,560 | -HS- | C] () -- C:\hiberfil.sys
    [2011/01/17 17:47:43 | 004,156,942 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\iexplore.exe
    [2011/01/17 03:33:36 | 000,061,440 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\ljua.exe
    [2011/01/17 03:33:26 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\Administrator\hhdr.exe
    [2011/01/13 06:58:55 | 000,001,601 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
    [2011/01/13 06:58:55 | 000,001,583 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
    [2011/01/12 23:13:43 | 000,000,344 | -H-- | C] () -- C:\IPH.PH
    [2011/01/12 23:13:42 | 000,001,641 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Retry AIM Installation.lnk
    [2011/01/12 05:20:06 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\iTunes.lnk
    [2011/01/12 05:20:06 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2011/01/12 05:17:27 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2011/01/12 05:14:45 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
    [2011/01/12 02:45:42 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Warcraft III - The Frozen Throne.lnk
    [2011/01/12 02:42:02 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Warcraft III.lnk
    [2011/01/12 02:15:20 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
    [2011/01/12 02:15:20 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011/01/12 02:14:28 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3494177053-862362492-3914617089-500UA.job
    [2011/01/12 02:14:27 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3494177053-862362492-3914617089-500Core.job
    [2011/01/11 00:52:59 | 000,069,284 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Transcript For Burger King, (School did not want to release it until friday) So I had to take a picture.pdf
    [2011/01/11 00:50:03 | 000,537,088 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Doc1.doc
    [2011/01/10 01:13:23 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\The Change a Life Foundation Scholarships.doc
    [2011/01/10 01:07:42 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\American Liberty Scholarship.doc
    [2011/01/10 00:43:44 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Wells Fargo $1,000 Scholarship.doc
    [2011/01/10 00:33:33 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Scholarship Points $10,000 Scholarship.doc
    [2011/01/10 00:26:58 | 000,155,136 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Scholarship Zone $10,000 Scholarship.doc
    [2011/01/10 00:21:13 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\The College JumpStart Scholarship Fund Scholarship.doc
    [2011/01/09 22:01:22 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Courage to Grow Scholarship.doc
    [2011/01/09 21:33:35 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Zinch $20,000 Scholarship.doc
    [2011/01/09 21:25:10 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\College Prowler No Essay Scholarship.doc
    [2011/01/09 21:18:27 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\U.S. Bank Scholarship.doc
    [2011/01/09 19:50:00 | 000,010,631 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ED-AL097_1teenw_NS_20100304202254.gif
    [2011/01/06 00:26:42 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Lanon Johnson.doc
    [2010/12/19 13:19:34 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
    [2009/02/20 08:40:07 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\Funckey.dll
    [2009/02/20 08:40:06 | 000,002,593 | ---- | C] () -- C:\WINDOWS\aiptbl.ini
    [2008/03/10 07:28:17 | 000,178,400 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2008/02/08 08:11:01 | 000,069,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSge10d.sys
    [2007/10/18 11:22:43 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
    [2007/10/15 13:34:32 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Static Library
    [2007/10/15 13:34:32 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Sports
    [2007/10/15 13:34:32 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
    [2005/09/21 08:15:04 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2005/09/21 08:13:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/09/20 23:06:56 | 000,000,047 | ---- | C] () -- C:\WINDOWS\InoSetup.ini
    [2005/09/20 22:30:56 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2005/09/20 22:30:56 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2005/09/20 22:30:56 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2005/09/20 22:30:56 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2005/09/20 22:30:56 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2005/09/20 22:30:56 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2005/02/15 16:00:36 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
    [2005/02/15 15:55:28 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2005/02/15 15:48:13 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2004/10/26 10:30:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/07 05:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2004/08/07 05:12:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/07 05:02:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/06/01 01:39:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
    [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    < End of report >
     
  12. iLJ

    iLJ Thread Starter

    Joined:
    Jan 16, 2011
    Messages:
    9
    OTL Extras logfile created on: 1/17/2011 7:27:10 PM - Run 2
    OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55.88 Gb Total Space | 2.31 Gb Free Space | 4.14% Space Free | Partition Type: NTFS

