# Computer is playing random ads



## janonjalay (Apr 17, 2011)

I have been fighting to remove a virus or sometype of malware from my computer for about a week or so now. I have ran several different anti virus scan and thought I had removed everything however, when I go back to use my laptop it plays random ads and audio clips. Nothing else is open on my computer and no other programs that I am aware of are running in the background. I am also getting multiple script errors and redirecting to different websites that seem to try and download more malware when online. None of the other programs that i have run such as malewarebytes and hitmanpro are picking up in malicious files and I am really at a loss of what to do. I have google aroung and the only answer I could find was to re install the os but I would lose everything. Is there some other option? Here are the logs requested

HijackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:21:53 PM, on 4/16/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2600 Series\ezprint.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1282894705203
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 4709 bytes

dds
.
DDS (Ver_11-03-05.01) - NTFSx86 
Run by Andrea Lamb at 21:55:30.14 on Sat 04/16/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.278 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Lexmark 2600 Series\ezprint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Andrea Lamb\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2600 series\ezprint.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282894705203
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\andrea~1\applic~1\mozilla\firefox\profiles\1rladtfc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2011-4-16 18816]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2010-8-25 87936]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2010-8-28 98984]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-3-26 16968]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-4-13 38224]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\6.tmp --> c:\windows\system32\6.tmp [?]
.
=============== Created Last 30 ================
.
2011-04-17 02:55:09 388096 ----a-r- c:\docume~1\andrea~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-17 02:55:08 -------- d-----w- c:\program files\Trend Micro
2011-04-17 01:25:10 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-04-17 00:41:03 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-04-16 23:55:07 6144 ------w- c:\windows\system32\11.tmp
2011-04-16 21:15:38 6144 ------w- c:\windows\system32\5.tmp
2011-04-16 21:15:04 6144 ------w- c:\windows\system32\4.tmp
2011-04-16 21:14:25 6144 ------w- c:\windows\system32\3.tmp
2011-04-14 03:40:41 -------- d-----w- c:\docume~1\andrea~1\applic~1\Malwarebytes
2011-04-14 03:39:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-14 03:39:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-14 03:39:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-13 13:16:00 -------- d-----w- c:\program files\Sophos
2011-03-27 04:41:34 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-27 04:39:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-03-27 00:58:14 -------- d--h--w- c:\windows\system32\GroupPolicy
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 21:56:25.37 ===============

ark.txt/gmer
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-17 18:50:32
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHT2030AT rev.009B
Running: juroepdq.exe; Driver: C:\DOCUME~1\ANDREA~1\LOCALS~1\Temp\kglyypob.sys

---- Kernel code sections - GMER 1.0.15 ----
INITc VolSnap.sys F8560BD0 4 Bytes [36, 9A, 4D, 80]
INITc VolSnap.sys F8560BF8 4 Bytes [94, 87, 4E, 80] {XCHG ESP, EAX; XCHG [ESI-0x80], ECX}
INITc VolSnap.sys F8560C20 4 Bytes [A0, C1, 4D, 80]
INITc VolSnap.sys F8560C48 4 Bytes [B0, C8, 4D, 80]
INITc VolSnap.sys F8560C70 4 Bytes [09, BF, 4D, 80]
INITc ... 
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[2024] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00BC164F 
.text C:\WINDOWS\Explorer.EXE[2024] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00BC1817 
---- Threads - GMER 1.0.15 ----
Thread System [4:112] 82283E84
Thread System [4:116] 82286084
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016414c5ef5 
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016414c5ef5 (not active ControlSet) 
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Andrea Lamb\Local Settings\Temporary Internet Files\Content.IE5\TCMDW0TN\l7b4796b26460[1].rss 9236 bytes
---- EOF - GMER 1.0.15 ----


----------



## janonjalay (Apr 17, 2011)

bump


----------



## eddie5659 (Mar 19, 2001)

Hiya and welcome to Tech Support Guy 

Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

Please download Malwarebytes' Anti-Malware from *Here* or *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen.
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*.
On the left, make sure you check *C:\Fixed Drive*.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click "*Next*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._
_Please copy and paste the Scan Log results in your next reply._

Click *Close* to exit the program.

Please include the *MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log *in your next reply

eddie


----------



## janonjalay (Apr 17, 2011)

here are the requested logs I wasn't sure if you wanted these scans done in safe mode or not so I just ran the computer like normal since no specification hope that is not a problem.

Malewarbytes:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6460
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4/27/2011 9:46:59 PM
mbam-log-2011-04-27 (21-46-59).txt
Scan type: Quick scan
Objects scanned: 157958
Time elapsed: 1 hour(s), 32 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\andrea lamb\local settings\application data\ijn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

superantispyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/28/2011 at 09:19 AM
Application Version : 4.51.1000
Core Rules Database Version : 6943
Trace Rules Database Version: 4755
Scan type : Complete Scan
Total Scan Time : 01:31:43
Memory items scanned : 407
Memory threats detected : 0
Registry items scanned : 4917
Registry threats detected : 1
File items scanned : 34294
File threats detected : 104
System.BrokenFileAssociation
HKCR\.exe
Adware.Tracking Cookie
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][5].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][4].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][3].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
convoad.technoratimedia.net [ C:\Documents and Settings\Andrea Lamb\Application Data\Macromedia\Flash Player\#SharedObjects\25ESRYEM ]
media.mtvnservices.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Macromedia\Flash Player\#SharedObjects\25ESRYEM ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Macromedia\Flash Player\#SharedObjects\25ESRYEM ]
.adxpose.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.edgeadx.net [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.richmedia.yahoo.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.specificmedia.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.lucidmedia.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.eyewonder.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
dc.tremormedia.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.media.adfrontiers.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.media.adfrontiers.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.mediabrandsww.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.adecn.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\cookies.sqlite ]
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][3].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected]s[2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][3].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][3].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][4].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][2].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][3].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Andrea Lamb\Cookies\[email protected][1].txt
C:\Documents and Settings\Leon Davis\Cookies\[email protected][1].txt
C:\Documents and Settings\Leon Davis\Cookies\[email protected][2].txt
C:\Documents and Settings\Leon Davis\Cookies\[email protected][2].txt
C:\Documents and Settings\Leon Davis\Cookies\[email protected][3].txt
C:\Documents and Settings\Leon Davis\Cookies\[email protected][1].txt
C:\Documents and Settings\Leon Davis\Cookies\[email protected][2].txt
C:\Documents and Settings\Leon Davis\Cookies\[email protected][1].txt
C:\Documents and Settings\Leon Davis\Cookies\[email protected][1].txt
C:\Documents and Settings\Leon Davis\Cookies\[email protected][1].txt
C:\Documents and Settings\Leon Davis\Cookies\[email protected][1].txt

hijackthis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:17:05 AM, on 4/28/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Lexmark 2600 Series\ezprint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2600 Series\ezprint.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1282894705203
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 5693 bytes


