Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91803 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] IE pages without titles keep popping up randomly - I think


  • This topic is locked This topic is locked
10 replies to this topic

#1 Adam Blake

Adam Blake

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 03 October 2009 - 06:37 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:18:53 PM, on 10/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.comcast.n.../fan/popup.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [A00F27ACAF5.exe] C:\DOCUME~1\Friend\LOCALS~1\Temp\_A00F27ACAF5.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\System32\dinput32.dll
O20 - Winlogon Notify: 28712617684 - C:\WINDOWS\System32\dinput32.dll
O20 - Winlogon Notify: __c007B692 - C:\WINDOWS\system32\__c007B692.dat
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7145 bytes




---------

So, IE windows keep popping up on their own, and before I can close them all Firefox crashes.. even though the windows which are popping up aren't via Firefox. I got this computer from an office my neighbor works at, ... it has no soundcard (or its sound just doesn't work) so she brought it home and gave it to me. Figured I probably have a virus or bad spyware, but updated VIPRE's logs and did a deep system scan and it found 8 suspicious files and cleaned them.

I never had any problems until recently.

Please let me know if there is anything I can do to make this clearer for whomever responds. All I really want is help cleaning up this nasty page file... which I'm sure is full of unnecessary lines.

    Advertisements

Register to Remove


#2 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 04 October 2009 - 02:41 AM

Hi Adam Blake, welcome to the forum.

To make cleaning this machine easier
  • Please do not uninstall/install any programs unless asked to
    It is more difficult when files/programs are appearing in/disappearing from the logs.
  • Please do not run any scans other than those requested
  • Please follow all instructions in the order posted
  • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
  • Do not attach any logs/reports, etc.. unless specifically requested to do so.
  • If you have problems with or do not understand the instructions, Please ask before continuing.
  • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.
Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please make an uninstall list
  • Start HijackThis
  • Click the Config button
  • Click the Misc Tools button
  • Click the Open Uninstall Manager button.
  • Click the Save list button and save it to your desktop.
When you press Save, a notepad will open with the contents. Copy/paste the contents of the notepad file in your next reply.

Please post back with
  • combofix log
  • uninstall list
How's the computer now?

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#3 Adam Blake

Adam Blake

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 04 October 2009 - 10:17 AM

Thank you so much for the assistance.

The CF log and the uninstall list are both attached appropriately.

One more thing, upon my computer rebooting and ComboFix producing its log, a blue screen of death appeared stating the following:

"A problem has been detected and Windows has been shut down . . .

IRQL_NOT_LESS_OR_EQUAL . . .

*** STOP: 0x0000000A (0xC0005120, 0x00000002, 0x00000000, 0x804FDDE9) . . .

Beginning dump of physical memory . . ."

This is about the second or third time this screen has popped up.. and just a few days ago I saw it for the first time?

The computer is faster after CF ran, though.

Again, thank you for the help so far... any other suggestions?

Attached Files



#4 Adam Blake

Adam Blake

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 04 October 2009 - 10:21 AM

One more thing.. the reason the office got rid of this computer is because the sound stopped working.. I assumed when I got it that there might be some damage to the sound card. If there is any evidence in those logs of the sound driver being removed ... or any possible reason it might not be working due to software rather than soundcard damage, please let me know. I'm sorry if I'm being difficult, definitely not trying to be.

#5 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 04 October 2009 - 10:54 AM

Hi Adam Blake,

Please do not attach the logs unless requested to. It's easier if the logs are copied and pasted into your replies.

The bottom portion of the combofix log is missing. Have a look for C:\combofix.txt and post the part after

HKCU-Run-Aim6 - (no file)
Notify-28712617684 - C:\WINDOWS\System32\dinput32.dll



That stop message could indicate a hardware problem.

Click your start button, right click My Computer
  • Click properties
  • Click the Hardware tab
  • Click the Device Manager button
Is there anything with a yellow mark on it?


BearShare,eMule,LimeWire
You have BearShare,eMule,LimeWire, P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

References for the risk of these programs can be found in these links:
http://www.microsoft...protection.mspx

http://www.internetw...cles/art053.htm

I would recommend that you uninstall BearShare,eMule,LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.



We will check for more malware to make sure that your problem isn't malware related.

Download and save to your desktop Malwarebytes Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Download OTListIt2 to your desktop.
  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • In the Services section, change it to All
  • In the Extra Registry section, change it to None
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window. OTL.Txt . This is saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

No need for a Hijackthis log this time.

Please post back with
  • MBAM log
  • OTL log

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#6 Adam Blake

Adam Blake

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 04 October 2009 - 03:26 PM

[The last ComboFix log was incomplete because the "IRQL_NOT_LESS_OR_EQUAL" shutdown occurred before the analysis had completed, I apologize.]

ComboFix 09-10-04.01 - Friend 10/04/2009 13:26.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.382.236 [GMT -5:00]
Running from: c:\documents and settings\Friend\Desktop\ComboFix.exe
AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Friend\Application Data\02000000bcbc1631684C.manifest
c:\documents and settings\Friend\Application Data\02000000bcbc1631684O.manifest
c:\documents and settings\Friend\Application Data\02000000bcbc1631684P.manifest
c:\documents and settings\Friend\Application Data\02000000bcbc1631684S.manifest
c:\windows\Installer\ee162a3.msi
c:\windows\system32\__c007B692.dat
c:\windows\system32\4MPGE.vbs
c:\windows\system32\593koyI.vbs
c:\windows\system32\8jFLsGoYlTBhY.vbs
c:\windows\system32\DINPUT32.DLL
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\O4EP9.vbs

.
((((((((((((((((((((((((( Files Created from 2009-09-04 to 2009-10-04 )))))))))))))))))))))))))))))))
.

2009-10-04 08:00 . 2009-10-04 08:00 -------- d-----w- c:\program files\MSXML 4.0
2009-10-04 00:18 . 2009-10-04 00:18 -------- d-----w- c:\program files\Trend Micro
2009-10-03 03:25 . 2009-08-11 01:06 69936 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2009-10-03 03:25 . 2009-05-13 22:30 13360 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2009-10-03 03:21 . 2009-10-03 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2009-10-03 03:21 . 2009-10-03 03:21 -------- d-----w- c:\documents and settings\Friend\Application Data\Sunbelt
2009-10-03 03:19 . 2009-07-15 14:17 203056 ----a-w- c:\windows\system32\drivers\sbtis.sys
2009-10-03 03:18 . 2009-10-03 03:18 -------- d-----w- c:\program files\Sunbelt Software
2009-10-03 02:13 . 2009-10-03 02:13 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-03 02:11 . 2009-10-03 02:11 -------- d-----w- c:\documents and settings\Friend\IETldCache
2009-10-03 02:08 . 2009-10-03 02:13 -------- dc----w- c:\windows\ie8
2009-10-03 02:03 . 2009-10-03 02:13 -------- d-----w- C:\ef28c563b48d5ea6fd0266d1c365fc83
2009-09-19 20:47 . 2009-09-19 20:47 -------- d-----w- c:\windows\Sun
2009-09-12 19:23 . 2009-09-12 19:23 -------- d-----w- c:\documents and settings\Friend\Local Settings\Application Data\Yahoo
2009-09-12 19:22 . 2009-09-21 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-12 19:22 . 2009-09-12 19:22 -------- d-----w- c:\documents and settings\Friend\Application Data\Yahoo!
2009-09-12 19:21 . 2009-09-12 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-09-12 19:21 . 2009-09-12 19:22 -------- d-----w- c:\program files\Yahoo!
2009-09-07 19:02 . 2009-09-07 19:02 27944 ----a-w- c:\windows\system32\sbbd.exe
2009-09-06 17:47 . 2009-10-03 23:49 -------- d-----w- c:\documents and settings\Friend\Application Data\LimeWire
2009-09-06 17:47 . 2009-09-06 17:46 411368 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 18:24 . 2008-10-21 00:32 -------- d-----w- c:\documents and settings\Friend\Application Data\DNA
2009-10-04 18:17 . 2008-10-22 02:46 -------- d-----w- c:\program files\Common Files\AOL
2009-10-04 16:04 . 2008-10-25 05:28 -------- d-----w- c:\program files\DNA
2009-10-04 14:29 . 2009-10-03 04:28 205 ----a-w- c:\documents and settings\Friend\udpcrawl.tmp
2009-10-03 23:27 . 2009-10-03 23:27 523264 --sha-w- c:\windows\system32\33.tmp
2009-10-03 14:01 . 2009-01-31 03:06 -------- d-----w- c:\program files\mIRC
2009-10-03 03:27 . 2009-10-03 03:27 523264 --sha-w- c:\windows\system32\24.tmp
2009-10-03 02:02 . 2008-10-20 22:01 65848 ----a-w- c:\documents and settings\Friend\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-06 18:08 . 2008-12-22 06:23 -------- d-----w- c:\program files\LimeWire
2009-09-06 17:46 . 2008-12-22 06:28 -------- d-----w- c:\program files\Java
2009-08-16 08:09 . 2009-08-16 08:09 -------- d-----w- c:\program files\MSBuild
2009-08-16 08:09 . 2009-08-16 08:09 -------- d-----w- c:\program files\Reference Assemblies
2009-08-11 20:09 . 2008-10-20 22:24 -------- d-----w- c:\documents and settings\Friend\Application Data\ComcastToolbar
2009-08-05 20:58 . 2009-08-05 20:58 93872 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 17:21 . 2004-08-04 10:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-05-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2002-05-15 114688]
"MXO Auto Loader"="c:\windows\MXOALDR.EXE" [2003-04-07 118784]
"MaxtorOneTouch"="c:\progra~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 45056]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-06 149280]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2009-09-07 959784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\28712617684]
c:\windows\System32\dinput32.dll [BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Tencent\\QQ Games\\QQGames.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [10/2/2009 10:25 PM 13360]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/5/2009 3:58 PM 93872]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [10/2/2009 10:19 PM 203056]
R2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [9/7/2009 2:02 PM 1012040]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [10/2/2009 10:25 PM 69936]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/21/2008 9:47 PM 24652]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/intl/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://www.comcast.net/providers/fan/popup.html
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Friend\Application Data\Mozilla\Firefox\Profiles\4lvnd4s1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 13:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2496)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
.
Completion time: 2009-10-04 13:35
ComboFix-quarantined-files.txt 2009-10-04 18:35

Pre-Run: 10,139,795,456 bytes free
Post-Run: 10,110,799,872 bytes free

170 --- E O F --- 2009-10-04 15:32


________________________________________________________________________________
__________________





Malwarebytes' Anti-Malware 1.41
Database version: 2905
Windows 5.1.2600 Service Pack 3 (Safe Mode)

10/4/2009 3:49:16 PM
mbam-log-2009-10-04 (15-49-16).txt

Scan type: Full Scan (C:\|)
Objects scanned: 125398
Time elapsed: 20 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\__c007B692.dat.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A6C46D83-6F95-4CF2-B10C-4C40ADF18428}\RP403\A0028254.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A6C46D83-6F95-4CF2-B10C-4C40ADF18428}\RP403\A0028255.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A6C46D83-6F95-4CF2-B10C-4C40ADF18428}\RP403\A0028258.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A6C46D83-6F95-4CF2-B10C-4C40ADF18428}\RP403\A0028261.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A6C46D83-6F95-4CF2-B10C-4C40ADF18428}\RP403\A0028262.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A6C46D83-6F95-4CF2-B10C-4C40ADF18428}\RP403\A0028282.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A6C46D83-6F95-4CF2-B10C-4C40ADF18428}\RP403\A0029429.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A6C46D83-6F95-4CF2-B10C-4C40ADF18428}\RP403\A0029488.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A6C46D83-6F95-4CF2-B10C-4C40ADF18428}\RP403\A0029651.sys (Worm.Agent) -> Quarantined and deleted successfully.

. . . & because I'm afraid it won't fit, this shall be immediately continued . . .