    Computer Name: LZMCA-07 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
    "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
    "{0EB768CD-EF48-4C66-8BCB-2DA8166B2654}" = GradeQuick Web Plugin
    "{107558C8-458B-45EA-A0FE-7CC10D687DB6}" = CA eTrustITM Agent
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
    "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
    "{30C10EE3-EFB3-4B7A-9CDC-50790C2B5200}" = CA Licensing
    "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
    "{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{40BB3EDE-56CB-467E-ADEE-F6C57552F528}" = Maya Shader Library for Maya
    "{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant
    "{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
    "{6E4B4026-92AD-46D3-AD73-6D6F23943871}" = Alias DirectConnect 2.0
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
    "{847501DF-07C0-4691-B04A-893929F108AE}" = CA iTechnology iGateway
    "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
    "{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = TIxx21
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}" = HP ProtectTools Security Manager 1.00 C3
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
    "{99B41A19-7FD5-4B0C-A2AB-1A065669F8A3}" = Maya 7.0
    "{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
    "{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
    "{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
    "{AE052EF7-2640-48D7-8915-69B810D975CB}" = HP BIOS Configuration for ProtectTools 1.00 B7
    "{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
    "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
    "{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.00 D5
    "{D0572854-191F-45DB-B959-641F8E5C8409}" = HP Accessories Product Tour
    "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
    "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
    "Action Replay Code Manager_is1" = Action Replay Code Manager
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe SVG Viewer" = Adobe SVG Viewer 3.0
    "Agere Systems Soft Modem" = Agere Systems AC'97 Modem
    "AIM_7" = AIM 7
    "ESET Online Scanner" = ESET Online Scanner v3
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "InstallShield_{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = Texas Instruments PCIxx21/x515 drivers.
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PictureProject In Touch Downloader" = PictureProject In Touch Downloader 1.0
    "Rainbow Sentinel Driver" = Sentinel System Driver
    "Revo Uninstaller" = Revo Uninstaller 1.91
    "Rmtablet" = USB Tablet Driver
    "ShockwaveFlash" = Adobe Flash Player 9 ActiveX
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Warcraft III" = Warcraft III
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/17/2011 6:59:14 AM | Computer Name = LZMCA-07 | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 1/17/2011 6:59:16 AM | Computer Name = LZMCA-07 | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for local system failed to contact
    the active directory (0x8007054b). The specified domain either does not exist
    or could not be contacted. Enrollment will not be performed.

    Error - 1/17/2011 7:28:48 AM | Computer Name = LZMCA-07 | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 1/17/2011 7:28:49 AM | Computer Name = LZMCA-07 | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for local system failed to contact
    the active directory (0x8007054b). The specified domain either does not exist
    or could not be contacted. Enrollment will not be performed.

    Error - 1/17/2011 3:28:53 PM | Computer Name = LZMCA-07 | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for local system failed to contact
    the active directory (0x8007054b). The specified domain either does not exist
    or could not be contacted. Enrollment will not be performed.

    Error - 1/17/2011 10:02:15 PM | Computer Name = LZMCA-07 | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 0.0.0.0, faulting module
    iexplore.exe, version 0.0.0.0, fault address 0x0008d560.

    Error - 1/17/2011 10:07:38 PM | Computer Name = LZMCA-07 | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 1/17/2011 10:07:40 PM | Computer Name = LZMCA-07 | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for local system failed to contact
    the active directory (0x8007054b). The specified domain either does not exist
    or could not be contacted. Enrollment will not be performed.

    Error - 1/17/2011 10:08:23 PM | Computer Name = LZMCA-07 | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: Received from 192.168.0.10:5353 15 10.0.168.192.in-addr.arpa.
    PTR LZMCA-8.local.

    Error - 1/17/2011 10:08:23 PM | Computer Name = LZMCA-07 | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 16 10.0.168.192.in-addr.arpa.
    PTR LZMCA-07.local.

    [ System Events ]
    Error - 1/17/2011 10:08:08 PM | Computer Name = LZMCA-07 | Source = Service Control Manager | ID = 7000
    Description = The DS1410D service failed to start due to the following error: %%2

    Error - 1/17/2011 10:08:08 PM | Computer Name = LZMCA-07 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Google Update Service
    (gupdate) service to connect.

    Error - 1/17/2011 10:08:08 PM | Computer Name = LZMCA-07 | Source = Service Control Manager | ID = 7000
    Description = The Google Update Service (gupdate) service failed to start due to
    the following error: %%1053

    Error - 1/17/2011 10:08:08 PM | Computer Name = LZMCA-07 | Source = Service Control Manager | ID = 7000
    Description = The eTrust Antivirus Realtime Service service failed to start due
    to the following error: %%3

    Error - 1/17/2011 10:08:08 PM | Computer Name = LZMCA-07 | Source = Service Control Manager | ID = 7000
    Description = The CA Pest Patrol Realtime Protection Service service failed to start
    due to the following error: %%2

    Error - 1/17/2011 10:09:46 PM | Computer Name = LZMCA-07 | Source = Service Control Manager | ID = 7022
    Description = The iTechnology iGateway 4.2 service hung on starting.

    Error - 1/17/2011 10:09:46 PM | Computer Name = LZMCA-07 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    INO_FLPY

    Error - 1/17/2011 10:09:46 PM | Computer Name = LZMCA-07 | Source = Service Control Manager | ID = 7034
    Description = The iTechnology iGateway 4.2 service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 1/17/2011 10:23:14 PM | Computer Name = LZMCA-07 | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 29 minutes. NtpClient has no source of accurate
    time.

    Error - 1/17/2011 10:53:16 PM | Computer Name = LZMCA-07 | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 59 minutes. NtpClient has no source of accurate
    time.


    < End of report >
     
  13. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi

    Please do the following:



    Run OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :OTL
      PRC - [2011/01/17 03:33:26 | 000,061,440 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\ljua.exe
      O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found
      O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      O4 - HKCU..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe ()
      O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Administrator\Application Data\ljua.exe -dwup) - C:\Documents and Settings\Administrator\Application Data\ljua.exe ()
      [2011/01/17 18:15:10 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\158734.exe
      [2011/01/17 18:10:53 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\1034312.exe
      [2011/01/17 10:25:28 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Administrator\hhdr.exe
      [2011/01/17 03:33:26 | 000,061,440 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\ljua.exe
      ActiveX: {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} - C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\vmdcgr.exe
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [resethosts]
      [emptyflash]
      [purity]
      [emptytemp]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • Then post the OTL log



    when complete, try giving ComboFix another run
     
  14. iLJ

    iLJ Thread Starter

    Joined:
    Jan 16, 2011
    Messages:
    9
    Processes are looking fine, heres the OTL Log after Reboot

    All processes killed
    ========== OTL ==========
    No active process named ljua.exe was found!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\12CFG214-K641-12SF-N85P deleted successfully.
    C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe moved successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Documents and Settings\Administrator\Application Data\ljua.exe -dwup deleted successfully.
    File C:\Documents and Settings\Administrator\Application Data\ljua.exe not found.
    File C:\Documents and Settings\Administrator\Local Settings\Application Data\158734.exe not found.
    File C:\Documents and Settings\Administrator\Local Settings\Application Data\1034312.exe not found.
    File C:\Documents and Settings\Administrator\hhdr.exe not found.
    File C:\Documents and Settings\Administrator\Application Data\ljua.exe not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}\ not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 17700 bytes

    User: All Users

    User: Default User

    User: Lanon
    ->Flash cache emptied: 560 bytes

    User: LJ
    ->Flash cache emptied: 405 bytes

    User: LocalService

    User: mcastudent
    ->Flash cache emptied: 44613 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 411909305 bytes
    ->Temporary Internet Files folder emptied: 315545871 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 229876605 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Lanon
    ->Temp folder emptied: 35808176 bytes
    ->Temporary Internet Files folder emptied: 26329455 bytes
    ->Flash cache emptied: 0 bytes

    User: LJ
    ->Temp folder emptied: 710411 bytes
    ->Temporary Internet Files folder emptied: 12249411 bytes
    ->FireFox cache emptied: 11594004 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 8263802 bytes

    User: mcastudent
    ->Temp folder emptied: 2435479410 bytes
    ->Temporary Internet Files folder emptied: 102177662 bytes
    ->Java cache emptied: 1330518 bytes
    ->FireFox cache emptied: 79868852 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 849100 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 7481 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 99170934 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 9249856 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
    RecycleBin emptied: 4238047 bytes

    Total Files Cleaned = 3,609.00 mb


    OTL by OldTimer - Version 3.2.20.2 log created on 01172011_200903

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...






    Also:
    When I was eset scan again, it said it found agent trojan or something, but I didn't finish scan nor deleted or quarantined the files, because OTL was doing it's thing. I run eset on a daily basis because it usually catches thing other scans do not, so as of right now the computer speed is fine there is the OTL log, and I have only opened my browser at this point.
     
  15. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi

    don't run ESET or any other scans other than those I request while we are going through this cleaning process as it can make things more difficult for me.

    Please try running ComboFix again.

    Run it in safemode - renamed, if necessary

    make certain you security programs are disabled or they will interfere
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/975156

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice