Infected and can't get on Internet

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Infected and can't get on Internet

Post by becca21669 on Thu 20 Jan 2011, 9:29 am

I can't get onto the internet to update and run any anti-virus software so my computer is infected and not secured. How can I remove the problems and get the Internet back running?

*******************************************************************************************
OTL logfile created on: 1/19/2011 10:52:24 AM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\mindy\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.00 Mb Total Physical Memory | 117.00 Mb Available Physical Memory | 31.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 13.28 Gb Free Space | 35.65% Space Free | Partition Type: NTFS
Drive E: | 979.98 Mb Total Space | 903.62 Mb Free Space | 92.21% Space Free | Partition Type: FAT32

Computer Name: MINDY-DB2QZ5SQ6 | User Name: mindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/19 12:00:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mindy\Desktop\OTL.com
PRC - [2008/10/07 07:23:46 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2007/07/03 13:50:21 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/23 08:36:19 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/11/14 11:25:02 | 000,057,344 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
PRC - [2005/01/21 16:04:42 | 000,163,840 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe
PRC - [2003/10/06 14:57:32 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2003/07/31 22:29:22 | 004,638,720 | ---- | M] (The Linksys Group, Inc.) -- C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
PRC - [2003/04/06 01:17:18 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2002/11/23 02:15:00 | 000,631,362 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe
PRC - [2002/11/21 09:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE


========== Modules (SafeList) ==========

MOD - [2011/01/19 12:00:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mindy\Desktop\OTL.com
MOD - [2006/08/25 07:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/03 23:56:43 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2003/10/06 14:57:50 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
MOD - [2002/11/23 02:15:00 | 000,004,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\itchhk.dll
MOD - [2002/11/21 09:50:00 | 000,023,552 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2002/11/21 09:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2003/07/29 13:41:42 | 000,458,752 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe -- (NICSer_WMP11)
SRV - [2003/03/09 12:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/01/06 17:21:00 | 000,594,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2008/06/20 01:52:06 | 000,225,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2006/05/03 08:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/07 17:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 22:08:21 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 21:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/10/21 17:26:08 | 000,904,496 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/10/21 17:23:44 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2003/10/21 17:22:18 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003/10/14 11:17:56 | 000,332,800 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/10/13 17:42:12 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/10/08 10:09:10 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/10/08 10:08:12 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/10/08 10:06:50 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/10/08 10:06:04 | 000,366,160 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/09/20 08:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/02/12 14:29:00 | 000,166,272 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwl5.sys -- (BCM43XX)
DRV - [2002/12/13 00:06:40 | 000,129,875 | R--- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2002/11/14 18:15:00 | 000,012,640 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2002/11/08 01:50:00 | 000,070,238 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2002/11/08 01:50:00 | 000,052,238 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2002/10/15 00:00:00 | 000,101,431 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel(R)
DRV - [2002/10/15 00:00:00 | 000,013,891 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2000/10/15 17:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004/12/05 20:40:22 | 000,272,672 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 00hq.com #[Adware.Winshow][Parasite.Winshow]
O1 - Hosts: 127.0.0.1 01.sharedsource.org
O1 - Hosts: 127.0.0.1 0190-dialer.com
O1 - Hosts: 127.0.0.1 03.sharedsource.org #[UDConnect Class]
O1 - Hosts: 127.0.0.1 05.sharedsource.org
O1 - Hosts: 127.0.0.1 05p.com
O1 - Hosts: 127.0.0.1 09.sharedsource.org
O1 - Hosts: 127.0.0.1 0cj.net
O1 - Hosts: 127.0.0.1 0-ol1oiz-xolxii1-oxli10ozl1l1-o-l-11-iizxp-l-0o-oll11iz0oil-ol.com
O1 - Hosts: 127.0.0.1 0websearch.com
O1 - Hosts: 127.0.0.1 1.marketbanker.com
O1 - Hosts: 127.0.0.1 1.primaryads.com
O1 - Hosts: 127.0.0.1 10.xxor.biz
O1 - Hosts: 127.0.0.1 1000stars.ru
O1 - Hosts: 127.0.0.1 1234.2bro.com #[Adware.Satbo]
O1 - Hosts: 127.0.0.1 123count.com
O1 - Hosts: 127.0.0.1 123go.com
O1 - Hosts: 127.0.0.1 123stat.com
O1 - Hosts: 127.0.0.1 13f15.ilxt.info
O1 - Hosts: 127.0.0.1 14713804A.l2m.net #[LiveTechnology]
O1 - Hosts: 127.0.0.1 17.sharedsource.org
O1 - Hosts: 127.0.0.1 171203.com
O1 - Hosts: 7557 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKCU..\Run: [Advanced Virus Remover] File not found
O4 - HKCU..\Run: [Esae] File not found
O4 - HKCU..\Run: [NBJ] File not found
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Shzaek] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-B PCI Adapter Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe (The Linksys Group, Inc.)
O4 - Startup: C:\Documents and Settings\mindy\Start Menu\Programs\Startup\RDP2009.lnk = C:\Program Files\Angle Interactive\RDP2009\RDP2009.exe (Angle Interactive)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} [You must be registered and logged in to see this link.] (Microsoft Office Template and Media Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} [You must be registered and logged in to see this link.] (MALPlaybackCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: gihofoyes - {3e77f0d7-57c8-46d0-8c23-333374b13dba} - File not found
O22 - SharedTaskScheduler: {3e77f0d7-57c8-46d0-8c23-333374b13dba} - gahurihor - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\mindy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mindy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0c39daf0-2394-11e0-9fff-944452a09951}\Shell - "" = AutoRun
O33 - MountPoints2\{0c39daf0-2394-11e0-9fff-944452a09951}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c39daf0-2394-11e0-9fff-944452a09951}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{0c39daf1-2394-11e0-9fff-944452a09951}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dmb1 - m3jpeg32.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.MJPG - m3jpeg32.dll File not found
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2011/01/19 10:50:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mindy\Desktop\OTL.com
[2011/01/19 10:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/19 10:27:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/19 10:27:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/19 10:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/19 10:26:33 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\mindy\Desktop\mbam-setup-1.46.exe
[2011/01/19 10:17:11 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/19 10:17:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2011/01/19 10:16:59 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\mindy\Desktop\HJTInstall.exe
[2011/01/18 22:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mindy\Application Data\U3
[2011/01/18 22:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2011/01/18 22:10:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\{113016FE-E013-4FAF-85FB-8649DEED76B2}
[2004/11/08 12:33:44 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/19 12:00:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mindy\Desktop\OTL.com
[2011/01/19 10:39:47 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/19 10:39:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/19 10:39:24 | 402,161,664 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/19 10:38:30 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/01/19 10:38:30 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/01/19 10:38:30 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-00511102}.dat
[2011/01/19 10:38:30 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000004-00511102}.dat
[2011/01/19 10:38:29 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000004-00511102}.rfx
[2011/01/19 10:38:29 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000009-00001102-00000004-00511102}.rfx
[2011/01/19 10:38:29 | 000,027,408 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000004-00511102}.rfx
[2011/01/19 10:38:29 | 000,027,408 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000004-00511102}.rfx
[2011/01/19 10:38:16 | 003,162,278 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000004-00511102}.CDF
[2011/01/19 10:27:12 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/19 10:17:11 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\mindy\Desktop\HijackThis.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/19 10:27:12 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/19 10:17:11 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\mindy\Desktop\HijackThis.lnk
[2009/09/06 10:53:25 | 000,019,526 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ykefimid.sys
[2009/09/06 10:53:25 | 000,016,178 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pyxikava.bin
[2009/09/06 10:53:25 | 000,013,159 | ---- | C] () -- C:\Program Files\Common Files\ohixyz.vbs
[2009/09/06 10:53:25 | 000,012,907 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\divyzataf.dl
[2009/09/06 10:53:25 | 000,011,923 | ---- | C] () -- C:\Documents and Settings\mindy\Local Settings\Application Data\ezyheryjo.vbs
[2009/09/06 10:53:25 | 000,011,025 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\owylapi.bin
[2009/09/06 10:53:25 | 000,010,580 | ---- | C] () -- C:\Documents and Settings\mindy\Application Data\atebi.db
[2009/09/06 10:53:24 | 000,015,179 | ---- | C] () -- C:\Program Files\Common Files\ifuh.dll
[2009/09/06 10:53:24 | 000,014,907 | ---- | C] () -- C:\Documents and Settings\mindy\Application Data\gybezatyd.db
[2007/01/27 18:21:10 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/12/02 23:10:55 | 000,001,020 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2006/12/02 22:49:09 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/20 12:38:15 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/23 23:24:53 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/09/29 11:20:35 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/21 10:56:07 | 000,000,110 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2006/08/21 10:53:09 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2006/08/21 10:53:09 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2006/04/09 02:09:28 | 000,002,259 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/03/19 22:35:29 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2005/01/28 19:34:39 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\mindy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/11/16 15:30:42 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2004/11/09 21:30:55 | 000,000,188 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/11/08 12:33:48 | 000,043,492 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2004/11/08 12:33:48 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/11/08 12:33:44 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2004/11/08 12:33:44 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/11/08 11:52:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/08 01:45:56 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/11/07 17:15:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/03/09 12:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1999/03/21 17:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/11/08 01:28:30 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 02:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2004/06/01 10:35:20 | 000,417,792 | ---- | M] () -- C:\WINDOWS\PhotoShow.scr
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/01/19 10:02:31 | 000,001,610 | -H-- | M] () -- C:\Documents and Settings\mindy\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2005/01/11 13:42:22 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/11/24 18:44:17 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\mindy\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/11/08 01:34:34 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\mindy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2009/12/09 19:02:30 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\mindy\Desktop\HJTInstall.exe
[2010/11/08 15:15:46 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\mindy\Desktop\mbam-setup-1.46.exe

< %PROGRAMFILES%\Common Files\*.* >
[2009/09/06 10:53:24 | 000,015,179 | ---- | M] () -- C:\Program Files\Common Files\ifuh.dll
[2009/09/06 10:53:25 | 000,013,159 | ---- | M] () -- C:\Program Files\Common Files\ohixyz.vbs

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2005/01/11 14:03:15 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\mindy\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/11/07 17:12:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/11/07 17:12:57 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/11/07 17:12:56 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2003/03/31 04:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2003/03/31 04:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2003/03/31 04:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2003/03/31 04:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2003/03/31 04:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2003/03/31 04:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2003/03/31 04:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2003/03/31 04:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2003/03/31 04:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2003/03/31 04:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/05/17 14:43:02 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/05/17 14:43:07 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/05/17 14:43:04 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/05/17 14:43:09 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/05/17 14:43:06 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2000/10/15 17:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS
[2004/08/03 22:07:32 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2009/04/17 01:58:57 | 001,846,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2004/08/03 23:56:41 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2004/08/03 23:56:41 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2004/08/03 23:56:41 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2004/08/03 23:56:41 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2004/08/03 23:56:41 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2004/08/03 23:56:41 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2004/08/03 23:56:41 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2006/05/03 08:10:35 | 000,040,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2erec.dll
[2004/08/03 23:56:41 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2004/08/03 23:56:41 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2004/08/03 23:56:41 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2004/08/03 23:56:41 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2004/08/03 23:56:41 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2004/08/03 23:56:41 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2004/08/03 23:56:45 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2004/08/03 23:56:46 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %SYSTEMDRIVE%\*.* >
[2009/09/05 12:59:24 | 000,000,002 | ---- | M] () -- C:\1350494964
[2005/01/11 13:42:59 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2004/11/08 01:28:59 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/01/19 10:39:24 | 402,161,664 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/22 17:44:07 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2009/08/22 17:44:07 | 000,539,993 | ---- | M] () -- C:\hpfr3425.log
[2004/11/08 01:28:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004/11/08 01:28:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/01/11 13:35:59 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2005/01/11 13:35:59 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/01/19 10:39:22 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys
[2004/12/05 20:42:00 | 004,232,230 | ---- | M] (Skype Software S.A. ) -- C:\SkypeSetup.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %PROGRAMFILES%\*. >
[2006/05/16 20:02:02 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/09/28 00:16:59 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2009/09/06 10:33:30 | 000,000,000 | ---D | M] -- C:\Program Files\Angle Interactive
[2006/11/24 18:48:10 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2007/01/27 18:24:10 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2006/12/02 23:01:37 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2011/01/18 22:11:02 | 000,000,000 | ---D | M] -- C:\Program Files\Belkin
[2011/01/19 10:38:01 | 000,000,000 | ---D | M] -- C:\Program Files\Common
[2009/09/06 10:53:25 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/11/08 01:25:12 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2004/11/08 12:33:38 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2005/12/01 19:37:51 | 000,000,000 | ---D | M] -- C:\Program Files\exPressit S.E. 2.1
[2009/01/19 12:51:01 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2004/11/09 21:37:52 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2006/12/01 12:21:34 | 000,000,000 | ---D | M] -- C:\Program Files\HOTLLAMA Media
[2007/01/27 18:24:10 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2004/11/08 01:38:21 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/08/10 08:06:02 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/03/06 16:11:14 | 000,000,000 | ---D | M] -- C:\Program Files\KODAK
[2004/11/08 12:54:30 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2004/11/08 12:37:24 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys
[2004/11/16 15:28:36 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2011/01/19 10:27:12 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2006/08/21 10:53:09 | 000,000,000 | ---D | M] -- C:\Program Files\MARS
[2008/08/19 14:20:36 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2004/11/08 11:49:21 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2004/11/08 11:49:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2004/11/08 11:51:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2005/01/11 13:41:15 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/08/10 08:11:35 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2004/11/08 01:24:58 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/11/08 01:24:45 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/08/10 08:02:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2006/12/01 10:35:41 | 000,000,000 | ---D | M] -- C:\Program Files\MTV Networks
[2006/01/16 02:25:42 | 000,000,000 | ---D | M] -- C:\Program Files\Musicmatch
[2005/01/11 13:38:05 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2004/11/08 01:27:23 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/08/17 09:05:57 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2007/01/27 18:20:50 | 000,000,000 | ---D | M] -- C:\Program Files\Panasonic
[2006/02/11 21:30:22 | 000,000,000 | ---D | M] -- C:\Program Files\Philips
[2006/11/20 13:38:42 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/10/23 08:36:53 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/08/10 08:11:19 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2005/11/08 00:40:30 | 000,000,000 | ---D | M] -- C:\Program Files\Simple Star
[2011/01/19 10:17:11 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2004/11/08 01:34:20 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/09/29 16:42:08 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2004/12/01 22:15:23 | 000,000,000 | ---D | M] -- C:\Program Files\WebSecureAlert
[2006/12/01 10:31:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2006/12/01 10:31:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2005/01/11 13:37:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/11/08 01:24:59 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/09/29 16:17:51 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2008/01/05 22:16:37 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2004/11/08 01:29:24 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2008/10/30 13:50:19 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2009/09/06 10:53:25 | 000,010,580 | ---- | M] () -- C:\Documents and Settings\mindy\Application Data\atebi.db
[2004/11/07 17:14:33 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\mindy\Application Data\desktop.ini
[2009/09/06 10:53:24 | 000,014,907 | ---- | M] () -- C:\Documents and Settings\mindy\Application Data\gybezatyd.db


< MD5 for: AGP440.SYS >
[2005/01/11 13:31:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2005/01/11 13:31:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004/08/03 22:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/03 22:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
[2001/08/17 05:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2003/03/31 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2005/01/11 13:31:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2005/01/11 13:31:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2003/03/31 04:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2003/03/31 04:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2003/03/31 04:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 21:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2003/03/31 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2005/01/11 13:31:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2005/01/11 13:31:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2004/08/03 21:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2004/08/03 21:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/03 23:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

< MD5 for: IDECHNDR.SYS >
[2002/10/15 00:00:00 | 000,101,431 | ---- | M] (Intel Corporation) MD5=7D2B8BE9E89628663C1FB571F7C34062 -- C:\Program Files\Intel\Intel Application Accelerator\Driver\IdeChnDr.sys
[2002/10/15 00:00:00 | 000,101,431 | ---- | M] (Intel Corporation) MD5=7D2B8BE9E89628663C1FB571F7C34062 -- C:\WINDOWS\system32\drivers\IdeChnDr.sys

< MD5 for: LOGEVENT.DLL >
[2004/08/03 23:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\logevent.dll

< MD5 for: NETLOGON.DLL >
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2004/08/03 23:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/03 23:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/03 23:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2003/03/31 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2005/01/11 13:31:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2005/01/11 13:31:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2004/08/03 22:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2004/08/03 22:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-09-07 13:01:09

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$hf_mig$\KB932168\KB932168] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB933729\KB933729] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB943460\KB943460] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP140.tmp\ZAP140.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29A.tmp\ZAP29A.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP37C.tmp\ZAP37C.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP398.tmp\ZAP398.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\temp\temp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\tmp\tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Config\Config] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Connection Wizard\Connection Wizard] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\chsime\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\CHTIME\Applets\Applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imejp\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imejp98\imejp98] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imjp8_1\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imkr6_1\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imkr6_1\dicts\dicts] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\shared\res\res] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\java\classes\classes] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\java\trustlib\trustlib] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\msapps\msinfo\msinfo] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\ErrorRep\QHEADLES\QHEADLES] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\ErrorRep\QSIGNOFF\QSIGNOFF] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\ErrorRep\UserDumps\UserDumps] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\Config\News\News] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Registration\CRMLog\CRMLog] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\1025\1025] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\1028\1028] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\1031\1031] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\1037\1037] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\1041\1041] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\1042\1042] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\1054\1054] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\2052\2052] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\3076\3076] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\3com_dmi\3com_dmi] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\appmgmt\S-1-5-21-1645522239-1935655697-1343024091-1003\S-1-5-21-1645522239-1935655697-1343024091-1003] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Application Data] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\Recent\Recent] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\dhcp\dhcp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\drivers\disdn\disdn] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\export\export] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\LogFiles\WUDF\WUDF] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\mui\dispspec\dispspec] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\oobe\html\oemcust\oemcust] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\oobe\html\oemhw\oemhw] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\oobe\html\oemreg\oemreg] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\oobe\sample\sample] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\ShellExt\ShellExt] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\spool\PRINTERS\PRINTERS] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\wbem\mof\bad\bad] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\wbem\snmp\snmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\wins\wins] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\xircom\xircom] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\WinSxS\InstallTemp\InstallTemp] -> \Device\__max++>\^ -> Mount Point

< End of report >


becca21669

Rookie Surfer
Rookie Surfer

Posts : 131
Joined : 2009-12-10
Operating System : Win 8.1 Enterprise 64-bit

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by becca21669 on Thu 20 Jan 2011, 9:32 am

OTL Extras logfile created on: 1/19/2011 10:52:24 AM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\mindy\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.00 Mb Total Physical Memory | 117.00 Mb Available Physical Memory | 31.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 13.28 Gb Free Space | 35.65% Space Free | Partition Type: NTFS
Drive E: | 979.98 Mb Total Space | 903.62 Mb Free Space | 92.21% Space Free | Partition Type: FAT32

Computer Name: MINDY-DB2QZ5SQ6 | User Name: mindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe" = C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime -- (Nero AG)
"C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader
"C:\My Downloads\WoW-BurningCrusade-enUS-Installer-downloader.exe" = C:\My Downloads\WoW-BurningCrusade-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.75
"{5C6956F3-B586-4674-BCD0-CCF7EC1DF766}" = Wireless-B PCI Adapter WLAN Monitor
"{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}" = ArcSoft PhotoImpression 4
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
"{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{BAE20F4A-96D7-4D96-966F-41D7E87786E0}" = Philips PSS Device Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1B3874F-3057-11D6-B2EA-0050BA18806B}" = Camera Driver
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"exPressit S.E. 2.1" = exPressit S.E. 2.1
"HijackThis" = HijackThis 2.0.2
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"InstallShield_{BAE20F4A-96D7-4D96-966F-41D7E87786E0}" = Philips PSS Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoShow Express" = PhotoShow Express
"RealPlayer 6.0" = RealPlayer
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >

becca21669

Rookie Surfer
Rookie Surfer

Posts : 131
Joined : 2009-12-10
Operating System : Win 8.1 Enterprise 64-bit

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by Crush on Thu 20 Jan 2011, 12:52 pm

Hi Becca,

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by becca21669 on Thu 20 Jan 2011, 2:37 pm

Microsoft Windows Recovery Console is not installed and one of the problems I have is it won't let me get onto the internet so combofix can't connect to install the console.

What should I do?

becca21669

Rookie Surfer
Rookie Surfer

Posts : 131
Joined : 2009-12-10
Operating System : Win 8.1 Enterprise 64-bit

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by becca21669 on Thu 20 Jan 2011, 2:59 pm

I went ahead and ran it..



ComboFix 11-01-19.01 - mindy 01/19/2011 18:37:04.1.1 - x86
Running from: c:\documents and settings\mindy\Desktop\commy.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\mindy\Cookies\jequjuj.com
c:\program files\Common
c:\windows\system32\wnsintcc.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2010-12-20 to 2011-01-20 )))))))))))))))))))))))))))))))
.

2011-01-19 21:20 . 2011-01-19 21:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Sunbelt
2011-01-19 19:09 . 2011-01-19 19:09 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-01-19 19:08 . 2011-01-20 02:15 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-01-19 19:08 . 2011-01-19 19:08 -------- dc----w- c:\program files\Alwil Software
2011-01-19 18:27 . 2010-04-29 23:39 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-19 18:27 . 2011-01-19 18:27 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-19 18:27 . 2010-04-29 23:39 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-01-19 18:17 . 2011-01-19 18:17 -------- dc----w- c:\program files\Trend Micro
2011-01-19 06:19 . 2011-01-19 07:14 -------- dc----w- c:\documents and settings\mindy\Application Data\U3
2011-01-19 06:11 . 2011-01-19 06:11 -------- dc----w- c:\program files\Belkin
2011-01-19 06:10 . 2011-01-19 06:10 -------- dc----w- c:\windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 18:53 . 2009-09-06 18:53 13159 -c--a-w- c:\program files\Common Files\ohixyz.vbs
2009-09-06 18:53 . 2009-09-06 18:53 15179 -c--a-w- c:\program files\Common Files\ifuh.dll
.

------- Sigcheck -------


[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\eventlog.dll

c:\windows\System32\drivers\beep.sys ... is missing !!
c:\windows\System32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shzaek"="c:\windows\System32\l?ass.exe" [?]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-22 163840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-23 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-26 282624]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

c:\documents and settings\mindy\Start Menu\Programs\Startup\
RDP2009.lnk - c:\program files\Angle Interactive\RDP2009\RDP2009.exe [2009-6-29 1193408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-8 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-1-27 57344]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
Wireless-B PCI Adapter Utility.lnk - c:\program files\Linksys\WMP11 Config Utility\WMP11Cfg.exe [2004-11-8 4638720]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\My Downloads\\WoW-BurningCrusade-enUS-Installer-downloader.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-19 136176]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-07 594048]

.
Contents of the 'Scheduled Tasks' folder

2004-12-17 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2003-03-31 07:56]

2007-03-04 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8100065084.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 08:52]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-19 19:09]

2009-12-23 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Esae - c:\documents and settings\mindy\Application Data\aart.exe
HKCU-Run-NBJ - (no file)
SharedTaskScheduler-{3e77f0d7-57c8-46d0-8c23-333374b13dba} - c:\windows\system32\dujupesa.dll
SSODL-gihofoyes-{3e77f0d7-57c8-46d0-8c23-333374b13dba} - c:\windows\system32\dujupesa.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-01-19 18:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2356)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\windows\system32\IEFRAME.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\mshtml.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Completion time: 2011-01-19 18:52:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-20 02:52

Pre-Run: 14,164,549,632 bytes free
Post-Run: 14,072,418,304 bytes free

- - End Of File - - 40E4D0F2D3F9BF166267E73B06D27973

becca21669

Rookie Surfer
Rookie Surfer

Posts : 131
Joined : 2009-12-10
Operating System : Win 8.1 Enterprise 64-bit

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by Crush on Thu 20 Jan 2011, 6:32 pm

Hi,

Oh boy. This should be fun!


  1. Download Win32kDiag from any of the following locations and save it to your Desktop.

    • Download Win32kDiag (Win32kDiag.exe) - #1
    • Download Win32kDiag (Win32kDiag.exe) - #2
    • Download Win32kDiag (Win32kDiag.exe) - #3

  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  • Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

  • Crush

    Tech Officer
    Tech Officer

    Posts : 3889
    Joined : 2010-01-28

    View user profile

    Back to top Go down

    Re: Infected and can't get on Internet

    Post by becca21669 on Fri 21 Jan 2011, 5:19 am

    Running from: C:\Documents and Settings\mindy\Desktop\Win32kDiag.exe

    Log file at : C:\Documents and Settings\mindy\Desktop\Win32kDiag.txt

    WARNING: Could not get backup privileges!

    Searching 'C:\WINDOWS'...



    Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP140.tmp\ZAP140.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29A.tmp\ZAP29A.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP37C.tmp\ZAP37C.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP398.tmp\ZAP398.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\temp\temp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\tmp\tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Config\Config

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\chsime\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imejp\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imejp98\imejp98

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\shared\res\res

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\java\classes\classes

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\java\trustlib\trustlib

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\PCHealth\ErrorRep\QHEADLES\QHEADLES

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\PCHealth\ErrorRep\QSIGNOFF\QSIGNOFF

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\PCHealth\ErrorRep\UserDumps\UserDumps

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\News\News

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\1025\1025

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\1028\1028

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\1031\1031

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\1037\1037

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\1041\1041

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\1042\1042

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\1054\1054

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\2052\2052

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\3076\3076

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-1645522239-1935655697-1343024091-1003\S-1-5-21-1645522239-1935655697-1343024091-1003

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Application Data

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\dhcp\dhcp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\export\export

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\oobe\sample\sample

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\wins\wins

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\system32\xircom\xircom

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

    Mount point destination : \Device\__max++>\^



    Finished!

    becca21669

    Rookie Surfer
    Rookie Surfer

    Posts : 131
    Joined : 2009-12-10
    Operating System : Win 8.1 Enterprise 64-bit

    View user profile

    Back to top Go down

    Re: Infected and can't get on Internet

    Post by Crush on Fri 21 Jan 2011, 11:05 am

    We need to run the tool with the following command to fix some malware related changes.

    Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK:

    "%userprofile%\desktop\win32kdiag.exe" -f -r

    When it's finished, there will be a log called Win32kDiag.txt on your
    desktop. Please open it with notepad and post the contents here.

    Crush

    Tech Officer
    Tech Officer

    Posts : 3889
    Joined : 2010-01-28

    View user profile

    Back to top Go down

    Re: Infected and can't get on Internet

    Post by becca21669 on Fri 21 Jan 2011, 1:11 pm

    Running from: C:\Documents and Settings\mindy\desktop\win32kdiag.exe

    Log file at : C:\Documents and Settings\mindy\Desktop\Win32kDiag.txt

    Removing all found mount points.

    Attempting to reset file permissions.

    WARNING: Could not get backup privileges!

    Searching 'C:\WINDOWS'...



    Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

    Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

    Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP140.tmp\ZAP140.tmp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP140.tmp\ZAP140.tmp

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29A.tmp\ZAP29A.tmp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29A.tmp\ZAP29A.tmp

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP37C.tmp\ZAP37C.tmp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP37C.tmp\ZAP37C.tmp

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP398.tmp\ZAP398.tmp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP398.tmp\ZAP398.tmp

    Found mount point : C:\WINDOWS\assembly\temp\temp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\temp\temp

    Found mount point : C:\WINDOWS\assembly\tmp\tmp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\assembly\tmp\tmp

    Found mount point : C:\WINDOWS\Config\Config

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Config\Config

    Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

    Found mount point : C:\WINDOWS\ime\chsime\applets\applets

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

    Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

    Found mount point : C:\WINDOWS\ime\imejp\applets\applets

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

    Found mount point : C:\WINDOWS\ime\imejp98\imejp98

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

    Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

    Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

    Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

    Found mount point : C:\WINDOWS\ime\shared\res\res

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\ime\shared\res\res

    Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

    Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

    Found mount point : C:\WINDOWS\java\classes\classes

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\java\classes\classes

    Found mount point : C:\WINDOWS\java\trustlib\trustlib

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\java\trustlib\trustlib

    Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

    Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

    Found mount point : C:\WINDOWS\PCHealth\ErrorRep\QHEADLES\QHEADLES

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\PCHealth\ErrorRep\QHEADLES\QHEADLES

    Found mount point : C:\WINDOWS\PCHealth\ErrorRep\QSIGNOFF\QSIGNOFF

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\PCHealth\ErrorRep\QSIGNOFF\QSIGNOFF

    Found mount point : C:\WINDOWS\PCHealth\ErrorRep\UserDumps\UserDumps

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\PCHealth\ErrorRep\UserDumps\UserDumps

    Found mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

    Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint

    Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\News\News

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\News\News

    Found mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles

    Found mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs

    Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS

    Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM

    Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp

    Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

    Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

    Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

    Found mount point : C:\WINDOWS\system32\1025\1025

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\1025\1025

    Found mount point : C:\WINDOWS\system32\1028\1028

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\1028\1028

    Found mount point : C:\WINDOWS\system32\1031\1031

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\1031\1031

    Found mount point : C:\WINDOWS\system32\1037\1037

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\1037\1037

    Found mount point : C:\WINDOWS\system32\1041\1041

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\1041\1041

    Found mount point : C:\WINDOWS\system32\1042\1042

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\1042\1042

    Found mount point : C:\WINDOWS\system32\1054\1054

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\1054\1054

    Found mount point : C:\WINDOWS\system32\2052\2052

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\2052\2052

    Found mount point : C:\WINDOWS\system32\3076\3076

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\3076\3076

    Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

    Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

    Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-1645522239-1935655697-1343024091-1003\S-1-5-21-1645522239-1935655697-1343024091-1003

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-1645522239-1935655697-1343024091-1003\S-1-5-21-1645522239-1935655697-1343024091-1003

    Found mount point : C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir

    Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak

    Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

    Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

    Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

    Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

    Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites

    Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Application Data

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Application Data

    Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

    Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

    Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

    Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent

    Found mount point : C:\WINDOWS\system32\dhcp\dhcp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\dhcp\dhcp

    Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn

    Found mount point : C:\WINDOWS\system32\export\export

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\export\export

    Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

    Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

    Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

    Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

    Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

    Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

    Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

    Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

    Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

    Found mount point : C:\WINDOWS\system32\oobe\sample\sample

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\oobe\sample\sample

    Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt

    Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

    Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

    Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\wbem\snmp\snmp

    Found mount point : C:\WINDOWS\system32\wins\wins

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\wins\wins

    Found mount point : C:\WINDOWS\system32\xircom\xircom

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\system32\xircom\xircom

    Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp



    Finished!


    becca21669

    Rookie Surfer
    Rookie Surfer

    Posts : 131
    Joined : 2009-12-10
    Operating System : Win 8.1 Enterprise 64-bit

    View user profile

    Back to top Go down

    Re: Infected and can't get on Internet

    Post by Crush on Fri 21 Jan 2011, 7:19 pm

    Hi,

    Please run ComboFix once more and post that log. We're almost done here

    Crush

    Tech Officer
    Tech Officer

    Posts : 3889
    Joined : 2010-01-28

    View user profile

    Back to top Go down

    Re: Infected and can't get on Internet

    Post by becca21669 on Sat 22 Jan 2011, 5:28 am

    ComboFix 11-01-19.01 - mindy 01/21/2011 9:13.2.1 - x86
    Running from: c:\documents and settings\mindy\Desktop\commy.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2010-12-21 to 2011-01-21 )))))))))))))))))))))))))))))))
    .

    2011-01-19 21:20 . 2011-01-19 21:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Sunbelt
    2011-01-19 19:09 . 2011-01-19 19:09 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2011-01-19 19:08 . 2011-01-20 02:15 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2011-01-19 19:08 . 2011-01-19 19:08 -------- dc----w- c:\program files\Alwil Software
    2011-01-19 18:27 . 2010-04-29 23:39 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-19 18:27 . 2011-01-19 18:27 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-19 18:27 . 2010-04-29 23:39 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-19 18:17 . 2011-01-19 18:17 -------- dc----w- c:\program files\Trend Micro
    2011-01-19 06:19 . 2011-01-19 07:14 -------- dc----w- c:\documents and settings\mindy\Application Data\U3
    2011-01-19 06:11 . 2011-01-19 06:11 -------- dc----w- c:\program files\Belkin
    2011-01-19 06:10 . 2011-01-19 06:10 -------- dc----w- c:\windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-06 18:53 . 2009-09-06 18:53 13159 -c--a-w- c:\program files\Common Files\ohixyz.vbs
    2009-09-06 18:53 . 2009-09-06 18:53 15179 -c--a-w- c:\program files\Common Files\ifuh.dll
    .

    ------- Sigcheck -------


    [7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\eventlog.dll

    c:\windows\System32\drivers\beep.sys ... is missing !!
    c:\windows\System32\eventlog.dll ... is missing !!
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Shzaek"="c:\windows\System32\l?ass.exe" [?]
    "PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-22 163840]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856]
    "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
    "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
    "Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]
    "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-23 185896]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-26 282624]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

    c:\documents and settings\mindy\Start Menu\Programs\Startup\
    RDP2009.lnk - c:\program files\Angle Interactive\RDP2009\RDP2009.exe [2009-6-29 1193408]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-8 113664]
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
    hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
    LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-1-27 57344]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
    Wireless-B PCI Adapter Utility.lnk - c:\program files\Linksys\WMP11 Config Utility\WMP11Cfg.exe [2004-11-8 4638720]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
    "c:\\My Downloads\\WoW-BurningCrusade-enUS-Installer-downloader.exe"=
    "c:\\Program Files\\QuickTime\\qttask.exe"=

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-19 136176]
    R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-07 594048]

    .
    Contents of the 'Scheduled Tasks' folder

    2004-12-17 c:\windows\Tasks\Disk Cleanup.job
    - c:\windows\system32\cleanmgr.exe [2003-03-31 07:56]

    2007-03-04 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8100065084.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 08:52]

    2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-19 19:09]

    2009-12-23 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 05:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = [You must be registered and logged in to see this link.]
    uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
    mStart Page = [You must be registered and logged in to see this link.]
    uSearchAssistant = [You must be registered and logged in to see this link.]
    uSearchURL,(Default) = [You must be registered and logged in to see this link.]
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
    Rootkit scan 2011-01-21 09:21
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(860)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(456)
    c:\windows\system32\WININET.dll
    c:\program files\Logitech\MouseWare\System\LgWndHk.dll
    c:\program files\Logitech\iTouch\iTchHk.dll
    c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-01-21 09:24:22
    ComboFix-quarantined-files.txt 2011-01-21 17:24
    ComboFix2.txt 2011-01-20 02:52

    Pre-Run: 14,051,663,872 bytes free
    Post-Run: 14,046,683,136 bytes free

    - - End Of File - - 43060B72E2E49D7C0E8AE1A2218E8776

    becca21669

    Rookie Surfer
    Rookie Surfer

    Posts : 131
    Joined : 2009-12-10
    Operating System : Win 8.1 Enterprise 64-bit

    View user profile

    Back to top Go down

    Re: Infected and can't get on Internet

    Post by Crush on Sat 22 Jan 2011, 6:36 am

    Hi,

    Do you have the CD's that came with your machine? We've still got a bit of work to do.

    Crush

    Tech Officer
    Tech Officer

    Posts : 3889
    Joined : 2010-01-28

    View user profile

    Back to top Go down

    Re: Infected and can't get on Internet

    Post by becca21669 on Sat 22 Jan 2011, 8:07 am

    No I do not. I have a copy of XP from my other computers though.

    becca21669

    Rookie Surfer
    Rookie Surfer

    Posts : 131
    Joined : 2009-12-10
    Operating System : Win 8.1 Enterprise 64-bit

    View user profile

    Back to top Go down

    Re: Infected and can't get on Internet

    Post by Crush on Sat 22 Jan 2011, 9:05 am

    Is it the same Service Pack level as your machine? Any CD with the same Service Pack level will do.

    Crush

    Tech Officer
    Tech Officer

    Posts : 3889
    Joined : 2010-01-28

    View user profile

    Back to top Go down

    Re: Infected and can't get on Internet

    Post by becca21669 on Sat 22 Jan 2011, 9:24 am

    Ya I have an old hp operating system CD -- XP pro SP2...that will work, right?

    becca21669

    Rookie Surfer
    Rookie Surfer

    Posts : 131
    Joined : 2009-12-10
    Operating System : Win 8.1 Enterprise 64-bit

    View user profile

    Back to top Go down

    Re: Infected and can't get on Internet

    Post by Crush on Sat 22 Jan 2011, 10:21 am

    It should, yes. Do you need to find it or actually have it in hand?

    Crush

    Tech Officer
    Tech Officer

    Posts : 3889
    Joined : 2010-01-28

    View user profile

    Back to top Go down

    Re: Infected and can't get on Internet

    Post by becca21669 on Sat 22 Jan 2011, 2:52 pm

    I have it right now.

    becca21669

    Rookie Surfer
    Rookie Surfer

    Posts : 131
    Joined : 2009-12-10
    Operating System : Win 8.1 Enterprise 64-bit

    View user profile

    Back to top Go down

    Re: Infected and can't get on Internet

    Post by Crush on Sat 22 Jan 2011, 3:28 pm

    Hi,

    First, let's do this:

    Re-running ComboFix to remove infections:

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    3. Open notepad and copy/paste the text in the quotebox below into it:
      MIA::
      c:\windows\System32\drivers\beep.sys
      c:\windows\System32\eventlog.dll
    4. Save this as CFScript.txt, in the same location as ComboFix.exe



    5. Referring to the picture above, drag CFScript into ComboFix.exe
    6. When finished, it shall produce a log for you at C:\ComboFix.txt
    7. Please post the contents of the log in your next reply.

    Crush

    Tech Officer
    Tech Officer

    Posts : 3889
    Joined : 2010-01-28

    View user profile

    Back to top Go down

    Re: Infected and can't get on Internet

    Post by becca21669 on Sun 23 Jan 2011, 2:27 am

    It says I have Avira AntiVir PersonalEdition Classic "Active" but I can seem to find it anywhere to remove it.

    Here is the log anyway...thx for helping

    ComboFix 11-01-19.01 - mindy 01/22/2011 6:11.3.1 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.383.122 [GMT -8:00]
    Running from: c:\documents and settings\mindy\Desktop\commy.exe
    Command switches used :: c:\documents and settings\mindy\Desktop\CFScript.txt
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {806ED0B3-FFA4-00EB-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {806ED0B3-FFA4-00FC-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {806ED0B3-FFA4-00DA-0D24-347CA8A3377C}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\System32\drivers\beep.sys . . . is missing!!

    c:\windows\System32\eventlog.dll was missing
    Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-22 to 2011-01-22 )))))))))))))))))))))))))))))))
    .

    2011-01-22 14:19 . 2004-08-04 07:56 55808 -c--a-w- c:\windows\system32\eventlog.dll
    2011-01-22 14:19 . 2004-08-04 07:56 55808 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
    2011-01-19 21:20 . 2011-01-19 21:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Sunbelt
    2011-01-19 19:09 . 2011-01-19 19:09 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2011-01-19 19:08 . 2011-01-20 02:15 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2011-01-19 19:08 . 2011-01-19 19:08 -------- dc----w- c:\program files\Alwil Software
    2011-01-19 18:27 . 2010-04-29 23:39 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-19 18:27 . 2011-01-19 18:27 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-19 18:27 . 2010-04-29 23:39 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-19 18:17 . 2011-01-19 18:17 -------- dc----w- c:\program files\Trend Micro
    2011-01-19 06:19 . 2011-01-19 07:14 -------- dc----w- c:\documents and settings\mindy\Application Data\U3
    2011-01-19 06:11 . 2011-01-19 06:11 -------- dc----w- c:\program files\Belkin
    2011-01-19 06:10 . 2011-01-19 06:10 -------- dc----w- c:\windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-06 18:53 . 2009-09-06 18:53 13159 -c--a-w- c:\program files\Common Files\ohixyz.vbs
    2009-09-06 18:53 . 2009-09-06 18:53 15179 -c--a-w- c:\program files\Common Files\ifuh.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Shzaek"="c:\windows\System32\l?ass.exe" [?]
    "PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-22 163840]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856]
    "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
    "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
    "Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]
    "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-23 185896]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-26 282624]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

    c:\documents and settings\mindy\Start Menu\Programs\Startup\
    RDP2009.lnk - c:\program files\Angle Interactive\RDP2009\RDP2009.exe [2009-6-29 1193408]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-8 113664]
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
    hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
    LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-1-27 57344]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
    Wireless-B PCI Adapter Utility.lnk - c:\program files\Linksys\WMP11 Config Utility\WMP11Cfg.exe [2004-11-8 4638720]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
    "c:\\My Downloads\\WoW-BurningCrusade-enUS-Installer-downloader.exe"=
    "c:\\Program Files\\QuickTime\\qttask.exe"=

    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/19/2011 11:09 AM 136176]
    S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [1/6/2010 5:21 PM 594048]
    .
    Contents of the 'Scheduled Tasks' folder

    2004-12-17 c:\windows\Tasks\Disk Cleanup.job
    - c:\windows\system32\cleanmgr.exe [2003-03-31 07:56]

    2007-03-04 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8100065084.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 08:52]

    2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-19 19:09]

    2009-12-23 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 05:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = [You must be registered and logged in to see this link.]
    uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
    mStart Page = [You must be registered and logged in to see this link.]
    uSearchAssistant = [You must be registered and logged in to see this link.]
    uSearchURL,(Default) = [You must be registered and logged in to see this link.]
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
    Rootkit scan 2011-01-22 06:19
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(860)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(2984)
    c:\windows\system32\WININET.dll
    c:\program files\Logitech\MouseWare\System\LgWndHk.dll
    c:\program files\Logitech\iTouch\iTchHk.dll
    c:\windows\system32\ieframe.dll
    c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-01-22 06:22:24
    ComboFix-quarantined-files.txt 2011-01-22 14:22
    ComboFix2.txt 2011-01-21 17:24
    ComboFix3.txt 2011-01-20 02:52

    Pre-Run: 14,046,937,088 bytes free
    Post-Run: 14,042,509,312 bytes free

    - - End Of File - - 74F584505E5C64E2DBF1D1453A269B72

    becca21669

    Rookie Surfer
    Rookie Surfer

    Posts : 131
    Joined : 2009-12-10
    Operating System : Win 8.1 Enterprise 64-bit

    View user profile

    Back to top Go down

    Re: Infected and can't get on Internet

    Post by Crush on Sun 23 Jan 2011, 5:20 am

    Hi,

    As the machine boots up it might ask you to press any key to boot from the CD, if not please hit F8 to bring up the boot menu. In that menu please choose CD\DVD ROM Drive

    At the "Welcome to Setup" screen, press R to start Recovery Console. Choose the installation to be repaired by number (usually 1) and press "Enter".

    When you are asked for the Administrator password, leave it blank and press "Enter".

    Copy the following file to the root directory of the primary hard disk. In the example we are copying these files from the CD-ROM drive letter "C". This letter may be different on your computer. At the command prompt (C:\Windows>), type the following and press "Enter":

    expand E:\i386\beep.sy_ c:\windows\System32\drivers\beep.sys

    Once this is completed successfully, remove the CD from the computer and reboot.

    Crush

    Tech Officer
    Tech Officer

    Posts : 3889
    Joined : 2010-01-28

    View user profile

    Back to top Go down

    Re: Infected and can't get on Internet

    Post by becca21669 on Sun 23 Jan 2011, 8:37 am

    I tried but it said:
    "Unable to create file beep.sys.
    0 file(s) expanded."

    What should I do now?

    becca21669

    Rookie Surfer
    Rookie Surfer

    Posts : 131
    Joined : 2009-12-10
    Operating System : Win 8.1 Enterprise 64-bit

    View user profile

    Back to top Go down

    Re: Infected and can't get on Internet

    Post by Crush on Sun 23 Jan 2011, 12:07 pm

    Can you post a new ComboFix log please? I think I have an idea

    Crush

    Tech Officer
    Tech Officer

    Posts : 3889
    Joined : 2010-01-28

    View user profile

    Back to top Go down

    Re: Infected and can't get on Internet

    Post by becca21669 on Sun 23 Jan 2011, 12:51 pm

    Here u go

    ComboFix 11-01-19.01 - mindy 01/22/2011 16:37:40.4.1 - x86
    Running from: c:\documents and settings\mindy\Desktop\commy.exe
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {806ED0B3-FFA4-00EB-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {806ED0B3-FFA4-00FC-0D24-347CA8A3377C}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
    AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {806ED0B3-FFA4-00DA-0D24-347CA8A3377C}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2010-12-23 to 2011-01-23 )))))))))))))))))))))))))))))))
    .

    2011-01-22 14:19 . 2004-08-04 07:56 55808 -c--a-w- c:\windows\system32\eventlog.dll
    2011-01-22 14:19 . 2004-08-04 07:56 55808 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
    2011-01-19 21:20 . 2011-01-19 21:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Sunbelt
    2011-01-19 19:09 . 2011-01-19 19:09 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2011-01-19 19:08 . 2011-01-20 02:15 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2011-01-19 19:08 . 2011-01-19 19:08 -------- dc----w- c:\program files\Alwil Software
    2011-01-19 18:27 . 2010-04-29 23:39 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-19 18:27 . 2011-01-19 18:27 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-19 18:27 . 2010-04-29 23:39 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-19 18:17 . 2011-01-19 18:17 -------- dc----w- c:\program files\Trend Micro
    2011-01-19 06:19 . 2011-01-19 07:14 -------- dc----w- c:\documents and settings\mindy\Application Data\U3
    2011-01-19 06:11 . 2011-01-19 06:11 -------- dc----w- c:\program files\Belkin
    2011-01-19 06:10 . 2011-01-19 06:10 -------- dc----w- c:\windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-06 18:53 . 2009-09-06 18:53 13159 -c--a-w- c:\program files\Common Files\ohixyz.vbs
    2009-09-06 18:53 . 2009-09-06 18:53 15179 -c--a-w- c:\program files\Common Files\ifuh.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Shzaek"="c:\windows\System32\l?ass.exe" [?]
    "PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-22 163840]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856]
    "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
    "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
    "Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]
    "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-23 185896]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-26 282624]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

    c:\documents and settings\mindy\Start Menu\Programs\Startup\
    RDP2009.lnk - c:\program files\Angle Interactive\RDP2009\RDP2009.exe [2009-6-29 1193408]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-8 113664]
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
    hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
    LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-1-27 57344]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
    Wireless-B PCI Adapter Utility.lnk - c:\program files\Linksys\WMP11 Config Utility\WMP11Cfg.exe [2004-11-8 4638720]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
    "c:\\My Downloads\\WoW-BurningCrusade-enUS-Installer-downloader.exe"=
    "c:\\Program Files\\QuickTime\\qttask.exe"=

    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/19/2011 11:09 AM 136176]
    S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [1/6/2010 5:21 PM 594048]
    .
    Contents of the 'Scheduled Tasks' folder

    2004-12-17 c:\windows\Tasks\Disk Cleanup.job
    - c:\windows\system32\cleanmgr.exe [2003-03-31 07:56]

    2007-03-04 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8100065084.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 08:52]

    2011-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-19 19:09]

    2011-01-23 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 05:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = [You must be registered and logged in to see this link.]
    uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
    mStart Page = [You must be registered and logged in to see this link.]
    uSearchAssistant = [You must be registered and logged in to see this link.]
    uSearchURL,(Default) = [You must be registered and logged in to see this link.]
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
    Rootkit scan 2011-01-22 16:45
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(864)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(3316)
    c:\windows\system32\WININET.dll
    c:\program files\Logitech\MouseWare\System\LgWndHk.dll
    c:\program files\Logitech\iTouch\iTchHk.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-01-22 16:48:25
    ComboFix-quarantined-files.txt 2011-01-23 00:48
    ComboFix2.txt 2011-01-22 14:22
    ComboFix3.txt 2011-01-21 17:24
    ComboFix4.txt 2011-01-20 02:52

    Pre-Run: 14,021,742,592 bytes free
    Post-Run: 14,016,847,872 bytes free

    - - End Of File - - A639EC036FC53A416939FF64809AF27C

    becca21669

    Rookie Surfer
    Rookie Surfer

    Posts : 131
    Joined : 2009-12-10
    Operating System : Win 8.1 Enterprise 64-bit

    View user profile

    Back to top Go down

    Re: Infected and can't get on Internet

    Post by Crush on Sun 23 Jan 2011, 2:59 pm

    Thanks. I'm working on a plan of attack. I will be back asap

    Crush

    Tech Officer
    Tech Officer

    Posts : 3889
    Joined : 2010-01-28

    View user profile

    Back to top Go down

    Re: Infected and can't get on Internet

    Post by becca21669 on Sun 23 Jan 2011, 5:45 pm

    Alright thanks!

    becca21669

    Rookie Surfer
    Rookie Surfer

    Posts : 131
    Joined : 2009-12-10
    Operating System : Win 8.1 Enterprise 64-bit

    View user profile

    Back to top Go down

    Re: Infected and can't get on Internet

    Post by Sponsored content Today at 6:19 am


    Sponsored content


    Back to top Go down

    Page 1 of 2 1, 2  Next

    View previous topic View next topic Back to top


     
    Permissions in this forum:
    You cannot reply to topics in this forum