#7 Adam Blake

Adam Blake

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 04 October 2009 - 03:28 PM

OTL logfile created on: 10/4/2009 3:56:44 PM - Run 1
OTL by OldTimer - Version 3.0.18.3 Folder = C:\Documents and Settings\Friend\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

381.80 Mb Total Physical Memory | 116.32 Mb Available Physical Memory | 30.47% Memory free
1.46 Gb Paging File | 1.25 Gb Available in Paging File | 85.68% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.61 Gb Total Space | 9.42 Gb Free Space | 50.59% Space Free | Partition Type: NTFS
Drive D: | 27.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-2B69D4607
Current User Name: Friend
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
PRC - C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Dantz\Retrospect\retrorun.exe (Dantz Development Corporation)
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Friend\My Documents\Downloads\OTL.exe (OldTimer Tools)

========== Win32 Services (All) ==========

SRV - (Alerter [Disabled | Stopped]) -- C:\WINDOWS\System32\alrsvc.dll (Microsoft Corporation)
SRV - (ALG [On_Demand | Running]) -- C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
SRV - (AppMgmt [On_Demand | Stopped]) -- C:\WINDOWS\System32\appmgmts.dll (Microsoft Corporation)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (AudioSrv [Auto | Running]) -- C:\WINDOWS\System32\audiosrv.dll (Microsoft Corporation)
SRV - (BITS [Auto | Running]) -- C:\WINDOWS\System32\qmgr.dll (Microsoft Corporation)
SRV - (Browser [Auto | Stopped]) -- C:\WINDOWS\System32\browser.dll (Microsoft Corporation)
SRV - (CiSvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\cisvc.exe (Microsoft Corporation)
SRV - (ClipSrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\clipsrv.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (COMSysApp [On_Demand | Stopped]) -- C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation)
SRV - (CryptSvc [Auto | Running]) -- C:\WINDOWS\System32\cryptsvc.dll (Microsoft Corporation)
SRV - (DcomLaunch [Auto | Running]) -- C:\WINDOWS\System32\rpcss.dll (Microsoft Corporation)
SRV - (Dhcp [Auto | Running]) -- C:\WINDOWS\System32\dhcpcsvc.dll (Microsoft Corporation)
SRV - (dmadmin [On_Demand | Stopped]) -- C:\WINDOWS\System32\dmadmin.exe (Microsoft Corp., Veritas Software)
SRV - (dmserver [Auto | Running]) -- C:\WINDOWS\System32\dmserver.dll (Microsoft Corp.)
SRV - (Dnscache [Auto | Running]) -- C:\WINDOWS\System32\dnsrslvr.dll (Microsoft Corporation)
SRV - (Dot3svc [On_Demand | Stopped]) -- C:\WINDOWS\System32\dot3svc.dll (Microsoft Corporation)
SRV - (EapHost [On_Demand | Stopped]) -- C:\WINDOWS\System32\eapsvc.dll (Microsoft Corporation)
SRV - (ERSvc [Auto | Running]) -- C:\WINDOWS\System32\ersvc.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\WINDOWS\System32\services.exe (Microsoft Corporation)
SRV - (EventSystem [On_Demand | Running]) -- C:\WINDOWS\System32\es.dll (Microsoft Corporation)
SRV - (FastUserSwitchingCompatibility [On_Demand | Running]) -- C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (HidServ [Disabled | Stopped]) -- C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
SRV - (hkmsvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\kmsvc.dll (Microsoft Corporation)
SRV - (HTTPFilter [On_Demand | Stopped]) -- C:\WINDOWS\System32\w3ssl.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (ImapiService [On_Demand | Stopped]) -- C:\WINDOWS\System32\imapi.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (lanmanserver [Auto | Running]) -- C:\WINDOWS\System32\srvsvc.dll (Microsoft Corporation)
SRV - (lanmanworkstation [Auto | Running]) -- C:\WINDOWS\System32\wkssvc.dll (Microsoft Corporation)
SRV - (LmHosts [Auto | Running]) -- C:\WINDOWS\System32\lmhsvc.dll (Microsoft Corporation)
SRV - (Messenger [Disabled | Stopped]) -- C:\WINDOWS\System32\msgsvc.dll (Microsoft Corporation)
SRV - (mnmsrvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\mnmsrvc.exe (Microsoft Corporation)
SRV - (MSDTC [On_Demand | Stopped]) -- C:\WINDOWS\System32\msdtc.exe (Microsoft Corporation)
SRV - (MSIServer [On_Demand | Stopped]) -- C:\WINDOWS\System32\msiexec.exe (Microsoft Corporation)
SRV - (napagent [On_Demand | Stopped]) -- C:\WINDOWS\System32\qagentrt.dll (Microsoft Corporation)
SRV - (NetDDE [Disabled | Stopped]) -- C:\WINDOWS\System32\netdde.exe (Microsoft Corporation)
SRV - (NetDDEdsdm [Disabled | Stopped]) -- C:\WINDOWS\System32\netdde.exe (Microsoft Corporation)
SRV - (Netlogon [On_Demand | Stopped]) -- C:\WINDOWS\System32\lsass.exe (Microsoft Corporation)
SRV - (Netman [On_Demand | Running]) -- C:\WINDOWS\System32\netman.dll (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Nla [On_Demand | Running]) -- C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
SRV - (NtLmSsp [On_Demand | Stopped]) -- C:\WINDOWS\System32\lsass.exe (Microsoft Corporation)
SRV - (NtmsSvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\ntmssvc.dll (Microsoft Corporation)
SRV - (PlugPlay [Auto | Running]) -- C:\WINDOWS\System32\services.exe (Microsoft Corporation)
SRV - (PolicyAgent [Auto | Running]) -- C:\WINDOWS\System32\lsass.exe (Microsoft Corporation)
SRV - (ProtectedStorage [Auto | Running]) -- C:\WINDOWS\System32\lsass.exe (Microsoft Corporation)
SRV - (RasAuto [On_Demand | Stopped]) -- C:\WINDOWS\System32\rasauto.dll (Microsoft Corporation)
SRV - (RasMan [On_Demand | Running]) -- C:\WINDOWS\System32\rasmans.dll (Microsoft Corporation)
SRV - (RDSessMgr [On_Demand | Stopped]) -- C:\WINDOWS\System32\sessmgr.exe (Microsoft Corporation)
SRV - (RemoteAccess [Disabled | Stopped]) -- C:\WINDOWS\System32\mprdim.dll (Microsoft Corporation)
SRV - (RemoteRegistry [Auto | Running]) -- C:\WINDOWS\System32\regsvc.dll (Microsoft Corporation)
SRV - (RetroLauncher [Auto | Running]) -- C:\Program Files\Dantz\Retrospect\retrorun.exe (Dantz Development Corporation)
SRV - (RpcLocator [On_Demand | Stopped]) -- C:\WINDOWS\System32\locator.exe (Microsoft Corporation)
SRV - (RpcSs [Auto | Running]) -- C:\WINDOWS\System32\rpcss.dll (Microsoft Corporation)
SRV - (RSVP [On_Demand | Stopped]) -- C:\WINDOWS\System32\rsvp.exe (Microsoft Corporation)
SRV - (SamSs [Auto | Running]) -- C:\WINDOWS\System32\lsass.exe (Microsoft Corporation)
SRV - (SBAMSvc [Auto | Running]) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
SRV - (SCardSvr [On_Demand | Stopped]) -- C:\WINDOWS\System32\SCardSvr.exe (Microsoft Corporation)
SRV - (Schedule [Auto | Running]) -- C:\WINDOWS\System32\schedsvc.dll (Microsoft Corporation)
SRV - (seclogon [Auto | Running]) -- C:\WINDOWS\System32\seclogon.dll (Microsoft Corporation)
SRV - (SENS [Auto | Running]) -- C:\WINDOWS\System32\sens.dll (Microsoft Corporation)
SRV - (SharedAccess [Auto | Running]) -- C:\WINDOWS\System32\ipnathlp.dll (Microsoft Corporation)
SRV - (ShellHWDetection [Auto | Running]) -- C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)
SRV - (Spooler [Auto | Running]) -- C:\WINDOWS\System32\spoolsv.exe (Microsoft Corporation)
SRV - (sprtsvc_ddoctorv2 [Auto | Running]) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (srservice [Auto | Running]) -- C:\WINDOWS\System32\srsvc.dll (Microsoft Corporation)
SRV - (SSDPSRV [On_Demand | Running]) -- C:\WINDOWS\System32\ssdpsrv.dll (Microsoft Corporation)
SRV - (stisvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\wiaservc.dll (Microsoft Corporation)
SRV - (SwPrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation)
SRV - (SysmonLog [On_Demand | Stopped]) -- C:\WINDOWS\System32\smlogsvc.exe (Microsoft Corporation)
SRV - (TapiSrv [On_Demand | Running]) -- C:\WINDOWS\System32\tapisrv.dll (Microsoft Corporation)
SRV - (TermService [On_Demand | Running]) -- C:\WINDOWS\System32\termsrv.dll (Microsoft Corporation)
SRV - (Themes [Auto | Running]) -- C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)
SRV - (TlntSvr [Disabled | Stopped]) -- C:\WINDOWS\System32\tlntsvr.exe (Microsoft Corporation)
SRV - (TrkWks [Auto | Running]) -- C:\WINDOWS\System32\trkwks.dll (Microsoft Corporation)
SRV - (upnphost [On_Demand | Stopped]) -- C:\WINDOWS\System32\upnphost.dll (Microsoft Corporation)
SRV - (UPS [On_Demand | Stopped]) -- C:\WINDOWS\System32\ups.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (VSS [On_Demand | Stopped]) -- C:\WINDOWS\System32\vssvc.exe (Microsoft Corporation)
SRV - (W32Time [Auto | Running]) -- C:\WINDOWS\System32\w32time.dll (Microsoft Corporation)
SRV - (WebClient [Auto | Running]) -- C:\WINDOWS\System32\webclnt.dll (Microsoft Corporation)
SRV - (winmgmt [Auto | Running]) -- C:\WINDOWS\System32\wbem\WMIsvc.dll (Microsoft Corporation)
SRV - (WmdmPmSN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mspmsnsv.dll (Microsoft Corporation)
SRV - (Wmi [On_Demand | Stopped]) -- C:\WINDOWS\System32\advapi32.dll (Microsoft Corporation)
SRV - (WmiApSrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\wbem\wmiapsrv.exe (Microsoft Corporation)
SRV - (wscsvc [Auto | Running]) -- C:\WINDOWS\System32\wscsvc.dll (Microsoft Corporation)
SRV - (wuauserv [Auto | Running]) -- C:\WINDOWS\System32\wuauserv.dll (Microsoft Corporation)
SRV - (WZCSVC [Auto | Running]) -- C:\WINDOWS\System32\wzcsvc.dll (Microsoft Corporation)
SRV - (xmlprov [On_Demand | Stopped]) -- C:\WINDOWS\System32\xmlprov.dll (Microsoft Corporation)
SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (Aspi32 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (cercsr6 [Boot | Stopped]) -- C:\WINDOWS\System32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IdeBusDr [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys (Intel Corporation)
DRV - (IdeChnDr [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys (Intel Corporation)
DRV - (MXOFX [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\MXOFX.SYS (Cypress Semiconductor)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (sbaphd [System | Running]) -- C:\WINDOWS\System32\drivers\sbaphd.sys (Sunbelt Software)
DRV - (sbapifs [Auto | Running]) -- C:\WINDOWS\System32\drivers\sbapifs.sys (Sunbelt Software)
DRV - (SBRE [System | Running]) -- C:\WINDOWS\System32\drivers\SBREdrv.sys (Sunbelt Software)
DRV - (sbtis [System | Running]) -- C:\WINDOWS\System32\drivers\sbtis.sys (Sunbelt Software)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (STAC97 [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [System | Running]) -- C:\WINDOWS\System32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ialmkchw.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/intl/
IE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..keyword.URL: "http://slirsredirect...ir=2706&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/03 03:00:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/06 12:46:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/14 21:25:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/14 21:25:27 | 00,000,000 | ---D | M]

[2009/09/06 13:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\mozilla\Extensions
[2008/10/25 00:27:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/06 13:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/10/03 21:57:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\mozilla\Firefox\Profiles\4lvnd4s1.default\extensions
[2009/09/05 21:15:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\mozilla\Firefox\Profiles\4lvnd4s1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/10/24 20:57:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\mozilla\Firefox\Profiles\4lvnd4s1.default\extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66}
[2008/10/24 20:57:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\mozilla\Firefox\Profiles\4lvnd4s1.default\extensions\{47e5a66c-0e35-11dc-8314-0800200c9a66}
[2009/09/12 17:46:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\mozilla\Firefox\Profiles\4lvnd4s1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/03 12:29:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\mozilla\Firefox\Profiles\4lvnd4s1.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/10/03 21:57:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/14 21:25:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/06 12:47:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/09/14 21:25:19 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/14 21:25:19 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/09/06 12:46:50 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/14 21:25:23 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2003/05/15 00:01:48 | 00,133,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/07/30 02:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 02:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 02:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 02:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 02:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 02:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 02:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor)
O4 - HKLM..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\28712617684: DllName - C:\WINDOWS\System32\dinput32.dll - C:\WINDOWS\System32\dinput32.dll File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/06 15:04:37 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/02/23 11:20:50 | 00,000,040 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\*.tmp files]
[2009/10/04 13:41:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/02 22:21:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2009/09/12 14:21:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/09/12 14:22:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/09/06 12:47:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Friend\Application Data\LimeWire
[2009/10/04 13:41:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Friend\Application Data\Malwarebytes
[2009/10/02 22:21:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Friend\Application Data\Sunbelt
[2009/09/12 14:22:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Friend\Application Data\Yahoo!
[2009/09/12 14:23:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Friend\Local Settings\Application Data\Yahoo
[1 C:\Documents and Settings\Friend\My Documents\*.tmp files]
[2009/10/04 13:41:17 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/04 03:00:36 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/10/02 22:18:55 | 00,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2009/10/03 19:18:15 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/12 14:21:49 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/10/04 15:26:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/10/04 13:41:19 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/04 13:41:17 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/04 13:35:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/04 13:19:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Friend\Desktop\IE_pages_without_titles_keep_popping_up_randomly_I_think_I_m_inf_t107374.ht
ml&gopid=600667_files
[2009/10/04 10:44:58 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/04 10:43:34 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/04 10:43:34 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/04 10:43:34 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/04 10:43:34 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/04 10:43:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/04 10:40:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Friend\Desktop\IE_pages_without_titles_keep_popping_up_randomly_I_think_I_m_inf_t107374.ht
ml_files
[2009/10/04 10:39:31 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/02 22:25:23 | 00,069,936 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2009/10/02 22:25:23 | 00,013,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2009/10/02 22:19:09 | 00,203,056 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbtis.sys
[2009/10/02 21:08:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2009/10/02 21:03:48 | 00,000,000 | ---D | C] -- C:\ef28c563b48d5ea6fd0266d1c365fc83
[2009/09/19 15:47:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/09/07 14:02:46 | 00,027,944 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2009/09/06 13:07:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Friend\My Documents\Downloads
[2009/09/06 13:04:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Friend\My Documents\LimeWire
[2009/09/06 12:47:08 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/09/06 12:47:07 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/09/06 12:47:07 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/09/06 12:47:07 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/09/06 12:47:07 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Friend\My Documents\*.tmp files]
[2009/10/04 15:52:06 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/04 15:51:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/04 15:51:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/04 15:50:48 | 00,425,872 | -H-- | M] () -- C:\Documents and Settings\Friend\Local Settings\Application Data\IconCache.db
[2009/10/04 15:48:38 | 00,002,096 | ---- | M] () -- C:\Documents and Settings\Friend\My Documents\mbam-log-2009-10-04 (15-48-19)full
[2009/10/04 13:41:21 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/04 13:33:37 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/04 13:24:24 | 03,325,144 | R--- | M] () -- C:\Documents and Settings\Friend\Desktop\ComboFix.exe
[2009/10/04 13:21:38 | 00,121,790 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\IE_pages_without_titles_keep_popping_up_randomly_I_think_I_m_inf_t107374.ht
ml&gopid=600667.htm
[2009/10/04 10:55:10 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/04 10:45:05 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/04 10:40:16 | 00,092,646 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\IE_pages_without_titles_keep_popping_up_randomly_I_think_I_m_inf_t107374.ht
ml.htm
[2009/10/03 19:18:16 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\HijackThis.lnk
[2009/10/02 21:02:25 | 00,065,848 | ---- | M] () -- C:\Documents and Settings\Friend\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/17 21:30:36 | 00,020,877 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\coco_chanel1.jpg
[2009/09/17 20:30:03 | 00,014,433 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\alexis-Bledel-hotpictures-03.jpg
[2009/09/17 20:29:15 | 00,046,173 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\198.jpg
[2009/09/17 20:29:07 | 00,020,438 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\199.jpg
[2009/09/17 20:29:00 | 00,047,930 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\197.jpg
[2009/09/17 20:28:40 | 00,017,754 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\195.jpg
[2009/09/17 20:28:32 | 00,021,018 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\194.jpg
[2009/09/17 20:28:30 | 00,019,924 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\193.jpg
[2009/09/17 20:27:46 | 00,033,439 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\180.jpg
[2009/09/17 20:27:36 | 00,041,416 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\179.jpg
[2009/09/17 20:27:02 | 00,033,720 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\175.jpg
[2009/09/17 20:26:32 | 00,038,580 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\174.jpg
[2009/09/17 20:26:24 | 00,029,506 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\173.jpg
[2009/09/17 20:26:11 | 00,030,475 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\172.jpg
[2009/09/17 20:25:45 | 00,031,389 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\166.jpg
[2009/09/17 20:25:24 | 00,022,600 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\163.jpg
[2009/09/17 20:22:13 | 00,027,649 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\139.jpg
[2009/09/17 20:20:14 | 00,036,823 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\133.jpg
[2009/09/17 20:20:10 | 00,046,391 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\134.jpg
[2009/09/17 20:19:36 | 00,026,137 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\129.jpg
[2009/09/17 20:19:29 | 00,027,826 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\126.jpg
[2009/09/17 20:19:25 | 00,030,662 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\125.jpg
[2009/09/17 20:19:13 | 00,028,873 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\127.jpg
[2009/09/17 20:19:11 | 00,025,978 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\130.jpg
[2009/09/17 20:18:55 | 00,018,192 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\123.jpg
[2009/09/17 20:18:33 | 00,018,639 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\122.jpg
[2009/09/17 20:18:30 | 00,019,570 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\121.jpg
[2009/09/17 20:18:02 | 00,021,210 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\120.jpg
[2009/09/17 20:17:59 | 00,022,907 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\119.jpg
[2009/09/17 20:17:48 | 00,027,321 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\118.jpg
[2009/09/17 20:17:01 | 00,021,412 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\115.jpg
[2009/09/17 20:16:48 | 00,028,327 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\112.jpg
[2009/09/17 20:16:35 | 00,023,573 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\101.jpg
[2009/09/17 20:16:26 | 00,022,954 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\103.jpg
[2009/09/17 20:16:20 | 00,013,426 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\104.jpg
[2009/09/17 20:15:58 | 00,024,507 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\110.jpg
[2009/09/17 18:34:44 | 00,030,090 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\proenza.jpg
[2009/09/17 16:14:32 | 00,275,589 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\coco-chanel.jpg
[2009/09/15 12:16:46 | 00,046,096 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\gagabub.jpg
[2009/09/15 12:08:53 | 00,046,096 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\mrbubbles.jpg
[2009/09/15 11:47:03 | 00,204,868 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\gaga.jpg
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/13 12:44:12 | 00,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/13 11:34:13 | 00,052,800 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\mp_main_wide_SylviaPlathSelfPortrait.jpg
[2009/09/12 14:22:07 | 00,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/10 03:00:53 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/07 14:02:46 | 00,027,944 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2009/09/06 17:20:38 | 00,211,360 | ---- | M] () -- C:\Documents and Settings\Friend\My Documents\colorful_lady_gaga_1024x768.jpg
[2009/09/06 13:08:44 | 00,001,580 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\LimeWire 5.2.13.lnk
[2009/09/06 12:46:50 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/09/06 12:46:50 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/09/06 12:46:50 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/09/06 12:46:50 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/09/06 12:46:50 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

========== Files - No Company Name ==========
[2009/10/04 15:48:38 | 00,002,096 | ---- | C] () -- C:\Documents and Settings\Friend\My Documents\mbam-log-2009-10-04 (15-48-19)full
[2009/10/04 13:41:21 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/04 13:19:00 | 00,121,790 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\IE_pages_without_titles_keep_popping_up_randomly_I_think_I_m_inf_t107374.ht
ml&gopid=600667.htm
[2009/10/04 10:45:05 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/04 10:45:00 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/04 10:43:34 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/04 10:43:34 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/04 10:43:34 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/04 10:43:34 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/04 10:40:11 | 00,092,646 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\IE_pages_without_titles_keep_popping_up_randomly_I_think_I_m_inf_t107374.ht
ml.htm
[2009/10/04 10:38:16 | 03,325,144 | R--- | C] () -- C:\Documents and Settings\Friend\Desktop\ComboFix.exe
[2009/10/03 19:18:15 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\HijackThis.lnk
[2009/09/17 21:30:34 | 00,020,877 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\coco_chanel1.jpg
[2009/09/17 20:30:02 | 00,014,433 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\alexis-Bledel-hotpictures-03.jpg
[2009/09/17 20:29:15 | 00,046,173 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\198.jpg
[2009/09/17 20:29:07 | 00,020,438 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\199.jpg
[2009/09/17 20:29:00 | 00,047,930 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\197.jpg
[2009/09/17 20:28:39 | 00,017,754 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\195.jpg
[2009/09/17 20:28:32 | 00,021,018 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\194.jpg
[2009/09/17 20:28:29 | 00,019,924 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\193.jpg
[2009/09/17 20:27:45 | 00,033,439 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\180.jpg
[2009/09/17 20:27:35 | 00,041,416 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\179.jpg
[2009/09/17 20:27:02 | 00,033,720 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\175.jpg
[2009/09/17 20:26:31 | 00,038,580 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\174.jpg
[2009/09/17 20:26:24 | 00,029,506 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\173.jpg
[2009/09/17 20:26:10 | 00,030,475 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\172.jpg
[2009/09/17 20:25:45 | 00,031,389 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\166.jpg
[2009/09/17 20:25:24 | 00,022,600 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\163.jpg
[2009/09/17 20:22:12 | 00,027,649 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\139.jpg
[2009/09/17 20:20:14 | 00,036,823 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\133.jpg
[2009/09/17 20:20:09 | 00,046,391 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\134.jpg
[2009/09/17 20:19:36 | 00,026,137 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\129.jpg
[2009/09/17 20:19:29 | 00,027,826 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\126.jpg
[2009/09/17 20:19:24 | 00,030,662 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\125.jpg
[2009/09/17 20:19:13 | 00,028,873 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\127.jpg
[2009/09/17 20:19:10 | 00,025,978 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\130.jpg
[2009/09/17 20:18:54 | 00,018,192 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\123.jpg
[2009/09/17 20:18:33 | 00,018,639 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\122.jpg
[2009/09/17 20:18:28 | 00,019,570 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\121.jpg
[2009/09/17 20:18:01 | 00,021,210 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\120.jpg
[2009/09/17 20:17:58 | 00,022,907 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\119.jpg
[2009/09/17 20:17:47 | 00,027,321 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\118.jpg
[2009/09/17 20:16:59 | 00,021,412 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\115.jpg
[2009/09/17 20:16:46 | 00,028,327 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\112.jpg
[2009/09/17 20:16:33 | 00,023,573 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\101.jpg
[2009/09/17 20:16:25 | 00,022,954 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\103.jpg
[2009/09/17 20:16:19 | 00,013,426 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\104.jpg
[2009/09/17 20:15:58 | 00,024,507 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\110.jpg
[2009/09/17 18:34:41 | 00,030,090 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\proenza.jpg
[2009/09/17 16:14:26 | 00,275,589 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\coco-chanel.jpg
[2009/09/15 12:16:39 | 00,046,096 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\gagabub.jpg
[2009/09/15 12:08:51 | 00,046,096 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\mrbubbles.jpg
[2009/09/15 11:46:58 | 00,204,868 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\gaga.jpg
[2009/09/13 11:34:11 | 00,052,800 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\mp_main_wide_SylviaPlathSelfPortrait.jpg
[2009/09/12 14:22:07 | 00,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/09/06 17:20:38 | 00,211,360 | ---- | C] () -- C:\Documents and Settings\Friend\My Documents\colorful_lady_gaga_1024x768.jpg
[2009/09/06 13:08:44 | 00,001,580 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\LimeWire 5.2.13.lnk
[2009/02/18 01:45:13 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Friend\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/21 00:47:52 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Friend\Application Data\$_hpcst$.hpc
[2008/10/24 19:12:03 | 00,425,872 | -H-- | C] () -- C:\Documents and Settings\Friend\Local Settings\Application Data\IconCache.db
[2008/10/21 21:48:17 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/10/20 17:01:57 | 00,065,848 | ---- | C] () -- C:\Documents and Settings\Friend\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/16 19:42:08 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Friend\Application Data\desktop.ini
[2008/05/09 10:44:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/06 15:32:58 | 00,258,048 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2008/05/06 15:32:57 | 00,009,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\a312.sys
[2008/05/06 15:32:42 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2008/05/06 10:06:42 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/04 05:00:00 | 00,000,624 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== LOP Check ==========

[2009/10/04 13:41:17 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/10/21 21:47:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/10/30 19:24:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2008/10/25 00:27:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2008/10/20 17:23:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/10/25 00:28:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/04 13:41:25 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Friend\Application Data
[2008/10/21 21:49:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\acccore
[2009/08/11 15:09:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\ComcastToolbar
[2009/10/04 15:51:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\DNA
[2008/10/24 20:57:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\GetRightToGo
[2009/10/03 18:49:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\LimeWire
[2009/03/08 14:25:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\mIRC
[2008/10/21 21:50:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\QQ Games
[2008/10/21 21:50:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\QQ Games Plugin
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/04 15:51:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >


Once again, thank you so much for taking the time to help me.

#8 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 04 October 2009 - 10:27 PM

Hi Adam Blake,

You are welcome.

No problem about the combofix log, I just wanted to see the end of it.

Click your start button, right click My Computer

  • Click properties
  • Click the Hardware tab
  • Click the Device Manager button
Is there anything with a yellow mark on it?


The Audio Service is running. Did you check in Device Manager and see if there is a problem with the soundcard? It would be indicated with a black exclaimation mark on a yellow background beside the soundcard.

Next, Double click on OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:OTL
O20 - Winlogon\Notify\28712617684: DllName - C:\WINDOWS\System32\dinput32.dll - C:\WINDOWS\System32\dinput32.dll File not found

:Commands
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.

Let's see if we can get an online scan to run.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions.
  • You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computerr under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Change the Files of type to Text file (.txt)
  • Set the Save In to Desktop
  • click the Save button.
  • Please post this log in your next reply.

  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • UNcheck the boxes beside LOP Check and Purity Check.
  • In the Extra Registry section, change it to Use Safe List
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

Please post back with
  • OTL fix log
  • Kaspersky log
  • Both OTL logs taken after al other steps
How is the machine, besides the sound? Any more popups?
Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#9 Adam Blake

Adam Blake

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 05 October 2009 - 11:23 AM

Kaspersky found no threats... the computer hasn't crashed since we got rid of those .dll's ... and the popups stopped after the first three processes we ran. Hopefully I'm not just getting lucky for a day, lol. But everything seems to have helped tremendously so far.



All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\28712617684\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Friend
File delete failed. C:\Documents and Settings\Friend\Local Settings\Temp\WCESLog.log scheduled to be deleted on reboot.
->Temp folder emptied: 1677092 bytes
File delete failed. C:\Documents and Settings\Friend\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 3424511 bytes
->Java cache emptied: 26408863 bytes
->FireFox cache emptied: 43095724 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2195181 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1e0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 66019 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 73.34 mb


OTL by OldTimer - Version 3.0.18.3 log created on 10042009_234006

Files\Folders moved on Reboot...
C:\Documents and Settings\Friend\Local Settings\Temp\WCESLog.log moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1e0.dat not found!

Registry entries deleted on Reboot...



________________________________________________________________________________
_________



OTL logfile created on: 10/5/2009 2:38:40 AM - Run 2
OTL by OldTimer - Version 3.0.18.3 Folder = C:\Documents and Settings\Friend\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

381.80 Mb Total Physical Memory | 85.34 Mb Available Physical Memory | 22.35% Memory free
1.46 Gb Paging File | 1.00 Gb Available in Paging File | 68.69% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.61 Gb Total Space | 9.43 Gb Free Space | 50.65% Space Free | Partition Type: NTFS
Drive D: | 27.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-2B69D4607
Current User Name: Friend
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
PRC - C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Dantz\Retrospect\retrorun.exe (Dantz Development Corporation)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Documents and Settings\Friend\Local Settings\Temp\jkos-Friend\binaries\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Documents and Settings\Friend\My Documents\Downloads\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (RetroLauncher [Auto | Running]) -- C:\Program Files\Dantz\Retrospect\retrorun.exe (Dantz Development Corporation)
SRV - (SBAMSvc [Auto | Stopped]) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
SRV - (sprtsvc_ddoctorv2 [Auto | Running]) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/intl/
IE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..keyword.URL: "http://slirsredirect...ir=2706&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/03 03:00:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/06 12:46:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/14 21:25:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/14 21:25:27 | 00,000,000 | ---D | M]

[2009/09/06 13:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\mozilla\Extensions
[2008/10/25 00:27:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/06 13:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/10/04 22:04:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\mozilla\Firefox\Profiles\4lvnd4s1.default\extensions
[2009/09/05 21:15:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\mozilla\Firefox\Profiles\4lvnd4s1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/10/24 20:57:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\mozilla\Firefox\Profiles\4lvnd4s1.default\extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66}
[2008/10/24 20:57:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\mozilla\Firefox\Profiles\4lvnd4s1.default\extensions\{47e5a66c-0e35-11dc-8314-0800200c9a66}
[2009/09/12 17:46:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\mozilla\Firefox\Profiles\4lvnd4s1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/03 12:29:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\mozilla\Firefox\Profiles\4lvnd4s1.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/10/04 23:53:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/14 21:25:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/06 12:47:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/09/14 21:25:19 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/14 21:25:19 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/09/06 12:46:50 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/14 21:25:23 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2003/05/15 00:01:48 | 00,133,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/07/30 02:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 02:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 02:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 02:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 02:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 02:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 02:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor)
O4 - HKLM..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/06 15:04:37 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/02/23 11:20:50 | 00,000,040 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/04 13:41:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/02 22:21:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2009/10/04 13:41:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Friend\Application Data\Malwarebytes
[2009/10/02 22:21:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Friend\Application Data\Sunbelt
[2009/10/04 18:38:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Friend\Application Data\X-Chat 2
[2009/10/04 13:41:17 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/04 03:00:36 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/10/02 22:18:55 | 00,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2009/10/03 19:18:15 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/04 18:38:24 | 00,000,000 | ---D | C] -- C:\Program Files\xchat
[2009/10/04 23:40:14 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/04 23:40:06 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/04 15:26:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/10/04 13:41:19 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/04 13:41:17 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/04 13:35:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/04 13:19:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Friend\Desktop\IE_pages_without_titles_keep_popping_up_randomly_I_think_I_m_inf_t107374.ht
ml&gopid=600667_files
[2009/10/04 10:44:58 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/04 10:43:34 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/04 10:43:34 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/04 10:43:34 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/04 10:43:34 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/04 10:43:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/04 10:40:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Friend\Desktop\IE_pages_without_titles_keep_popping_up_randomly_I_think_I_m_inf_t107374.ht
ml_files
[2009/10/04 10:39:31 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/02 22:25:23 | 00,069,936 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2009/10/02 22:25:23 | 00,013,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2009/10/02 22:19:09 | 00,203,056 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbtis.sys
[2009/10/02 21:08:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2009/10/02 21:03:48 | 00,000,000 | ---D | C] -- C:\ef28c563b48d5ea6fd0266d1c365fc83

========== Files - Modified Within 14 Days ==========

[1 C:\Documents and Settings\Friend\My Documents\*.tmp files]
[2009/10/05 01:57:58 | 00,060,681 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\lady_gaga10091.jpg
[2009/10/05 01:45:58 | 00,060,681 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\gaga.jpg
[2009/10/04 23:42:33 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/04 23:42:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/04 23:41:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/04 23:40:45 | 04,286,792 | -H-- | M] () -- C:\Documents and Settings\Friend\Local Settings\Application Data\IconCache.db
[2009/10/04 18:38:24 | 00,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\XChat.lnk
[2009/10/04 16:41:43 | 00,000,000 | ---- | M] () -- C:\config.ini
[2009/10/04 15:48:38 | 00,002,096 | ---- | M] () -- C:\Documents and Settings\Friend\My Documents\mbam-log-2009-10-04 (15-48-19)full
[2009/10/04 13:41:21 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/04 13:33:37 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/04 13:24:24 | 03,325,144 | R--- | M] () -- C:\Documents and Settings\Friend\Desktop\ComboFix.exe
[2009/10/04 13:21:38 | 00,121,790 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\IE_pages_without_titles_keep_popping_up_randomly_I_think_I_m_inf_t107374.ht
ml&gopid=600667.htm
[2009/10/04 10:55:10 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/04 10:45:05 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/04 10:40:16 | 00,092,646 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\IE_pages_without_titles_keep_popping_up_randomly_I_think_I_m_inf_t107374.ht
ml.htm
[2009/10/03 19:18:16 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Friend\Desktop\HijackThis.lnk
[2009/10/02 21:02:25 | 00,065,848 | ---- | M] () -- C:\Documents and Settings\Friend\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

========== Files - No Company Name ==========
[2009/10/05 01:57:49 | 00,060,681 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\lady_gaga10091.jpg
[2009/10/04 18:38:24 | 00,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\XChat.lnk
[2009/10/04 16:41:43 | 00,000,000 | ---- | C] () -- C:\config.ini
[2009/10/04 15:48:38 | 00,002,096 | ---- | C] () -- C:\Documents and Settings\Friend\My Documents\mbam-log-2009-10-04 (15-48-19)full
[2009/10/04 13:41:21 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/04 13:19:00 | 00,121,790 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\IE_pages_without_titles_keep_popping_up_randomly_I_think_I_m_inf_t107374.ht
ml&gopid=600667.htm
[2009/10/04 10:45:05 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/04 10:45:00 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/04 10:43:34 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/04 10:43:34 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/04 10:43:34 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/04 10:43:34 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/04 10:40:11 | 00,092,646 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\IE_pages_without_titles_keep_popping_up_randomly_I_think_I_m_inf_t107374.ht
ml.htm
[2009/10/04 10:38:16 | 03,325,144 | R--- | C] () -- C:\Documents and Settings\Friend\Desktop\ComboFix.exe
[2009/10/03 19:18:15 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Friend\Desktop\HijackThis.lnk
[2009/02/18 01:45:13 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Friend\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/21 00:47:52 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Friend\Application Data\$_hpcst$.hpc
[2008/10/24 19:12:03 | 04,286,792 | -H-- | C] () -- C:\Documents and Settings\Friend\Local Settings\Application Data\IconCache.db
[2008/10/20 17:01:57 | 00,065,848 | ---- | C] () -- C:\Documents and Settings\Friend\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/16 19:42:08 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Friend\Application Data\desktop.ini
[2008/05/06 10:06:42 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

========== LOP Check ==========

[2009/10/04 13:41:17 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/10/21 21:47:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/10/30 19:24:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2008/10/25 00:27:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2008/10/20 17:23:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/10/25 00:28:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/04 18:38:24 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Friend\Application Data
[2008/10/21 21:49:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\acccore
[2009/08/11 15:09:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\ComcastToolbar
[2009/10/05 02:32:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\DNA
[2008/10/24 20:57:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\GetRightToGo
[2009/10/03 18:49:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\LimeWire
[2009/03/08 14:25:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\mIRC
[2008/10/21 21:50:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\QQ Games Plugin
[2009/10/04 19:38:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Friend\Application Data\X-Chat 2
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/04 23:42:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >

#10 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 05 October 2009 - 06:46 PM

Hi Adam Blake,

"Hopefully" it was malware that was causing the crashes. I'll give you a link to another part of the Forum. The Tech's there may be able to help you with your audio problem.

Please start a thread in the General Hardware or Microsoft Windows forum for your audio problem. Include a link to this thread so they can see what we have done.

Your logs look good, so we can clean up our tools.

From your desktop, please delete
  • any notepads/logs that we created

Next

Click the Start button, click Run. Copy and paste the following line into the run box and click OK
Combofix /u



Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.


I suggest you keep MBAM. Keep it updated and use it regularly.


Updates and upgrades

You have an older version of Adobe Reader. You can download the current version HERE

You may want to consider Foxit Reader instead. It may be a bit lighter on resources.

Visit their support forum
Foxit Forum

In either case you should uninstall Adobe Reader 6.0.1 first. Be sure to move any PDF documents to another folder first though.


Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. You have an antivirus program (VIPRE) and an on demand antispyware program (MBAM).

I recommend you use an antispyware program with resident (real time) scanning. I suggest

Winpatrol
OR
Windows Defender


You should also use Spyware Blaster to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS

Please read the info on disabling the DNS Client before installing a custom hosts file.


* If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.

Click FIREWALL for tips, reviews and links to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware, IMO)



-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.


- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis


- Ensure that Automatic Update is turned on so you get all the latest patches.
Click start, control panel, click Security Center.


- Keep your antivirus program updated, as well as any other security programs you have.


-Check this site out to check for out of date programs
Secunia Personal Software Inspector (PSI) 1.0


-More tips and programs can be found HERE


- You may also want to read this article By Tony Klein
http://www.freedomli...pic.php?t=22879

We will keep this thread open for a couple of days. Please post back if you have any problems or questions. Please post back when you have finished so this thread can be marked "Resolved".

Take care :adios:

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#11 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 07 October 2009 - 10:59 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users