----------



## eddie5659 (Mar 19, 2001)

Normal mode is fine 

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## janonjalay (Apr 17, 2011)

Combo fix log:
ComboFix 11-04-29.04 - Andrea Lamb 04/30/2011 14:25:51.1.1 - x86
Running from: c:\documents and settings\Andrea Lamb\Desktop\andrea123.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected 
Restored copy from - Kitty had a snack  
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-30 )))))))))))))))))))))))))))))))
.
.
2011-04-28 03:02 . 2011-04-28 03:02 -------- d-----w- c:\documents and settings\Andrea Lamb\Application Data\SUPERAntiSpyware.com
2011-04-28 03:02 . 2011-04-28 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-28 03:01 . 2011-04-28 03:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-20 01:41 . 2011-04-20 01:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-04-17 02:55 . 2011-04-17 02:55 388096 ----a-r- c:\documents and settings\Andrea Lamb\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-17 02:55 . 2011-04-17 02:55 -------- d-----w- c:\program files\Trend Micro
2011-04-17 01:25 . 2010-05-26 15:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-04-17 00:41 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-04-16 20:10 . 2011-04-16 20:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-04-16 00:45 . 2011-04-16 00:45 -------- d-----w- c:\documents and settings\Leon Davis\Application Data\Malwarebytes
2011-04-14 03:40 . 2011-04-14 03:40 -------- d-----w- c:\documents and settings\Andrea Lamb\Application Data\Malwarebytes
2011-04-14 03:39 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-14 03:39 . 2011-04-14 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-14 03:39 . 2011-04-14 03:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-13 13:16 . 2011-04-13 13:16 -------- d-----w- c:\program files\Sophos
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-20 01:53 . 2011-03-27 04:41 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-02-09 13:53 . 2010-08-26 04:34 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2010-08-26 04:33 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2010-08-26 04:33 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-20 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"EzPrint"="c:\program files\Lexmark 2600 Series\ezprint.exe" [2008-03-27 107176]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-11 344064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [4/16/2011 8:25 PM 18816]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [8/25/2010 11:36 PM 87936]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [8/28/2010 1:13 PM 98984]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [3/26/2011 11:41 PM 16968]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\6.tmp --> c:\windows\system32\6.tmp [?]
.
.
------- Supplementary Scan -------
.
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
FF - ProfilePath - c:\documents and settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-30 14:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\6.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(864)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2011-04-30 14:34:29
ComboFix-quarantined-files.txt 2011-04-30 19:34
.
Pre-Run: 16,699,887,616 bytes free
Post-Run: 16,664,641,536 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FA5FF48B796F3F3D8E11207691110DB5


----------



## eddie5659 (Mar 19, 2001)

Download *OTL* to your Desktop 

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic 


eddie


----------



## janonjalay (Apr 17, 2011)

otl.txt as follows:

OTL logfile created on: 5/3/2011 8:25:32 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Andrea Lamb\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 231.00 Mb Available Physical Memory | 45.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.03 Gb Total Space | 15.52 Gb Free Space | 64.58% Space Free | Partition Type: NTFS
Drive D: | 492.37 Mb Total Space | 393.89 Mb Free Space | 80.00% Space Free | Partition Type: FAT32

Computer Name: LAMBS-KORNER | User Name: Andrea Lamb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/03 20:16:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
PRC - [2011/04/20 10:57:04 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/07/05 08:15:56 | 000,755,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\dce73325c50b43822620b32408bb3b50\update\update.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/27 10:13:23 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2600 Series\ezprint.exe
PRC - [2008/03/27 10:13:18 | 000,660,136 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
PRC - [2008/02/27 18:07:26 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdncoms.exe
PRC - [2002/12/17 15:28:00 | 000,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

========== Modules (SafeList) ==========

MOD - [2011/05/03 20:16:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2008/02/27 18:07:26 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2008/02/27 18:07:14 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)

========== Driver Services (SafeList) ==========

DRV - [2011/04/19 20:53:05 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/03/04 20:10:50 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2009/03/04 20:10:50 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2009/03/04 20:10:50 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2009/03/04 20:10:50 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2007/06/06 13:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/03/16 20:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/10/29 10:16:56 | 000,087,936 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2006/10/29 10:12:16 | 003,298,432 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/05/03 17:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 17:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 17:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 10:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/01/11 15:18:22 | 000,800,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/12/17 15:32:58 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2002/12/17 15:32:46 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2002/12/17 15:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/29 01:42:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/04 21:59:46 | 000,000,000 | ---D | M]

[2010/08/29 01:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Extensions
[2010/08/29 01:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\extensions
[2010/12/12 13:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/04 21:59:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/09/04 21:59:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/04 21:59:23 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/30 14:30:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1282894705203 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/04 19:33:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/03 20:26:14 | 000,000,000 | ---D | C] -- C:\81e5deaae2f83a2663a5
[2011/05/03 20:24:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
[2011/05/03 20:22:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/04/30 14:24:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/30 14:14:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/30 14:14:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/30 14:14:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/30 14:14:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/30 14:10:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/30 14:08:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/27 22:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea Lamb\Application Data\SUPERAntiSpyware.com
[2011/04/27 22:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/27 22:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/27 22:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/27 22:00:10 | 010,994,344 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Andrea Lamb\Desktop\SUPERAntiSpyware.exe
[2011/04/27 19:55:53 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\TFC.exe
[2011/04/19 20:41:35 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/04/16 21:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/16 21:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea Lamb\Start Menu\Programs\HiJackThis
[2011/04/16 20:25:10 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2011/04/16 19:41:03 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/04/13 22:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea Lamb\Application Data\Malwarebytes
[2011/04/13 22:39:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/13 22:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/13 22:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/13 22:37:51 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andrea Lamb\Desktop\mbam-setup.exe
[2011/04/13 08:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2011/04/13 08:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/04/13 07:15:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrea Lamb\Start Menu\Programs\Administrative Tools
[2011/04/12 22:01:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrea Lamb\Recent
[2010/08/28 13:12:00 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll
[2010/08/28 13:12:00 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll
[2010/08/28 13:12:00 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
[2010/08/28 13:11:59 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
[2010/08/28 13:11:59 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
[2010/08/28 13:11:59 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
[2010/08/28 13:11:59 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll
[2010/08/28 13:11:58 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
[2010/08/28 13:11:58 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
[2010/08/28 13:11:58 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnih.exe
[2010/08/28 13:11:57 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoms.exe
[2010/08/28 13:11:57 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
[2010/08/28 13:11:56 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
[2010/08/28 13:11:56 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncfg.exe

========== Files - Modified Within 30 Days ==========

[2011/05/03 20:20:17 | 000,012,688 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/03 20:18:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/03 20:16:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
[2011/04/30 14:30:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/30 14:24:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/30 14:11:25 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011/04/30 14:01:09 | 004,333,869 | R--- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\andrea123.exe
[2011/04/28 10:14:58 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\HiJackThis.lnk
[2011/04/27 22:01:58 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/27 22:00:09 | 010,994,344 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Andrea Lamb\Desktop\SUPERAntiSpyware.exe
[2011/04/27 19:55:58 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\TFC.exe
[2011/04/20 00:04:04 | 000,013,566 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6vn137o21jcqg4041
[2011/04/20 00:04:03 | 000,013,566 | -HS- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\6vn137o21jcqg4041
[2011/04/19 23:10:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/19 21:14:33 | 000,013,302 | -HS- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\74naa86484b4h4547ab5g2x7g1n374va28l
[2011/04/19 21:14:33 | 000,013,302 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\74naa86484b4h4547ab5g2x7g1n374va28l
[2011/04/19 20:53:05 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/19 20:41:35 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/04/19 20:35:06 | 000,014,974 | -HS- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\b684au650dp60j3dm0h778613303jr1au0v087g42ip5
[2011/04/19 20:35:06 | 000,014,974 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\b684au650dp60j3dm0h778613303jr1au0v087g42ip5
[2011/04/17 14:03:33 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\juroepdq.exe
[2011/04/17 13:57:48 | 000,003,325 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\Attach.zip
[2011/04/16 19:32:08 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\housecall.guid.cache
[2011/04/16 19:26:08 | 000,007,052 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/04/16 18:41:14 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\dds.com
[2011/04/16 18:40:15 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\HijackThis.msi
[2011/04/16 18:21:47 | 000,001,504 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/04/16 18:19:40 | 000,014,008 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\y26fl6u3dlvqhk4y3xi2gf658qow21ch7426l1f62q7
[2011/04/16 18:19:39 | 000,014,008 | -HS- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\y26fl6u3dlvqhk4y3xi2gf658qow21ch7426l1f62q7
[2011/04/14 16:28:22 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\Shortcut to Application Data.lnk
[2011/04/13 22:39:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 22:37:51 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andrea Lamb\Desktop\mbam-setup.exe
[2011/04/13 08:13:38 | 001,376,832 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\sar_15_sfx.exe
[2011/04/11 00:18:36 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18407220r
[2011/04/11 00:18:36 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18407220
[2011/04/11 00:18:27 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18407220
[2011/04/10 14:40:04 | 000,029,719 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\My Documents\Miami_sondi_drea.JPG
[2011/04/05 16:54:05 | 000,000,991 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\leonnn.csv
[2011/04/05 15:00:05 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/04/30 14:24:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/30 14:24:22 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/30 14:14:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/30 14:14:48 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/30 14:14:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/30 14:14:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/30 14:14:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/30 14:01:09 | 004,333,869 | R--- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\andrea123.exe
[2011/04/27 22:01:58 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/20 00:01:47 | 000,013,566 | -HS- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\6vn137o21jcqg4041
[2011/04/20 00:01:47 | 000,013,566 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6vn137o21jcqg4041
[2011/04/19 21:12:37 | 000,013,302 | -HS- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\74naa86484b4h4547ab5g2x7g1n374va28l
[2011/04/19 21:12:37 | 000,013,302 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\74naa86484b4h4547ab5g2x7g1n374va28l
[2011/04/19 14:25:40 | 000,014,974 | -HS- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\b684au650dp60j3dm0h778613303jr1au0v087g42ip5
[2011/04/19 14:25:40 | 000,014,974 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\b684au650dp60j3dm0h778613303jr1au0v087g42ip5
[2011/04/17 14:03:28 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\juroepdq.exe
[2011/04/17 13:57:48 | 000,003,325 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\Attach.zip
[2011/04/16 21:55:08 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\HiJackThis.lnk
[2011/04/16 19:32:08 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\housecall.guid.cache
[2011/04/16 19:19:19 | 000,007,052 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/04/16 18:41:06 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\dds.com
[2011/04/16 18:40:15 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\HijackThis.msi
[2011/04/16 18:21:47 | 000,001,504 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/04/16 18:12:47 | 000,014,008 | -HS- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\y26fl6u3dlvqhk4y3xi2gf658qow21ch7426l1f62q7
[2011/04/16 18:12:47 | 000,014,008 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\y26fl6u3dlvqhk4y3xi2gf658qow21ch7426l1f62q7
[2011/04/14 16:28:22 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\Shortcut to Application Data.lnk
[2011/04/13 22:39:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 08:13:38 | 001,376,832 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\sar_15_sfx.exe
[2011/04/11 00:18:36 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18407220r
[2011/04/11 00:18:35 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18407220
[2011/04/11 00:18:27 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18407220
[2011/04/10 14:40:03 | 000,029,719 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\My Documents\Miami_sondi_drea.JPG
[2011/04/05 16:54:02 | 000,000,991 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\leonnn.csv
[2011/03/26 23:41:34 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/19 21:38:21 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/29 19:35:35 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/29 19:35:35 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/29 04:44:39 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/29 01:42:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/28 13:13:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
[2010/08/28 13:13:08 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdncoin.dll
[2010/08/28 13:12:36 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
[2010/08/28 13:12:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
[2010/08/28 13:12:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
[2010/08/28 13:12:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdnrwrd.ini
[2010/08/28 13:12:00 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll
[2010/08/28 13:11:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
[2010/08/27 02:34:49 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/08/27 02:34:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/08/27 02:34:46 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/08/26 01:10:29 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2010/08/25 23:34:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2010/08/25 23:34:10 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/08/25 23:34:08 | 000,432,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/25 23:34:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010/08/25 23:34:08 | 000,067,714 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/25 23:34:08 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010/08/25 23:34:07 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010/08/25 23:34:07 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2010/08/25 23:34:04 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010/08/25 23:34:01 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2010/08/25 23:33:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010/08/25 23:33:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2010/08/25 23:33:37 | 000,110,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/25 23:33:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/25 23:33:33 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010/08/25 23:33:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2010/08/25 23:29:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/25 23:29:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/25 23:29:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

========== LOP Check ==========

[2011/03/26 23:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/02/19 21:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/09/01 18:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrea Lamb\Application Data\OpenOffice.org
[2011/02/19 21:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrea Lamb\Application Data\Research In Motion

========== Purity Check ==========

< End of report >


----------



## janonjalay (Apr 17, 2011)

extras.txt as follows:

OTL Extras logfile created on: 5/3/2011 8:25:32 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Andrea Lamb\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 231.00 Mb Available Physical Memory | 45.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.03 Gb Total Space | 15.52 Gb Free Space | 64.58% Space Free | Partition Type: NTFS
Drive D: | 492.37 Mb Total Space | 393.89 Mb Free Space | 80.00% Space Free | Partition Type: FAT32

Computer Name: LAMBS-KORNER | User Name: Andrea Lamb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\lxdncoms.exe" = C:\WINDOWS\system32\lxdncoms.exe:*:Enabled:2600 Series Server -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe:*:Enabledrinter Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\Program Files\Lexmark 2600 Series\lxdnmon.exe" = C:\Program Files\Lexmark 2600 Series\lxdnmon.exe:*:Enabledrinter Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe" = C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe:*:Enabled: -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ie8" = Windows Internet Explorer 8
"kSolo" = kSolo Recorder
"Lexmark 2600 Series" = Lexmark 2600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinGimp-2.0_is1" = GIMP 2.6.4
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/9/2011 8:19:16 AM | Computer Name = LAMBS-KORNER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/13/2011 1:43:23 PM | Computer Name = LAMBS-KORNER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18999, fault address 0x001b95b9.

Error - 1/20/2011 11:49:52 PM | Computer Name = LAMBS-KORNER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/21/2011 6:52:24 PM | Computer Name = LAMBS-KORNER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/22/2011 6:56:46 PM | Computer Name = LAMBS-KORNER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/6/2011 3:40:41 AM | Computer Name = LAMBS-KORNER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/19/2011 5:53:15 AM | Computer Name = LAMBS-KORNER | Source = MsiInstaller | ID = 11305
Description = Product: BlackBerry Desktop Software 6.0.1 -- Error 1305.Error reading
from file C:\DOCUME~1\ANDREA~1\LOCALS~1\Temp\WZSE0.TMP\BlackBerry Desktop Software.msi.
Verify that the file exists and that you can access it.

Error - 2/19/2011 5:53:16 AM | Computer Name = LAMBS-KORNER | Source = MsiInstaller | ID = 11305
Description = Product: BlackBerry Desktop Software 6.0.1 -- Error 1305.Error reading
from file C:\DOCUME~1\ANDREA~1\LOCALS~1\Temp\WZSE0.TMP\BlackBerry Desktop Software.msi.
Verify that the file exists and that you can access it.

Error - 2/19/2011 5:53:18 AM | Computer Name = LAMBS-KORNER | Source = MsiInstaller | ID = 11305
Description = Product: BlackBerry Desktop Software 6.0.1 -- Error 1305.Error reading
from file C:\DOCUME~1\ANDREA~1\LOCALS~1\Temp\WZSE0.TMP\BlackBerry Desktop Software.msi.
Verify that the file exists and that you can access it.

Error - 2/20/2011 1:37:29 PM | Computer Name = LAMBS-KORNER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/30/2011 3:13:39 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService
service to connect.

Error - 4/30/2011 3:13:39 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7000
Description = The lxdnCATSCustConnectService service failed to start due to the 
following error: %%1053

Error - 4/30/2011 3:13:39 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 4/30/2011 3:14:33 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 4/30/2011 3:16:04 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
3 time(s).

Error - 4/30/2011 3:25:36 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/30/2011 3:25:36 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7034
Description = The Smart Card service terminated unexpectedly. It has done this 
1 time(s).

Error - 5/3/2011 9:20:12 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService
service to connect.

Error - 5/3/2011 9:20:12 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7000
Description = The lxdnCATSCustConnectService service failed to start due to the 
following error: %%1053

Error - 5/3/2011 9:20:12 PM | Computer Name = LAMBS-KORNER | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s).

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Okay, can you update MBAm and run another scan, this time selecting *Full Scan*, and post the log like you did before.

Also, can you run a scan here as well:

Please run a free online scan with the *ESET Online Scanner* 
*Note*_: You will need to use Internet Explorer for this scan_
Click *Eset Online Scanner* button.
Tick the box next to *YES, I accept the Terms of Use* 
If it wants to install an Addon, allow it.
If asked, allow the ActiveX control to install 
Click *Start* 
Make sure that the options *Remove found threats* and the option *Scan unwanted applications* is checked 
Click *Scan* (This scan can take several hours, so please be patient) 
Once the scan is completed, you may close the window 
Use *Notepad* to open the logfile located at C:\Program Files\EsetOnlineScanner\*log.txt* 
Copy and paste that log as a reply to this topic 

eddie


----------



## janonjalay (Apr 17, 2011)

Sorry for the delay, my internet service was down for a while. Here are the requested logs:

Malwarebytes
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6528
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/8/2011 1:12:07 PM
mbam-log-2011-05-08 (13-12-06).txt
Scan type: Full scan (C:\|)
Objects scanned: 189113
Time elapsed: 3 hour(s), 51 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

Eset Online Scanner
[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=a7d0dbe015dcae458bce1d580b1f2cb1
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-08 07:17:16
# local_time=2011-05-08 02:17:16 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 949080 949080 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=34916
# found=0
# cleaned=0
# scan_time=2649


----------



## eddie5659 (Mar 19, 2001)

That's okay, I'm always around, so anytime is fine 

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[2011/04/20 00:04:04 | 000,013,566 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6vn137o21jcqg4041
[2011/04/20 00:04:03 | 000,013,566 | -HS- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\6vn137o21jcqg4041
[2011/04/19 21:14:33 | 000,013,302 | -HS- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\74naa86484b4h4547ab5g2x7g1n374va28l
[2011/04/19 21:14:33 | 000,013,302 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\74naa86484b4h4547ab5g2x7g1n374va28l
[2011/04/19 20:35:06 | 000,014,974 | -HS- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\b684au650dp60j3dm0h778613303jr1au0v087g42ip5
[2011/04/19 20:35:06 | 000,014,974 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\b684au650dp60j3dm0h778613303jr1au0v087g42ip5
[2011/04/16 18:19:40 | 000,014,008 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\y26fl6u3dlvqhk4y3xi2gf658qow21ch7426l1f62q7
[2011/04/16 18:19:39 | 000,014,008 | -HS- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\y26fl6u3dlvqhk4y3xi2gf658qow21ch7426l1f62q7
:Files
ipconfig /flushdns /c 
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Let the program run unhindered, reboot the PC when it is done 
Open OTL again and click the *Quick Scan* button. Post the log it produces in your next reply. 

eddie


----------



## janonjalay (Apr 17, 2011)

OTL logfile created on: 5/11/2011 1:58:30 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Andrea Lamb\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 210.00 Mb Available Physical Memory | 41.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.03 Gb Total Space | 16.30 Gb Free Space | 67.83% Space Free | Partition Type: NTFS

Computer Name: LAMBS-KORNER | User Name: Andrea Lamb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/03 20:16:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
PRC - [2011/04/20 10:57:04 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/27 10:13:23 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2600 Series\ezprint.exe
PRC - [2008/03/27 10:13:18 | 000,660,136 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
PRC - [2008/02/27 18:07:26 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdncoms.exe
PRC - [2002/12/17 15:28:00 | 000,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

========== Modules (SafeList) ==========

MOD - [2011/05/03 20:16:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2008/02/27 18:07:26 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2008/02/27 18:07:14 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)

========== Driver Services (SafeList) ==========

DRV - [2011/04/19 20:53:05 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/02/17 08:18:24 | 000,455,936 | ---- | M] () [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/03/04 20:10:50 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2009/03/04 20:10:50 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2009/03/04 20:10:50 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2009/03/04 20:10:50 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2007/06/06 13:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/03/16 20:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/10/29 10:16:56 | 000,087,936 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2006/10/29 10:12:16 | 003,298,432 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/05/03 17:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 17:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 17:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 10:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/01/11 15:18:22 | 000,800,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/12/17 15:32:58 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2002/12/17 15:32:46 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2002/12/17 15:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/29 01:42:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/04 21:59:46 | 000,000,000 | ---D | M]

[2010/08/29 01:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Extensions
[2010/08/29 01:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\extensions
[2010/12/12 13:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/04 21:59:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/09/04 21:59:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/04 21:59:23 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/11 13:52:21 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1282894705203 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.7.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/04 19:33:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/11 13:52:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/11 13:52:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/08 13:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/08 09:08:44 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/05/07 17:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\PCHealth
[2011/05/07 17:16:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/05/03 20:44:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/03 20:24:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
[2011/04/30 14:24:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/30 14:14:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/30 14:14:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/30 14:14:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/30 14:14:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/30 14:10:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/30 14:08:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/27 22:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea Lamb\Application Data\SUPERAntiSpyware.com
[2011/04/27 22:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/27 22:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/27 22:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/27 22:00:10 | 010,994,344 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Andrea Lamb\Desktop\SUPERAntiSpyware.exe
[2011/04/27 19:55:53 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\TFC.exe
[2011/04/19 20:41:35 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/04/16 21:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/16 21:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea Lamb\Start Menu\Programs\HiJackThis
[2011/04/16 20:25:10 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2011/04/16 19:41:03 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/04/13 22:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea Lamb\Application Data\Malwarebytes
[2011/04/13 22:39:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/13 22:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/13 22:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/13 22:37:51 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andrea Lamb\Desktop\mbam-setup.exe
[2011/04/13 08:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2011/04/13 08:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/04/13 07:15:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrea Lamb\Start Menu\Programs\Administrative Tools
[2011/04/12 22:01:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andrea Lamb\Recent
[2010/08/28 13:12:00 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll
[2010/08/28 13:12:00 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll
[2010/08/28 13:12:00 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
[2010/08/28 13:11:59 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
[2010/08/28 13:11:59 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
[2010/08/28 13:11:59 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
[2010/08/28 13:11:59 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll
[2010/08/28 13:11:58 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
[2010/08/28 13:11:58 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
[2010/08/28 13:11:58 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnih.exe
[2010/08/28 13:11:57 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoms.exe
[2010/08/28 13:11:57 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
[2010/08/28 13:11:56 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
[2010/08/28 13:11:56 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncfg.exe

========== Files - Modified Within 30 Days ==========

[2011/05/11 13:56:28 | 000,012,688 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/11 13:54:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/11 13:53:30 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011/05/11 13:52:21 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/09 03:18:05 | 000,110,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/07 18:18:28 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/03 20:16:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
[2011/04/30 14:24:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/30 14:01:09 | 004,333,869 | R--- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\andrea123.exe
[2011/04/28 10:14:58 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\HiJackThis.lnk
[2011/04/27 22:01:58 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/27 22:00:09 | 010,994,344 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Andrea Lamb\Desktop\SUPERAntiSpyware.exe
[2011/04/27 19:55:58 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\TFC.exe
[2011/04/19 23:10:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/19 20:53:05 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/19 20:41:35 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/04/17 14:03:33 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\juroepdq.exe
[2011/04/17 13:57:48 | 000,003,325 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\Attach.zip
[2011/04/16 19:32:08 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\housecall.guid.cache
[2011/04/16 19:26:08 | 000,007,052 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/04/16 18:41:14 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\dds.com
[2011/04/16 18:40:15 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\HijackThis.msi
[2011/04/16 18:21:47 | 000,001,504 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/04/14 16:28:22 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\Shortcut to Application Data.lnk
[2011/04/13 22:39:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 22:37:51 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andrea Lamb\Desktop\mbam-setup.exe
[2011/04/13 08:13:38 | 001,376,832 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\sar_15_sfx.exe

========== Files Created - No Company Name ==========

[2011/04/30 14:24:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/30 14:24:22 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/30 14:14:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/30 14:14:48 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/30 14:14:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/30 14:14:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/30 14:14:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/30 14:01:09 | 004,333,869 | R--- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\andrea123.exe
[2011/04/27 22:01:58 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/17 14:03:28 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\juroepdq.exe
[2011/04/17 13:57:48 | 000,003,325 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\Attach.zip
[2011/04/16 21:55:08 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\HiJackThis.lnk
[2011/04/16 19:32:08 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\housecall.guid.cache
[2011/04/16 19:19:19 | 000,007,052 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/04/16 18:41:06 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\dds.com
[2011/04/16 18:40:15 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\HijackThis.msi
[2011/04/16 18:21:47 | 000,001,504 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/04/14 16:28:22 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\Shortcut to Application Data.lnk
[2011/04/13 22:39:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 08:13:38 | 001,376,832 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\sar_15_sfx.exe
[2011/04/11 00:18:36 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18407220r
[2011/04/11 00:18:35 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18407220
[2011/04/11 00:18:27 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18407220
[2011/03/26 23:41:34 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/19 21:38:21 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/29 19:35:35 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/29 19:35:35 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/29 04:44:39 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/29 01:42:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/28 13:13:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
[2010/08/28 13:13:08 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdncoin.dll
[2010/08/28 13:12:36 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
[2010/08/28 13:12:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
[2010/08/28 13:12:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
[2010/08/28 13:12:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdnrwrd.ini
[2010/08/28 13:12:00 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll
[2010/08/28 13:11:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
[2010/08/27 02:34:49 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/08/27 02:34:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/08/27 02:34:46 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/08/26 01:10:29 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2010/08/25 23:36:20 | 000,455,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2010/08/25 23:34:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2010/08/25 23:34:10 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/08/25 23:34:08 | 000,432,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/25 23:34:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010/08/25 23:34:08 | 000,067,714 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/25 23:34:08 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010/08/25 23:34:07 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010/08/25 23:34:07 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2010/08/25 23:34:04 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010/08/25 23:34:01 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2010/08/25 23:33:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010/08/25 23:33:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2010/08/25 23:33:37 | 000,110,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/25 23:33:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/25 23:33:33 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010/08/25 23:33:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2010/08/25 23:29:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/25 23:29:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/25 23:29:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

========== LOP Check ==========

[2011/03/26 23:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/02/19 21:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/09/01 18:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrea Lamb\Application Data\OpenOffice.org
[2011/02/19 21:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrea Lamb\Application Data\Research In Motion

========== Purity Check ==========

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Just to let you know, I'm on holiday on may 20th until May 27th, but will do what I can until then 

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8CFCF42C-1C64-47D6-AEEC-F9D001832ED3}
:dir /s
C:\81e5deaae2f83a2663a5
C:\Documents and Settings\All Users\Application Data\~18407220r
C:\Documents and Settings\All Users\Application Data\~18407220
C:\Documents and Settings\All Users\Application Data\18407220
:file
C:\Documents and Settings\All Users\Application Data\~18407220r
C:\Documents and Settings\All Users\Application Data\~18407220
C:\Documents and Settings\All Users\Application Data\18407220
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

eddie


----------



## janonjalay (Apr 17, 2011)

SystemLook 04.09.10 by jpshortstuff
Log created at 04:06 on 18/05/2011 by Andrea Lamb
Administrator - Elevation successful
========== reg ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8CFCF42C-1C64-47D6-AEEC-F9D001832ED3}]
"SystemComponent"= 0x0000000000 (0)
"Installer"="MSICD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8CFCF42C-1C64-47D6-AEEC-F9D001832ED3}\Contains]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8CFCF42C-1C64-47D6-AEEC-F9D001832ED3}\DownloadInformation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8CFCF42C-1C64-47D6-AEEC-F9D001832ED3}\InstalledVersion]

Invalid Context: dir /s
No Context: C:\81e5deaae2f83a2663a5
No Context: C:\Documents and Settings\All Users\Application Data\~18407220r
No Context: C:\Documents and Settings\All Users\Application Data\~18407220
No Context: C:\Documents and Settings\All Users\Application Data\18407220
========== file ==========
C:\Documents and Settings\All Users\Application Data\~18407220r - File found and opened.
MD5: 560C73632B53210B7CA195E12DBF8D6D
Created at 05:18 on 11/04/2011
Modified at 05:18 on 11/04/2011
Size: 136 bytes
Attributes: --a----
No version information available.
C:\Documents and Settings\All Users\Application Data\~18407220 - File found and opened.
MD5: 32B1093F122A12615288BAE015843902
Created at 05:18 on 11/04/2011
Modified at 05:18 on 11/04/2011
Size: 104 bytes
Attributes: --a----
No version information available.
C:\Documents and Settings\All Users\Application Data\18407220 - File found and opened.
MD5: BA8923C8AB2C71B97C86EFB08774E00D
Created at 05:18 on 11/04/2011
Modified at 05:18 on 11/04/2011
Size: 336 bytes
Attributes: --a----
No version information available.
-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Okay, I'm at work at the moment, so no access to websites to upload any screenshots, so will do this the typing way 

Can you open Windows Explorer, and at the top click on *Tools* and the *Folder Options*.

In there, click on the *View* tab.

Make sure that *Show Hidden Files and Folders* is selected, and then Apply and OK. Close Windows Explorer

--

Can you now update Malwarebytes' Anti-Malware as shown in my first reply in this thread, and *Peform Full Scan*.

It may take a while, so grab a cup of tea 

Remove any as you did before, and post the MBAM log afterwards 

eddie


----------



## janonjalay (Apr 17, 2011)

Malwarebytes Log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6610
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/18/2011 4:49:03 PM
mbam-log-2011-05-18 (16-49-02).txt
Scan type: Full scan (C:\|)
Objects scanned: 191444
Time elapsed: 6 hour(s), 15 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)


----------



## eddie5659 (Mar 19, 2001)

Just to let you know I'm on holiday from now till 27th, so will have to look at this when I get home.

However, I will just do this for now:

Please *download* *OTM* 

 *Save* it to your *desktop*. 
 Please double-click *OTM* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*). 
*Copy the lines in the codebox below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Files
C:\Documents and Settings\All Users\Application Data\~18407220r
C:\Documents and Settings\All Users\Application Data\~18407220
C:\Documents and Settings\All Users\Application Data\18407220
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[CREATERESTOREPOINT] 
[EMPTYFLASH] 
[Reboot]
```

Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.

Click the red *Moveit!* button. 
*Copy everything in the Results window (under the green bar) to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply. 
Close *OTM* and reboot your PC. 
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.* In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post

eddie


----------



## janonjalay (Apr 17, 2011)

No problem I'll just hold tight til then.
Otm log file:
All processes killed
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\~18407220r moved successfully.
C:\Documents and Settings\All Users\Application Data\~18407220 moved successfully.
C:\Documents and Settings\All Users\Application Data\18407220 moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Andrea Lamb
->Temp folder emptied: 628843 bytes
->Temporary Internet Files folder emptied: 7038770 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 3190 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Leon Davis
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66019 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7.00 mb

Restore point Set: OTM Restore Point (0)

OTM by OldTimer - Version 3.1.17.2 log created on 05192011_173749
Files moved on Reboot...
Registry entries deleted on Reboot...


----------



## eddie5659 (Mar 19, 2001)

Back now 

As its been a while, can you post a fresh OTL log for me, and I'll see what needs to be done 

eddie


----------



## janonjalay (Apr 17, 2011)

Here is a the most recent otl log. Did you want me to post a fresh Otm log as well?

OTL logfile created on: 5/31/2011 10:12:24 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Andrea Lamb\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 303.00 Mb Available Physical Memory | 59.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.03 Gb Total Space | 15.93 Gb Free Space | 66.30% Space Free | Partition Type: NTFS

Computer Name: LAMBS-KORNER | User Name: Andrea Lamb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/03 20:16:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
PRC - [2011/04/20 10:57:04 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/27 10:13:23 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2600 Series\ezprint.exe
PRC - [2008/03/27 10:13:18 | 000,660,136 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
PRC - [2008/02/27 18:07:26 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdncoms.exe
PRC - [2002/12/17 15:28:00 | 000,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

========== Modules (SafeList) ==========

MOD - [2011/05/03 20:16:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2008/02/27 18:07:26 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2008/02/27 18:07:14 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)

========== Driver Services (SafeList) ==========

DRV - [2011/04/19 20:53:05 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/02/17 08:18:24 | 000,455,936 | ---- | M] () [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/03/04 20:10:50 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2009/03/04 20:10:50 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2009/03/04 20:10:50 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2009/03/04 20:10:50 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2007/06/06 13:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/03/16 20:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/10/29 10:16:56 | 000,087,936 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2006/10/29 10:12:16 | 003,298,432 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/05/03 17:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 17:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 17:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 10:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/01/11 15:18:22 | 000,800,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/12/17 15:32:58 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2002/12/17 15:32:46 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2002/12/17 15:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/29 01:42:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/04 21:59:46 | 000,000,000 | ---D | M]

[2010/08/29 01:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Extensions
[2010/08/29 01:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea Lamb\Application Data\Mozilla\Firefox\Profiles\1rladtfc.default\extensions
[2010/12/12 13:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/04 21:59:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/09/04 21:59:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/04 21:59:23 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/19 17:37:51 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1282894705203 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.7.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/04 19:33:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/19 17:37:49 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/19 17:36:12 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTM.exe
[2011/05/11 13:52:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/11 13:52:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/08 13:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/08 09:08:44 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/05/07 17:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\PCHealth
[2011/05/07 17:16:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/05/03 20:44:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/03 20:24:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe
[2010/08/28 13:12:00 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll
[2010/08/28 13:12:00 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll
[2010/08/28 13:12:00 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
[2010/08/28 13:11:59 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
[2010/08/28 13:11:59 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
[2010/08/28 13:11:59 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
[2010/08/28 13:11:59 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll
[2010/08/28 13:11:58 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
[2010/08/28 13:11:58 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
[2010/08/28 13:11:58 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnih.exe
[2010/08/28 13:11:57 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoms.exe
[2010/08/28 13:11:57 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
[2010/08/28 13:11:56 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
[2010/08/28 13:11:56 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncfg.exe

========== Files - Modified Within 30 Days ==========

[2011/05/31 09:57:22 | 000,012,688 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/31 09:55:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/27 11:04:04 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011/05/25 12:12:10 | 000,082,628 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\insurance card.pdf
[2011/05/19 17:37:51 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/19 17:36:14 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTM.exe
[2011/05/19 11:01:28 | 000,003,604 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\Andrea Resume.pdf
[2011/05/18 09:51:18 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/18 04:04:48 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Andrea Lamb\Desktop\SystemLook.exe
[2011/05/09 03:18:05 | 000,110,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/07 18:18:28 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/03 20:16:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea Lamb\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2011/05/25 12:12:10 | 000,082,628 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\insurance card.pdf
[2011/05/19 11:01:28 | 000,003,604 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\Andrea Resume.pdf
[2011/05/18 04:04:48 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Desktop\SystemLook.exe
[2011/04/30 14:14:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/30 14:14:48 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/30 14:14:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/30 14:14:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/30 14:14:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/16 19:32:08 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\housecall.guid.cache
[2011/04/14 16:28:22 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\Shortcut to Application Data.lnk
[2011/03/26 23:41:34 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/19 21:38:21 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Andrea Lamb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/29 19:35:35 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/29 19:35:35 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/29 04:44:39 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/29 01:42:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/28 13:13:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
[2010/08/28 13:13:08 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdncoin.dll
[2010/08/28 13:12:36 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
[2010/08/28 13:12:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
[2010/08/28 13:12:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
[2010/08/28 13:12:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdnrwrd.ini
[2010/08/28 13:12:00 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll
[2010/08/28 13:11:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
[2010/08/27 02:34:49 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/08/27 02:34:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/08/27 02:34:46 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/08/26 01:10:29 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2010/08/25 23:36:20 | 000,455,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2010/08/25 23:34:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2010/08/25 23:34:10 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/08/25 23:34:08 | 000,432,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/25 23:34:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010/08/25 23:34:08 | 000,067,714 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/25 23:34:08 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010/08/25 23:34:07 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010/08/25 23:34:07 | 000,000,070 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2010/08/25 23:34:04 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010/08/25 23:34:01 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2010/08/25 23:33:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010/08/25 23:33:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2010/08/25 23:33:37 | 000,110,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/25 23:33:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/25 23:33:33 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010/08/25 23:33:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2010/08/25 23:29:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/25 23:29:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/25 23:29:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

========== LOP Check ==========

[2011/03/26 23:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/02/19 21:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/09/01 18:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrea Lamb\Application Data\OpenOffice.org
[2011/02/19 21:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrea Lamb\Application Data\Research In Motion

========== Purity Check ==========

< End of report >


----------



## eddie5659 (Mar 19, 2001)

That's looking okay, hows the computer running?


----------



## janonjalay (Apr 17, 2011)

I just started using it again while you were on vacation, but so far it seems to be working well. I have not had any redirecting on or adds playing and it seems like it has stopped downloading programs on its own also.


----------



## eddie5659 (Mar 19, 2001)

As its all okay, lets remove the tools we've used, and it will be good to go 


Download *OTC* to your desktop and run it 
Click Yes to beginning the Cleanup process and remove these components, including this application. 
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. 

=========

If after doing the above some are still showing, then do the following:

---

If you have the *DSS* program on your Desktop, this can also be deleted.

---

*Uninstall GMER*


*Copy the entire contents of the Quote Box * below to *Notepad*. 
Name the file as *gmer_uninstall.bat * 
Change the *Save as Type* to *All Files * 
and *Save* it in the folder*GMER* was saved 
 Once saved, double click on the *gmer_uninstall.bat* file. the MSDOS window will be displayed. That is normal.



> @echo off
> sc stop gmer
> sc delete gmer
> if exist %SystemRoot%\System32\drivers\gmer.sys del /f /q %SystemRoot%\System32\drivers\gmer.sys
> ...


---

You can uninstall *SuperAntiSpyware* from AddRemove Programs via the Control Panel.

---

*Follow these steps to uninstall Combofix and tools used in the removal of malware*


Click *START* then *RUN*
Now type *Combofix /u* in the runbox and click *OK*. Note the *space* between the *X* and the *U*, it needs to be there










---

You can delete the *SystemLook* program off your Desktop.

---


----------



## eddie5659 (Mar 19, 2001)

We have a couple of last steps to perform and then you're all set.

Go to Control Panel and open the *Internet Options*. Click on the *Advanced tab* and do the following:

 Tick Empty Temporary Internet Files When Browser is Closed under Security. Apply
Then, click on the *Security tab* and do the following:

 Make sure the Internet icon is selected.
 Select *Default Level*.
 Apply and OK.

Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.

Go to Start | Programs | Accessories | System Tools | Disk Cleanup
It should start straight away, but if you have to select a drive, click on the C-drive.
Let it run, and at the end it will give you some boxes to tick. 
All are okay to enable, then press *OK* and then *Yes* to the question after.
It will close after its completed.

Secondly, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
* Click *Start*.
* Open *My Computer*.
* Select the *Tools menu* and click *Folder Options*.
* Select the *View* tab.
* Under the *Hidden files and folders* heading *UNSELECT Show hidden files and folders*.
* *CHECK* the *Hide protected operating system files (recommended)* option.
* Click *Yes* to confirm.
* Click *OK*.
Next, let's clean your restore points and set a new one:

*Reset and Re-enable your System Restore* to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
*1. Turn off System Restore.*
On the Desktop, right-click *My Computer*.
Click *Properties*.
Click the *System Restore* tab.
Check *Turn off System Restore*.
Click *Apply*, and then click *OK*.
*2. Restart your computer.*

*3. Turn ON System Restore.*
On the Desktop, right-click *My Computer*.
Click *Properties*.
Click the *System Restore* tab.
UN-Check *Turn off System Restore*.
Click *Apply*, and then click *OK*.

*System Restore will now be active again.*

*Other Software Updates*
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for *Java* and *Adobe* as these are subject to many security vulnerabilities.
------------------------

*Download and Install a HOSTS File*
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just *HOSTS* with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.
*Install MVPS Hosts File* *From Here*
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
*You can Find the Tutorial * *HERE*

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
*SpywareBlaster* to help prevent spyware from installing in the first place.
You should also have a good firewall. Here are 2 free ones available for personal use:
*Sunbelt Personal Firewall*
*ZoneAlarm*
and a good antivirus (these are also free for personal use):
*AVG Anti-Virus*
*Avast Home Edition*
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit 
*Microsoft Windows Update*
monthly. And to keep your system clean run this free malware scanner

*Malwarebytes' Anti-Malware*

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this about Security online: *General Security Information, How to tighten Security Settings and Warnings *

Have a safe and happy computing day!

eddie


----------



## janonjalay (Apr 17, 2011)

Okay so I've been away for a couple of days so I've just started working on removing the programs we used. I ran the otc and it removed a good portion of the programs however i am having trouble removing the combo fix and gmer. The combo fix just begins a scan when I enter in the combfix /u in the run box; and the gmer does not go anywhere after double clicking the gmer_uninstall.bat file only the file itself erases. Also the tfc program did not uninstall either is that something i can uninstall from the add/remove programs?


----------



## eddie5659 (Mar 19, 2001)

Combofix and GMER should have uninstalled when you ran the OTC program. Are GMER and Combofix still showing on the computer?

I tend to include those removal instructions, in case the tools were saved to a different location than the default.

TFC is a good program to keep, I tend to run it monthly, as a cleanup of the temp files


----------



## eddie5659 (Mar 19, 2001)

You can just delete the TFC program from the icon, as its a standalone program


----------

