Infected and can't get on Internet

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Infected and can't get on Internet

Post by becca21669 on Thu 20 Jan 2011, 9:29 am

First topic message reminder :

I can't get onto the internet to update and run any anti-virus software so my computer is infected and not secured. How can I remove the problems and get the Internet back running?

*******************************************************************************************
OTL logfile created on: 1/19/2011 10:52:24 AM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\mindy\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.00 Mb Total Physical Memory | 117.00 Mb Available Physical Memory | 31.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 13.28 Gb Free Space | 35.65% Space Free | Partition Type: NTFS
Drive E: | 979.98 Mb Total Space | 903.62 Mb Free Space | 92.21% Space Free | Partition Type: FAT32

Computer Name: MINDY-DB2QZ5SQ6 | User Name: mindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/19 12:00:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mindy\Desktop\OTL.com
PRC - [2008/10/07 07:23:46 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2007/07/03 13:50:21 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/23 08:36:19 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/11/14 11:25:02 | 000,057,344 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
PRC - [2005/01/21 16:04:42 | 000,163,840 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe
PRC - [2003/10/06 14:57:32 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2003/07/31 22:29:22 | 004,638,720 | ---- | M] (The Linksys Group, Inc.) -- C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
PRC - [2003/04/06 01:17:18 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2002/11/23 02:15:00 | 000,631,362 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe
PRC - [2002/11/21 09:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE


========== Modules (SafeList) ==========

MOD - [2011/01/19 12:00:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mindy\Desktop\OTL.com
MOD - [2006/08/25 07:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/03 23:56:43 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2003/10/06 14:57:50 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
MOD - [2002/11/23 02:15:00 | 000,004,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\itchhk.dll
MOD - [2002/11/21 09:50:00 | 000,023,552 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2002/11/21 09:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2003/07/29 13:41:42 | 000,458,752 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe -- (NICSer_WMP11)
SRV - [2003/03/09 12:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/01/06 17:21:00 | 000,594,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2008/06/20 01:52:06 | 000,225,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2006/05/03 08:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/07 17:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 22:08:21 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 21:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/10/21 17:26:08 | 000,904,496 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/10/21 17:23:44 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2003/10/21 17:22:18 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003/10/14 11:17:56 | 000,332,800 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/10/13 17:42:12 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/10/08 10:09:10 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/10/08 10:08:12 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/10/08 10:06:50 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/10/08 10:06:04 | 000,366,160 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/09/20 08:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/02/12 14:29:00 | 000,166,272 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwl5.sys -- (BCM43XX)
DRV - [2002/12/13 00:06:40 | 000,129,875 | R--- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2002/11/14 18:15:00 | 000,012,640 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2002/11/08 01:50:00 | 000,070,238 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2002/11/08 01:50:00 | 000,052,238 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2002/10/15 00:00:00 | 000,101,431 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel(R)
DRV - [2002/10/15 00:00:00 | 000,013,891 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2000/10/15 17:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004/12/05 20:40:22 | 000,272,672 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 00hq.com #[Adware.Winshow][Parasite.Winshow]
O1 - Hosts: 127.0.0.1 01.sharedsource.org
O1 - Hosts: 127.0.0.1 0190-dialer.com
O1 - Hosts: 127.0.0.1 03.sharedsource.org #[UDConnect Class]
O1 - Hosts: 127.0.0.1 05.sharedsource.org
O1 - Hosts: 127.0.0.1 05p.com
O1 - Hosts: 127.0.0.1 09.sharedsource.org
O1 - Hosts: 127.0.0.1 0cj.net
O1 - Hosts: 127.0.0.1 0-ol1oiz-xolxii1-oxli10ozl1l1-o-l-11-iizxp-l-0o-oll11iz0oil-ol.com
O1 - Hosts: 127.0.0.1 0websearch.com
O1 - Hosts: 127.0.0.1 1.marketbanker.com
O1 - Hosts: 127.0.0.1 1.primaryads.com
O1 - Hosts: 127.0.0.1 10.xxor.biz
O1 - Hosts: 127.0.0.1 1000stars.ru
O1 - Hosts: 127.0.0.1 1234.2bro.com #[Adware.Satbo]
O1 - Hosts: 127.0.0.1 123count.com
O1 - Hosts: 127.0.0.1 123go.com
O1 - Hosts: 127.0.0.1 123stat.com
O1 - Hosts: 127.0.0.1 13f15.ilxt.info
O1 - Hosts: 127.0.0.1 14713804A.l2m.net #[LiveTechnology]
O1 - Hosts: 127.0.0.1 17.sharedsource.org
O1 - Hosts: 127.0.0.1 171203.com
O1 - Hosts: 7557 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKCU..\Run: [Advanced Virus Remover] File not found
O4 - HKCU..\Run: [Esae] File not found
O4 - HKCU..\Run: [NBJ] File not found
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Shzaek] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-B PCI Adapter Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe (The Linksys Group, Inc.)
O4 - Startup: C:\Documents and Settings\mindy\Start Menu\Programs\Startup\RDP2009.lnk = C:\Program Files\Angle Interactive\RDP2009\RDP2009.exe (Angle Interactive)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} [You must be registered and logged in to see this link.] (Microsoft Office Template and Media Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} [You must be registered and logged in to see this link.] (MALPlaybackCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: gihofoyes - {3e77f0d7-57c8-46d0-8c23-333374b13dba} - File not found
O22 - SharedTaskScheduler: {3e77f0d7-57c8-46d0-8c23-333374b13dba} - gahurihor - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\mindy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mindy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0c39daf0-2394-11e0-9fff-944452a09951}\Shell - "" = AutoRun
O33 - MountPoints2\{0c39daf0-2394-11e0-9fff-944452a09951}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c39daf0-2394-11e0-9fff-944452a09951}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{0c39daf1-2394-11e0-9fff-944452a09951}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dmb1 - m3jpeg32.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.MJPG - m3jpeg32.dll File not found
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2011/01/19 10:50:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mindy\Desktop\OTL.com
[2011/01/19 10:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/19 10:27:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/19 10:27:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/19 10:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/19 10:26:33 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\mindy\Desktop\mbam-setup-1.46.exe
[2011/01/19 10:17:11 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/19 10:17:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2011/01/19 10:16:59 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\mindy\Desktop\HJTInstall.exe
[2011/01/18 22:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mindy\Application Data\U3
[2011/01/18 22:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2011/01/18 22:10:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\{113016FE-E013-4FAF-85FB-8649DEED76B2}
[2004/11/08 12:33:44 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/19 12:00:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mindy\Desktop\OTL.com
[2011/01/19 10:39:47 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/19 10:39:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/19 10:39:24 | 402,161,664 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/19 10:38:30 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/01/19 10:38:30 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/01/19 10:38:30 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-00511102}.dat
[2011/01/19 10:38:30 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000004-00511102}.dat
[2011/01/19 10:38:29 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000004-00511102}.rfx
[2011/01/19 10:38:29 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000009-00001102-00000004-00511102}.rfx
[2011/01/19 10:38:29 | 000,027,408 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000004-00511102}.rfx
[2011/01/19 10:38:29 | 000,027,408 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000004-00511102}.rfx
[2011/01/19 10:38:16 | 003,162,278 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000004-00511102}.CDF
[2011/01/19 10:27:12 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/19 10:17:11 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\mindy\Desktop\HijackThis.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/19 10:27:12 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/19 10:17:11 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\mindy\Desktop\HijackThis.lnk
[2009/09/06 10:53:25 | 000,019,526 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ykefimid.sys
[2009/09/06 10:53:25 | 000,016,178 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pyxikava.bin
[2009/09/06 10:53:25 | 000,013,159 | ---- | C] () -- C:\Program Files\Common Files\ohixyz.vbs
[2009/09/06 10:53:25 | 000,012,907 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\divyzataf.dl
[2009/09/06 10:53:25 | 000,011,923 | ---- | C] () -- C:\Documents and Settings\mindy\Local Settings\Application Data\ezyheryjo.vbs
[2009/09/06 10:53:25 | 000,011,025 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\owylapi.bin
[2009/09/06 10:53:25 | 000,010,580 | ---- | C] () -- C:\Documents and Settings\mindy\Application Data\atebi.db
[2009/09/06 10:53:24 | 000,015,179 | ---- | C] () -- C:\Program Files\Common Files\ifuh.dll
[2009/09/06 10:53:24 | 000,014,907 | ---- | C] () -- C:\Documents and Settings\mindy\Application Data\gybezatyd.db
[2007/01/27 18:21:10 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/12/02 23:10:55 | 000,001,020 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2006/12/02 22:49:09 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/20 12:38:15 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/23 23:24:53 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/09/29 11:20:35 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/21 10:56:07 | 000,000,110 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2006/08/21 10:53:09 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2006/08/21 10:53:09 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2006/04/09 02:09:28 | 000,002,259 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/03/19 22:35:29 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2005/01/28 19:34:39 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\mindy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/11/16 15:30:42 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2004/11/09 21:30:55 | 000,000,188 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/11/08 12:33:48 | 000,043,492 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2004/11/08 12:33:48 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/11/08 12:33:44 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2004/11/08 12:33:44 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/11/08 11:52:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/08 01:45:56 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/11/07 17:15:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/03/09 12:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1999/03/21 17:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/11/08 01:28:30 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 02:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2004/06/01 10:35:20 | 000,417,792 | ---- | M] () -- C:\WINDOWS\PhotoShow.scr
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/01/19 10:02:31 | 000,001,610 | -H-- | M] () -- C:\Documents and Settings\mindy\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2005/01/11 13:42:22 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/11/24 18:44:17 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\mindy\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/11/08 01:34:34 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\mindy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2009/12/09 19:02:30 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\mindy\Desktop\HJTInstall.exe
[2010/11/08 15:15:46 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\mindy\Desktop\mbam-setup-1.46.exe

< %PROGRAMFILES%\Common Files\*.* >
[2009/09/06 10:53:24 | 000,015,179 | ---- | M] () -- C:\Program Files\Common Files\ifuh.dll
[2009/09/06 10:53:25 | 000,013,159 | ---- | M] () -- C:\Program Files\Common Files\ohixyz.vbs

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2005/01/11 14:03:15 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\mindy\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/11/07 17:12:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/11/07 17:12:57 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/11/07 17:12:56 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2003/03/31 04:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2003/03/31 04:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2003/03/31 04:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2003/03/31 04:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2003/03/31 04:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2003/03/31 04:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2003/03/31 04:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2003/03/31 04:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2003/03/31 04:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2003/03/31 04:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/05/17 14:43:02 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/05/17 14:43:07 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/05/17 14:43:04 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/05/17 14:43:09 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/05/17 14:43:06 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2000/10/15 17:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS
[2004/08/03 22:07:32 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2009/04/17 01:58:57 | 001,846,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2004/08/03 23:56:41 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2004/08/03 23:56:41 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2004/08/03 23:56:41 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2004/08/03 23:56:41 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2004/08/03 23:56:41 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2004/08/03 23:56:41 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2004/08/03 23:56:41 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2006/05/03 08:10:35 | 000,040,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2erec.dll
[2004/08/03 23:56:41 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2004/08/03 23:56:41 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2004/08/03 23:56:41 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2004/08/03 23:56:41 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2004/08/03 23:56:41 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2004/08/03 23:56:41 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2004/08/03 23:56:45 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2004/08/03 23:56:46 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %SYSTEMDRIVE%\*.* >
[2009/09/05 12:59:24 | 000,000,002 | ---- | M] () -- C:\1350494964
[2005/01/11 13:42:59 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2004/11/08 01:28:59 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/01/19 10:39:24 | 402,161,664 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/22 17:44:07 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2009/08/22 17:44:07 | 000,539,993 | ---- | M] () -- C:\hpfr3425.log
[2004/11/08 01:28:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004/11/08 01:28:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/01/11 13:35:59 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2005/01/11 13:35:59 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/01/19 10:39:22 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys
[2004/12/05 20:42:00 | 004,232,230 | ---- | M] (Skype Software S.A. ) -- C:\SkypeSetup.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %PROGRAMFILES%\*. >
[2006/05/16 20:02:02 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/09/28 00:16:59 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2009/09/06 10:33:30 | 000,000,000 | ---D | M] -- C:\Program Files\Angle Interactive
[2006/11/24 18:48:10 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2007/01/27 18:24:10 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2006/12/02 23:01:37 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2011/01/18 22:11:02 | 000,000,000 | ---D | M] -- C:\Program Files\Belkin
[2011/01/19 10:38:01 | 000,000,000 | ---D | M] -- C:\Program Files\Common
[2009/09/06 10:53:25 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/11/08 01:25:12 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2004/11/08 12:33:38 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2005/12/01 19:37:51 | 000,000,000 | ---D | M] -- C:\Program Files\exPressit S.E. 2.1
[2009/01/19 12:51:01 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2004/11/09 21:37:52 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2006/12/01 12:21:34 | 000,000,000 | ---D | M] -- C:\Program Files\HOTLLAMA Media
[2007/01/27 18:24:10 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2004/11/08 01:38:21 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/08/10 08:06:02 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/03/06 16:11:14 | 000,000,000 | ---D | M] -- C:\Program Files\KODAK
[2004/11/08 12:54:30 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2004/11/08 12:37:24 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys
[2004/11/16 15:28:36 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2011/01/19 10:27:12 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2006/08/21 10:53:09 | 000,000,000 | ---D | M] -- C:\Program Files\MARS
[2008/08/19 14:20:36 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2004/11/08 11:49:21 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2004/11/08 11:49:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2004/11/08 11:51:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2005/01/11 13:41:15 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/08/10 08:11:35 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2004/11/08 01:24:58 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/11/08 01:24:45 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/08/10 08:02:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2006/12/01 10:35:41 | 000,000,000 | ---D | M] -- C:\Program Files\MTV Networks
[2006/01/16 02:25:42 | 000,000,000 | ---D | M] -- C:\Program Files\Musicmatch
[2005/01/11 13:38:05 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2004/11/08 01:27:23 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/08/17 09:05:57 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2007/01/27 18:20:50 | 000,000,000 | ---D | M] -- C:\Program Files\Panasonic
[2006/02/11 21:30:22 | 000,000,000 | ---D | M] -- C:\Program Files\Philips
[2006/11/20 13:38:42 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/10/23 08:36:53 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/08/10 08:11:19 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2005/11/08 00:40:30 | 000,000,000 | ---D | M] -- C:\Program Files\Simple Star
[2011/01/19 10:17:11 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2004/11/08 01:34:20 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/09/29 16:42:08 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2004/12/01 22:15:23 | 000,000,000 | ---D | M] -- C:\Program Files\WebSecureAlert
[2006/12/01 10:31:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2006/12/01 10:31:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2005/01/11 13:37:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/11/08 01:24:59 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/09/29 16:17:51 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2008/01/05 22:16:37 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2004/11/08 01:29:24 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2008/10/30 13:50:19 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2009/09/06 10:53:25 | 000,010,580 | ---- | M] () -- C:\Documents and Settings\mindy\Application Data\atebi.db
[2004/11/07 17:14:33 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\mindy\Application Data\desktop.ini
[2009/09/06 10:53:24 | 000,014,907 | ---- | M] () -- C:\Documents and Settings\mindy\Application Data\gybezatyd.db


< MD5 for: AGP440.SYS >
[2005/01/11 13:31:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2005/01/11 13:31:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004/08/03 22:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/03 22:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
[2001/08/17 05:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2003/03/31 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2005/01/11 13:31:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2005/01/11 13:31:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2003/03/31 04:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2003/03/31 04:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2003/03/31 04:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 21:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2003/03/31 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2005/01/11 13:31:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2005/01/11 13:31:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2004/08/03 21:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2004/08/03 21:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/03 23:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

< MD5 for: IDECHNDR.SYS >
[2002/10/15 00:00:00 | 000,101,431 | ---- | M] (Intel Corporation) MD5=7D2B8BE9E89628663C1FB571F7C34062 -- C:\Program Files\Intel\Intel Application Accelerator\Driver\IdeChnDr.sys
[2002/10/15 00:00:00 | 000,101,431 | ---- | M] (Intel Corporation) MD5=7D2B8BE9E89628663C1FB571F7C34062 -- C:\WINDOWS\system32\drivers\IdeChnDr.sys

< MD5 for: LOGEVENT.DLL >
[2004/08/03 23:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\logevent.dll

< MD5 for: NETLOGON.DLL >
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2004/08/03 23:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/03 23:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/03 23:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2003/03/31 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2005/01/11 13:31:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2005/01/11 13:31:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2004/08/03 22:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2004/08/03 22:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-09-07 13:01:09

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$hf_mig$\KB932168\KB932168] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB933729\KB933729] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB943460\KB943460] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP140.tmp\ZAP140.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29A.tmp\ZAP29A.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP37C.tmp\ZAP37C.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP398.tmp\ZAP398.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\temp\temp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\tmp\tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Config\Config] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Connection Wizard\Connection Wizard] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\chsime\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\CHTIME\Applets\Applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imejp\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imejp98\imejp98] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imjp8_1\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imkr6_1\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imkr6_1\dicts\dicts] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\shared\res\res] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\java\classes\classes] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\java\trustlib\trustlib] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\msapps\msinfo\msinfo] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\ErrorRep\QHEADLES\QHEADLES] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\ErrorRep\QSIGNOFF\QSIGNOFF] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\ErrorRep\UserDumps\UserDumps] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\Config\News\News] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Registration\CRMLog\CRMLog] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\1025\1025] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\1028\1028] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\1031\1031] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\1037\1037] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\1041\1041] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\1042\1042] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\1054\1054] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\2052\2052] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\3076\3076] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\3com_dmi\3com_dmi] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\appmgmt\S-1-5-21-1645522239-1935655697-1343024091-1003\S-1-5-21-1645522239-1935655697-1343024091-1003] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Application Data] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\Recent\Recent] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\dhcp\dhcp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\drivers\disdn\disdn] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\export\export] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\LogFiles\WUDF\WUDF] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\mui\dispspec\dispspec] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\oobe\html\oemcust\oemcust] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\oobe\html\oemhw\oemhw] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\oobe\html\oemreg\oemreg] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\oobe\sample\sample] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\ShellExt\ShellExt] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\spool\PRINTERS\PRINTERS] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\wbem\mof\bad\bad] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\wbem\snmp\snmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\wins\wins] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\xircom\xircom] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\WinSxS\InstallTemp\InstallTemp] -> \Device\__max++>\^ -> Mount Point

< End of report >


becca21669

Rookie Surfer
Rookie Surfer

Posts : 131
Joined : 2009-12-10
Operating System : Win 8.1 Enterprise 64-bit

View user profile

Back to top Go down


Re: Infected and can't get on Internet

Post by Crush on Mon 24 Jan 2011, 11:37 am

Hi,

Please read carefully and let me know if you have any questions.

We need to backup your registry:
Please go to Start > Run
Paste in the following line:
    regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass. *Note: You will find "registrybackup.reg" in your C: drive.

Next

Please Download
beep.sys Save it to your desktop.

  • extract beep.sys to your Desktop
      Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
      you can get a free one from here - [You must be registered and logged in to see this link.]



  • Right click on the beep.sys file and select Copy. Now it's on the clipboard. Ready to be paste.
  • Click on the main hard drive, which is normally designated as the "(C:)" drive.
  • Click Show hidden files and folders. Click on the "Windows" system folder.
  • Scroll down to the "System32" folder, and click on it to open it.
  • Right click on a empty space and select Paste. This will copy the beep.sys file into the System32 folder. Exit out.


To make sure the beep.sys is working. Click on Start, then Run and typing cmd.exe in the text box and click OK. In the Command Prompt window, type echo, then hold down the Ctrl key and type G, then release Ctrl and press Enter. Listen for a beep sound. Let me know?

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by Ayden08 on Tue 25 Jan 2011, 6:14 am

Says:
'echo' is not recognized as an internal or external command, operable program or batch file.

Ayden08

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2011-01-24
Operating System : XP

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by becca21669 on Tue 25 Jan 2011, 6:19 am

Sorry that last post was made from my friends acct. Her computer isnt working either and my laptop is the only one that can get on the internet lol.

but sorry bout that, I thought I was logged into my acct.

becca21669

Rookie Surfer
Rookie Surfer

Posts : 131
Joined : 2009-12-10
Operating System : Win 8.1 Enterprise 64-bit

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by Crush on Tue 25 Jan 2011, 8:16 am

Did it beep? I get the same message but the beep is what is important

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by becca21669 on Tue 25 Jan 2011, 8:35 am

I dont have any speakers hooked up to it if that matters but no, no beep.

becca21669

Rookie Surfer
Rookie Surfer

Posts : 131
Joined : 2009-12-10
Operating System : Win 8.1 Enterprise 64-bit

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by Crush on Tue 25 Jan 2011, 10:32 am

Alright. I'll get back to you

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by Crush on Tue 25 Jan 2011, 1:31 pm

Hi

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
[list]
[*]Double-click SystemLook.exe to run it.
[*]Copy the content of the following codebox into the main textfield:
Code:

:filefind
beep.sys

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by becca21669 on Wed 26 Jan 2011, 5:13 am

SystemLook 04.09.10 by jpshortstuff
Log created at 09:09 on 25/01/2011 by mindy
Administrator - Elevation successful

========== filefind ==========

Searching for "beep.sys"
C:\Documents and Settings\mindy\Desktop\beep.sys --a--c- 4224 bytes [18:08 24/01/2011] [14:00 14/04/2008] DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\beep.sys --a--c- 4224 bytes [18:08 24/01/2011] [14:00 14/04/2008] DA1F27D85E0D1525F6621372E7B685E9

-= EOF =-

becca21669

Rookie Surfer
Rookie Surfer

Posts : 131
Joined : 2009-12-10
Operating System : Win 8.1 Enterprise 64-bit

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by Crush on Wed 26 Jan 2011, 6:22 pm

Thanks for that log. I'm currently consulting with my colleagues. I'll be back to you asap

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by becca21669 on Thu 27 Jan 2011, 4:50 am

Alright, no prob. Thanks.

becca21669

Rookie Surfer
Rookie Surfer

Posts : 131
Joined : 2009-12-10
Operating System : Win 8.1 Enterprise 64-bit

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by Crush on Sat 29 Jan 2011, 6:11 am

Hi becca,

Sorry for the delay

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\program files\Common Files\ohixyz.vbs
    c:\program files\Common Files\ifuh.dll

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Shzaek"=-

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by becca21669 on Sat 29 Jan 2011, 9:26 am

ComboFix 11-01-28.01 - mindy 01/28/2011 13:02:48.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.383.117 [GMT -8:00]
Running from: c:\documents and settings\mindy\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\mindy\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {806ED0B3-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {806ED0B3-FFA4-00FC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {806ED0B3-FFA4-00DA-0D24-347CA8A3377C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\program files\Common Files\ifuh.dll"
"c:\program files\Common Files\ohixyz.vbs"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\ifuh.dll
c:\program files\Common Files\ohixyz.vbs

.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-28 )))))))))))))))))))))))))))))))
.

2011-01-24 18:08 . 2008-04-14 14:00 4224 -c--a-w- c:\windows\system32\beep.sys
2011-01-24 18:05 . 2011-01-24 18:05 85613654 -c--a-w- C:\registrybackup.reg
2011-01-22 14:19 . 2004-08-04 07:56 55808 -c--a-w- c:\windows\system32\eventlog.dll
2011-01-22 14:19 . 2004-08-04 07:56 55808 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2011-01-19 21:20 . 2011-01-19 21:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Sunbelt
2011-01-19 19:09 . 2011-01-19 19:09 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-01-19 19:08 . 2011-01-20 02:15 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-01-19 19:08 . 2011-01-19 19:08 -------- dc----w- c:\program files\Alwil Software
2011-01-19 18:27 . 2010-04-29 23:39 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-19 18:27 . 2011-01-19 18:27 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-19 18:27 . 2010-04-29 23:39 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-01-19 18:17 . 2011-01-19 18:17 -------- dc----w- c:\program files\Trend Micro
2011-01-19 06:19 . 2011-01-19 07:14 -------- dc----w- c:\documents and settings\mindy\Application Data\U3
2011-01-19 06:11 . 2011-01-19 06:11 -------- dc----w- c:\program files\Belkin
2011-01-19 06:10 . 2011-01-19 06:10 -------- dc----w- c:\windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[7] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\beep.sys

c:\windows\System32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-22 163840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-23 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-26 282624]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

c:\documents and settings\mindy\Start Menu\Programs\Startup\
RDP2009.lnk - c:\program files\Angle Interactive\RDP2009\RDP2009.exe [2009-6-29 1193408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-8 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-1-27 57344]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
Wireless-B PCI Adapter Utility.lnk - c:\program files\Linksys\WMP11 Config Utility\WMP11Cfg.exe [2004-11-8 4638720]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\My Downloads\\WoW-BurningCrusade-enUS-Installer-downloader.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/19/2011 11:09 AM 136176]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [1/6/2010 5:21 PM 594048]
.
Contents of the 'Scheduled Tasks' folder

2004-12-17 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2003-03-31 07:56]

2007-03-04 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8100065084.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 08:52]

2011-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-19 19:09]

2011-01-28 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-01-28 13:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-01-28 13:13:21
ComboFix-quarantined-files.txt 2011-01-28 21:13
ComboFix2.txt 2011-01-23 00:48
ComboFix3.txt 2011-01-22 14:22
ComboFix4.txt 2011-01-21 17:24
ComboFix5.txt 2011-01-28 20:49

Pre-Run: 13,933,899,776 bytes free
Post-Run: 13,931,413,504 bytes free

- - End Of File - - 014A7810316DF2E6A7E573AB6FB7A719

becca21669

Rookie Surfer
Rookie Surfer

Posts : 131
Joined : 2009-12-10
Operating System : Win 8.1 Enterprise 64-bit

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by Crush on Sat 29 Jan 2011, 11:26 am

Aha! Now I see the problem. beep.sys is in System32. It needs to be one more level down in:

c:\windows\System32\drivers\

can you copy it there please?

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by becca21669 on Thu 10 Feb 2011, 6:11 am

Alright I copied it there.

becca21669

Rookie Surfer
Rookie Surfer

Posts : 131
Joined : 2009-12-10
Operating System : Win 8.1 Enterprise 64-bit

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by Crush on Thu 10 Feb 2011, 7:38 am

Run ComboFix once more now please

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by becca21669 on Thu 10 Feb 2011, 10:53 am

ComboFix 11-02-09.02 - mindy 02/09/2011 13:13:54.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.383.17 [GMT -8:00]
Running from: c:\documents and settings\mindy\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {806ED0B3-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {806ED0B3-FFA4-00FC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {806ED0B3-FFA4-00DA-0D24-347CA8A3377C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2011-01-09 to 2011-02-09 )))))))))))))))))))))))))))))))
.

2011-01-24 18:08 . 2008-04-14 14:00 4224 -c--a-w- c:\windows\system32\drivers\beep.sys
2011-01-24 18:08 . 2008-04-14 14:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2011-01-24 18:05 . 2011-01-24 18:05 85613654 -c--a-w- C:\registrybackup.reg
2011-01-22 14:19 . 2004-08-04 07:56 55808 -c--a-w- c:\windows\system32\eventlog.dll
2011-01-22 14:19 . 2004-08-04 07:56 55808 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2011-01-19 21:20 . 2011-01-19 21:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Sunbelt
2011-01-19 19:09 . 2011-01-19 19:09 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-01-19 19:08 . 2011-01-20 02:15 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-01-19 19:08 . 2011-01-19 19:08 -------- dc----w- c:\program files\Alwil Software
2011-01-19 18:27 . 2010-04-29 23:39 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-19 18:27 . 2011-01-19 18:27 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-19 18:27 . 2010-04-29 23:39 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-01-19 18:17 . 2011-01-19 18:17 -------- dc----w- c:\program files\Trend Micro
2011-01-19 06:19 . 2011-01-19 07:14 -------- dc----w- c:\documents and settings\mindy\Application Data\U3
2011-01-19 06:11 . 2011-01-19 06:11 -------- dc----w- c:\program files\Belkin
2011-01-19 06:10 . 2011-01-19 06:10 -------- dc----w- c:\windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-22 163840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-23 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-26 282624]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

c:\documents and settings\mindy\Start Menu\Programs\Startup\
RDP2009.lnk - c:\program files\Angle Interactive\RDP2009\RDP2009.exe [2009-6-29 1193408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-8 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-1-27 57344]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
Wireless-B PCI Adapter Utility.lnk - c:\program files\Linksys\WMP11 Config Utility\WMP11Cfg.exe [2004-11-8 4638720]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\My Downloads\\WoW-BurningCrusade-enUS-Installer-downloader.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/19/2011 11:09 AM 136176]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [1/6/2010 5:21 PM 594048]
.
Contents of the 'Scheduled Tasks' folder

2004-12-17 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2003-03-31 07:56]

2007-03-04 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8100065084.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 08:52]

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-19 19:09]

2011-02-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-02-09 13:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1556)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-09 13:24:38
ComboFix-quarantined-files.txt 2011-02-09 21:24
ComboFix2.txt 2011-01-28 21:13
ComboFix3.txt 2011-01-23 00:48
ComboFix4.txt 2011-01-22 14:22
ComboFix5.txt 2011-02-09 21:10

Pre-Run: 13,901,283,328 bytes free
Post-Run: 13,896,970,240 bytes free

- - End Of File - - 162363D7580191163945BFB162765772

becca21669

Rookie Surfer
Rookie Surfer

Posts : 131
Joined : 2009-12-10
Operating System : Win 8.1 Enterprise 64-bit

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by Crush on Thu 10 Feb 2011, 12:08 pm

Awesome. Beep.sys is back in its proper location. How is the machine running?

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by becca21669 on Tue 15 Feb 2011, 11:01 am

It's running the same...cant seem to get on the internet and it's slow

becca21669

Rookie Surfer
Rookie Surfer

Posts : 131
Joined : 2009-12-10
Operating System : Win 8.1 Enterprise 64-bit

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by Crush on Tue 15 Feb 2011, 2:00 pm

Slowness can be attributed to the lack of RAM in this machine. You barely have 512 MB.

Are you connecting wired or wireless? Have you been able to get on the internet and are just disconnected?

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: Infected and can't get on Internet

Post by Sponsored content Today at 9:47 pm


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum