Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer Hijacked Help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer Hijacked Help

Unread postby Bubby79-300 » April 15th, 2011, 4:19 pm

Hello,

My computer has been hijacked and I cannot follow your instructions. I have tried to download DDS.scr but when I attempt to run it says it is an AutoCad script file.
What should I do from here? Awaiting your instructions. Some strange files I have noticed are MQY.EXE, EMA90b.EXE and MDM.exe.

Windows Security Alert just popped up and listed the following:
Attack From: 198.55.37.50
Port: 8527
Attack Port: 328080
Email Worm JS.Gigger
Bubby79-300
Active Member
 
Posts: 4
Joined: April 15th, 2011, 3:35 pm
Advertisement
Register to Remove

Re: Computer Hijacked Help

Unread postby askey127 » April 17th, 2011, 7:56 am

Hi Bubby79-300,
I wouldn't worry too much about being attacked from that site. It's Hewlett Packard in Palo Alto.
A bigger concern is the program giving you the warning.
Let's try these things in sequence:
------------------------------------------------
Download and Run Rkill
Please download and run the tool named Rkill, which may help in allowing other programs to run.
There are different versions. If one of them won't run then download and try to run one of the other ones.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get ONE of these to run, not all of them. You may get warnings from your antivirus about any of these tools, ignore them or shutdown your antivirus.
Please download Rkill from one of the following links and save to your Desktop:
Rkill.exe
RKill.com
Rkill.pif
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If ir does not, delete the desktop entry. Then download and use the one provided in the next link.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
---------------------------------------------
Run a Scan with OTL
  1. Please download OTL.exe by OldTimer and save it to your desktop.
  2. Right click on OTL.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
  3. If you have Windows XP, just double click OTL to run it.
    If you have a 64-bit version of Windows, check the box at the top, labeled Include 64 bit scans
  4. Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
  5. Click on the Run Scan button at the top left hand corner.
  6. OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
    They will be saved on your desktop.
Please post the contents of these files.
You may use separate replies if you wish.
If any of the files are too large to post, you can split the oversize one(s) into multiple replies

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer Hijacked Help

Unread postby Bubby79-300 » April 17th, 2011, 10:01 am

Per your instructions. Please note that the Rkill did not just flash but took at least 30 seconds to close and post log file. I await your instruction. This computer is extremely important as it is what I use for my job.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 04/17/2011 at 9:57:46.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 04/17/2011 at 9:57:48.

TL Extras logfile created on: 4/17/2011 9:52:48 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 88.03 Gb Free Space | 68.78% Space Free | Partition Type: NTFS
Drive F: | 74.53 Gb Total Space | 65.24 Gb Free Space | 87.53% Space Free | Partition Type: NTFS

Computer Name: BASEMENT | User Name: Melanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-220523388-484061587-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 1
"FIREWALLDISABLENOTIFY" = 1
"UPDATESDISABLENOTIFY" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1044:TCP" = 1044:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\Dassault Systemes\B16\intel_a\code\bin\orbixd.exe" = F:\Program Files\Dassault Systemes\B16\intel_a\code\bin\orbixd.exe:*:Enabled:orbixd -- ()
"F:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CNEXT.exe" = F:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CNEXT.exe:*:Enabled:CATIA -- (Dassault Systemes)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter -- (Nero AG)
"C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Local Settings\Temp\OnlineUpdate8\SetupXu.exe" = C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Local Settings\Temp\OnlineUpdate8\SetupXu.exe:*:Enabled:Nero ControlCenter
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00E15D21-B68B-D7C4-574B-636E2D1ECEBE}" = Catalyst Control Center HydraVision Full
"{02A3343C-028E-62D3-E193-AC15E8508B64}" = Catalyst Control Center Graphics Light
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{063BD2FA-85DE-0A14-F266-7BD869F719BA}" = Catalyst Control Center Graphics Full New
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B8.1208.1
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{1170F665-2359-E439-5BC5-932B87423EF1}" = ccc-utility
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{1575F408-60AC-4a37-904A-931117272926}" = 7000E809a
"{196AD67D-9180-4A8C-BE53-E7C68D80AE33}" = NavisWorks Freedom 2009
"{1AD2EF25-7961-42AD-BCCB-8CC8E9A32A39}" = HP Officejet 7000 E809a Series
"{1B140425-1EA0-4AB8-BB31-1830C4A0A1F2}" = DWGeditor
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D48DD8-06BA-4d5a-9796-6C7582F07947}" = BPDSoftware
"{268C2D6E-CDE9-47CD-87D9-A87710966709}" = BPDSoftware_Ini
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2894C259-B270-EFAA-3131-491B261E894A}" = ccc-utility
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35727E31-5D78-478A-B418-7E9A82729DB2}" = SolidWorks 2009 SP03
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D74E81-5DED-C7EE-8807-91A8800212FA}" = ccc-core-preinstall
"{41C01225-45FD-7BCE-1EDA-F7E50945ADD7}" = Catalyst Control Center Core Implementation
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A6B1116-E9C1-4480-41B5-35290C1EFD3B}" = ccc-core-preinstall
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B322C8E-8775-4f20-8978-ED63DB4770C4}" = 7000E809a_eDocs
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-0201-0409-0002-0060B0CE6BBA}" = AutoCAD 2004
"{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{5962ABC1-427C-4651-B6FC-187A9F653AEF}" = ProductContext
"{5E8E1294-7951-6DA9-10F1-C877871346F3}" = Skins
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{669A37FF-A446-46F9-8AAE-EEC1988A2ADF}" = Autodesk Design Review Firefox Add-on v1.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C89B82E-AD76-7715-43EA-C37E563E83BB}" = ATI Catalyst Install Manager
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77C80DAB-4C40-ACD2-E645-FD3E1F05EA90}" = CCC Help English
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{80BA07B3-537F-4189-92F7-26E2BA76095A}" = SolidWorks eDrawings 2009
"{826F3B4F-C597-AF1D-4CB1-2F441BE8E2BF}" = ccc-core-static
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{87B20692-9E9D-FAE0-76C7-E75E3CC7B0D1}" = Catalyst Control Center Graphics Full Existing
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8E92B952-FF78-444B-A1B9-EC13A1A060C4}" = 7000E809a_Help
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8 Essentials
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{BE7E6C3D-A42B-4BA3-9767-124EB8ED27E3}" = LightScribe System Software
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C29769BE-BEDF-DC9E-67A9-5E7AEFF039CF}" = CCC Help English
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C740289B-FC90-D938-8317-1FFEBF7C04DB}" = Catalyst Control Center Graphics Previews Common
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{DAE507C4-7E9E-B204-531C-A9306522D7A9}" = Catalyst Control Center Graphics Full Existing
"{DD58AC0F-CE28-B5EA-72C4-08CE056A77EA}" = Catalyst Control Center HydraVision Full
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{F0949359-3DA7-52EF-50E6-FDD6B9491E2D}" = Catalyst Control Center Graphics Previews Common
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16DCA31-4DB4-F8F6-5ED1-6FAFB7228FFF}" = Catalyst Control Center InstallProxy
"{F30A8BF7-288C-57C0-357E-6D67BB694682}" = Catalyst Control Center Graphics Full New
"{F54543CF-EC73-D847-1780-84A6420EA229}" = Catalyst Control Center Graphics Light
"{F67CCC08-C544-A440-A47A-D60A25118CD1}" = Catalyst Control Center Core Implementation
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"AutoCAD 2009 - English" = AutoCAD 2009 - English
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Autodesk Express Viewer" = Autodesk Express Viewer
"Autodesk NavisWorks Freedom 2009" = Autodesk NavisWorks Freedom 2009
"CCleaner" = CCleaner
"CdaC13Ba" = SafeCast Shared Components
"Dassault Systemes B16_0" = Dassault Systemes Software B16
"DWG TrueView 2011" = DWG TrueView 2011
"EADM" = EA Download Manager
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"pdfFactory" = pdfFactory
"PrimoPDF4.1.0.9" = PrimoPDF
"Shop for HP Supplies" = Shop for HP Supplies
"SnoopFreePrivacyShield" = SnoopFree Privacy Shield
"SolidWorks Installation Manager 20090-40300-1100-200" = SolidWorks 2009 SP03
"SpywareBlaster_is1" = SpywareBlaster 4.4
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/15/2011 6:03:41 PM | Computer Name = BASEMENT | Source = Windows Search Service | ID = 3038
Description = The gatherer is unable to read the registry DocIdMapFile. Context:
Application, SystemIndex Catalog Details: The system cannot find the file specified.
(0x80070002)

Error - 4/15/2011 6:03:45 PM | Computer Name = BASEMENT | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The registry value cannot be read because the configuration
is invalid. Recreate the content index configuration by removing the content index.
(0x80040d03)

Error - 4/15/2011 6:03:45 PM | Computer Name = BASEMENT | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
registry value cannot be read because the configuration is invalid. Recreate the
content index configuration by removing the content index. (0x80040d03)

Error - 4/15/2011 6:04:09 PM | Computer Name = BASEMENT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 4/15/2011 9:14:53 PM | Computer Name = BASEMENT | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/16/2011 8:20:28 AM | Computer Name = BASEMENT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 4/17/2011 9:28:39 AM | Computer Name = BASEMENT | Source = Windows Search Service | ID = 3038
Description = The gatherer is unable to read the registry DocIdMapFile. Context:
Application, SystemIndex Catalog Details: The system cannot find the file specified.
(0x80070002)

Error - 4/17/2011 9:28:45 AM | Computer Name = BASEMENT | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The registry value cannot be read because the configuration
is invalid. Recreate the content index configuration by removing the content index.
(0x80040d03)

Error - 4/17/2011 9:28:45 AM | Computer Name = BASEMENT | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
registry value cannot be read because the configuration is invalid. Recreate the
content index configuration by removing the content index. (0x80040d03)

Error - 4/17/2011 9:52:22 AM | Computer Name = BASEMENT | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.22.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/16/2011 9:40:06 PM | Computer Name = BASEMENT | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 4/16/2011 9:40:06 PM | Computer Name = BASEMENT | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 4/16/2011 9:40:06 PM | Computer Name = BASEMENT | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 4/16/2011 9:40:06 PM | Computer Name = BASEMENT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdPPM Avgldx86 Avgmfx86 Avgtdix Fips IPSec LUMDriver MRxSmb NetBIOS NetBT ohci1394 RasAcd
Rdbss
Tcpip

Error - 4/17/2011 7:59:37 AM | Computer Name = BASEMENT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/17/2011 7:59:39 AM | Computer Name = BASEMENT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 4/17/2011 8:01:32 AM | Computer Name = BASEMENT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 4/17/2011 8:02:50 AM | Computer Name = BASEMENT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/17/2011 9:26:51 AM | Computer Name = BASEMENT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/17/2011 9:28:46 AM | Computer Name = BASEMENT | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
2147749155 (0x80040D23).


< End of report >
Bubby79-300
Active Member
 
Posts: 4
Joined: April 15th, 2011, 3:35 pm

Re: Computer Hijacked Help

Unread postby askey127 » April 17th, 2011, 2:29 pm

Bubby79-300,
You did not post the contents of OTL.txt which should be on your desktop. You only posted Extras.txt
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Eusing Free Registry Cleaner
Java(TM) 6 Update 17
Spubot Search & Destroy

Take extra care in answering questions posed by any Uninstaller.
If the Spybot Uninstaller asks whether you want to remove all files and settings, answer YES. If it reports that it cannot remove all files, that's OK.
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
In the first section on the page, labeled JDK 6 Update 24 (JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
Select the Platform Windows (or Windows 64-bit if your machine is 64-bit), and check the box to agree to the license.
Choose the Windows Offline installation version and click on the link.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, (or right click and choose "Run as administrator" in Vista/Win7) and it will install the newest version of Java for you to use.
During the Installation, be sure to UNCHECK any offer for McAfee Security Scan Plus. It's just adware.
When it finishes, you can remove the Installer from your desktop.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------
Download Antivir Free
This program is free for personal, non-business use.
Download AntiVir Free from here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml
Click the Download button. Then when the "Download Locations" page comes up, choose the first External Mirror (exe)
Save the Installer to your desktop, but don't run it yet. The installer file will be named avira_antivir_personal_en.exe
Double check to be sure you know where to find it.
-----------------------------------------------
Install Antivir
Right Click the Avira Antivir Installer you saved on your desktop, choose "Run as administrator", and let it Install Antivir.
-----------------------------------------------
Update and Scan with Antivir
Right click the red umbrella icon and choose Start Antivir.
When the window comes up click Start Update.
When the update is complete, click on Scan System Now.
This full scan could take a hour or more.
It will ask what to do with any item it finds.
IMPORTANT >> tell it to DELETE or QUARANTINE any items it finds.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.
-----------------------------------------------------------
Noticed this in your post:
This computer is extremely important as it is what I use for my job.
If this computer is used for business purposes, we will not be able to help further.
The section Posting for help for business machines
explains why we do not offer help for such computers.
Unless there is some kind of misunderstanding about the usage of the machine, this topic will be closed.


askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer Hijacked Help

Unread postby Bubby79-300 » April 17th, 2011, 5:41 pm

Sorry about my comment, this is a home unit in my basement. RE: my PM to you. :drunken:

Here is the file you requested. Awaiting other instruction.

Avira AntiVir Personal
Report file date: Sunday, April 17, 2011 17:35

Scanning for 2568972 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : Melanie
Computer name : BASEMENT

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 3/7/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 3/4/2011 18:36:52
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 16:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 3/4/2011 18:36:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 18:37:07
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 18:37:08
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 21:34:17
VBASE004.VDF : 7.11.5.226 2048 Bytes 4/7/2011 21:34:17
VBASE005.VDF : 7.11.5.227 2048 Bytes 4/7/2011 21:34:17
VBASE006.VDF : 7.11.5.228 2048 Bytes 4/7/2011 21:34:17
VBASE007.VDF : 7.11.5.229 2048 Bytes 4/7/2011 21:34:17
VBASE008.VDF : 7.11.5.230 2048 Bytes 4/7/2011 21:34:17
VBASE009.VDF : 7.11.5.231 2048 Bytes 4/7/2011 21:34:18
VBASE010.VDF : 7.11.5.232 2048 Bytes 4/7/2011 21:34:18
VBASE011.VDF : 7.11.5.233 2048 Bytes 4/7/2011 21:34:18
VBASE012.VDF : 7.11.5.234 2048 Bytes 4/7/2011 21:34:18
VBASE013.VDF : 7.11.6.28 158208 Bytes 4/11/2011 21:34:19
VBASE014.VDF : 7.11.6.74 116224 Bytes 4/13/2011 21:34:19
VBASE015.VDF : 7.11.6.113 137728 Bytes 4/14/2011 21:34:20
VBASE016.VDF : 7.11.6.114 2048 Bytes 4/14/2011 21:34:20
VBASE017.VDF : 7.11.6.115 2048 Bytes 4/14/2011 21:34:20
VBASE018.VDF : 7.11.6.116 2048 Bytes 4/14/2011 21:34:20
VBASE019.VDF : 7.11.6.117 2048 Bytes 4/14/2011 21:34:20
VBASE020.VDF : 7.11.6.118 2048 Bytes 4/14/2011 21:34:20
VBASE021.VDF : 7.11.6.119 2048 Bytes 4/14/2011 21:34:20
VBASE022.VDF : 7.11.6.120 2048 Bytes 4/14/2011 21:34:21
VBASE023.VDF : 7.11.6.121 2048 Bytes 4/14/2011 21:34:21
VBASE024.VDF : 7.11.6.122 2048 Bytes 4/14/2011 21:34:21
VBASE025.VDF : 7.11.6.123 2048 Bytes 4/14/2011 21:34:21
VBASE026.VDF : 7.11.6.124 2048 Bytes 4/14/2011 21:34:21
VBASE027.VDF : 7.11.6.125 2048 Bytes 4/14/2011 21:34:21
VBASE028.VDF : 7.11.6.126 2048 Bytes 4/14/2011 21:34:21
VBASE029.VDF : 7.11.6.127 2048 Bytes 4/14/2011 21:34:22
VBASE030.VDF : 7.11.6.128 2048 Bytes 4/14/2011 21:34:22
VBASE031.VDF : 7.11.6.145 108032 Bytes 4/17/2011 21:34:22
Engineversion : 8.2.4.208
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/4/2011 18:36:49
AESCRIPT.DLL : 8.1.3.58 1266042 Bytes 4/17/2011 21:34:32
AESCN.DLL : 8.1.7.2 127349 Bytes 3/4/2011 18:36:48
AESBX.DLL : 8.1.3.2 254324 Bytes 3/4/2011 18:36:48
AERDL.DLL : 8.1.9.9 639347 Bytes 4/17/2011 21:34:31
AEPACK.DLL : 8.2.6.0 549237 Bytes 4/17/2011 21:34:30
AEOFFICE.DLL : 8.1.1.20 205177 Bytes 4/17/2011 21:34:29
AEHEUR.DLL : 8.1.2.98 3441014 Bytes 4/17/2011 21:34:29
AEHELP.DLL : 8.1.16.1 246134 Bytes 3/4/2011 18:36:41
AEGEN.DLL : 8.1.5.4 397684 Bytes 4/17/2011 21:34:24
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/4/2011 18:36:40
AECORE.DLL : 8.1.20.2 196982 Bytes 4/17/2011 21:34:23
AEBB.DLL : 8.1.1.0 53618 Bytes 3/4/2011 18:36:39
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/4/2011 18:36:53
AVPREF.DLL : 10.0.0.0 44904 Bytes 3/4/2011 18:36:52
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 18:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 3/4/2011 18:36:52
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 3/4/2011 18:36:53
AVARKT.DLL : 10.0.22.6 231784 Bytes 3/4/2011 18:36:50
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 3/4/2011 18:36:51
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 18:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/4/2011 18:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 18:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 3/4/2011 18:37:12
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/4/2011 18:37:12

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Sunday, April 17, 2011 17:35

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en(4).exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'avgidsmonitor.exe' - '1' Module(s) have been scanned
Scan process 'avgcsrvx.exe' - '1' Module(s) have been scanned
Scan process 'avgnsx.exe' - '1' Module(s) have been scanned
Scan process 'avgcsrvx.exe' - '1' Module(s) have been scanned
Scan process 'avgrsx.exe' - '1' Module(s) have been scanned
Scan process 'avgchsvx.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SnoopFreeSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'IoctlSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ESSVR.EXE' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'CATSysDemon.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'SnoopFreeUI.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!
Master boot sector HD6
[INFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '1747' files ).



End of the scan: Sunday, April 17, 2011 17:36
Used time: 01:01 Minute(s)

The scan has been done completely.

0 Scanned directories
2238 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
2238 Files not concerned
5 Archives were scanned
0 Warnings
0 Notes
Bubby79-300
Active Member
 
Posts: 4
Joined: April 15th, 2011, 3:35 pm

Re: Computer Hijacked Help

Unread postby askey127 » April 17th, 2011, 7:33 pm

Please post the contents of OTL.txt while we determine if your post meets our requirements.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer Hijacked Help

Unread postby Bubby79-300 » April 17th, 2011, 8:16 pm

Again, so sorry for the misunderstanding. Thanks.

While I was running the OTL the following came up. Avira had the following message:

Malware Found.
A virus of unwanted program ' TR/Fake.Ream.327' was found in file C:\Document & Setting\....\MQY.exe access was denied.
I selected to remove it.

Here is the OTL you requested.

OTL logfile created on: 4/17/2011 8:05:40 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Melanie.MELANIE-BFC6A70\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 86.89 Gb Free Space | 67.88% Space Free | Partition Type: NTFS
Drive F: | 74.53 Gb Total Space | 65.24 Gb Free Space | 87.53% Space Free | Partition Type: NTFS

Computer Name: BASEMENT | User Name: Melanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/17 20:05:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\My Documents\Downloads\OTL.exe
PRC - [2011/04/17 13:48:05 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/23 17:19:40 | 000,221,184 | ---- | M] (SnoopFree Software) -- C:\WINDOWS\SnoopFreeUI.exe
PRC - [2011/03/23 17:19:40 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SnoopFreeSvc.exe
PRC - [2011/03/16 18:24:21 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/02/17 06:21:58 | 002,190,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/11 06:25:52 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:48 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/08 05:32:46 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/03 12:28:51 | 000,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2008/12/09 17:09:30 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2005/09/06 23:11:16 | 000,035,840 | ---- | M] (Dassault Systemes) -- F:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
PRC - [2004/08/03 20:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/17 20:05:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\My Documents\Downloads\OTL.exe
MOD - [2011/03/23 17:19:40 | 000,045,056 | ---- | M] () -- C:\WINDOWS\SnoopFreeDll.dll
MOD - [2004/08/03 20:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/03/30 17:06:33 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011/03/23 17:19:40 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\SnoopFreeSvc.exe -- (SnoopFreeSvc)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/05/28 14:31:50 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/05/28 17:23:54 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/04/03 12:28:51 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2009/03/19 11:31:52 | 000,083,240 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2008/12/09 17:09:30 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2005/09/06 23:11:16 | 000,035,840 | ---- | M] (Dassault Systemes) [Auto | Running] -- F:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)


========== Driver Services (SafeList) ==========

DRV - [2011/04/17 20:01:14 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2011/03/30 17:17:22 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/03/23 17:19:40 | 000,009,472 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SnopFree.sys -- (SnoopFree)
DRV - [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:54:00 | 000,296,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/19 04:32:56 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/03 00:21:08 | 004,630,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/04/03 12:28:52 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2008/08/27 05:22:24 | 004,754,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/25 23:28:10 | 003,684,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtHDMI.sys -- (RTHDMIAzAudService)
DRV - [2008/08/07 07:14:56 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/04/16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2003/07/11 08:22:08 | 000,014,912 | ---- | M] (IBM) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\LUMDriver.sys -- (LUMDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-220523388-484061587-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cnnfn.com/
IE - HKU\S-1-5-21-220523388-484061587-839522115-1003\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKU\S-1-5-21-220523388-484061587-839522115-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-220523388-484061587-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://cnnfn.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4dab458a&v=6.103.018.001&i=26&tp=ab&iy=b&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 59455
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/07/30 15:54:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/17 15:54:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/04/17 15:54:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/17 13:48:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/17 15:21:41 | 000,000,000 | ---D | M]

[2009/04/03 12:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Application Data\Mozilla\Extensions
[2011/04/17 16:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Application Data\Mozilla\Firefox\Profiles\epymvchh.default\extensions
[2011/04/17 16:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/17 15:21:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/17 15:54:39 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/04/17 15:54:49 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.103.018.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/04/17 15:21:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/17 15:21:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/03/12 15:16:54 | 000,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll

O1 HOSTS File: ([2011/04/15 08:23:06 | 000,432,350 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14883 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-220523388-484061587-839522115-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SnoopFreeUI] C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software)
O4 - HKU\S-1-5-21-220523388-484061587-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-484061587-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 0469760337 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-220523388-484061587-839522115-1003 Winlogon: Shell - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/03 07:05:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/01 11:36:53 | 000,000,000 | ---D | M] - F:\Autocad 2004 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: ipv6sdtc - (C:\WINDOWS\edliarts.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/17 17:33:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Avira
[2011/04/17 17:33:08 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/04/17 17:33:05 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/04/17 17:33:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/04/17 17:33:05 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/04/17 17:33:05 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/04/17 17:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/17 17:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
[2011/04/17 15:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
[2011/04/17 15:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG 2011
[2011/04/17 15:53:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/04/17 15:22:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2011/04/17 15:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/17 15:21:41 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/17 15:21:41 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/17 15:21:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/17 15:21:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/17 15:21:41 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/17 09:50:33 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\OTL.exe
[2011/04/16 22:34:08 | 012,580,112 | ---- | C] (Mozilla) -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\Firefox Setup 4.0.exe
[2011/04/16 22:31:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox
[2011/04/16 22:29:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\IECompatCache
[2011/04/16 21:41:58 | 010,687,672 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\SUPERAntiSpyware(2).exe
[2011/04/16 21:32:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Recent
[2011/04/16 21:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Local Settings\Application Data\AVG Security Toolbar
[2011/04/16 08:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Application Data\AVG10
[2011/04/16 08:37:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2011/04/16 08:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG10
[2011/04/16 08:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/04/16 08:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2011/04/16 08:25:38 | 005,497,592 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\avg_avct_stb_all_2011_1321_ppc2.exe
[2011/04/15 18:05:16 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\HijackThis.exe
[2011/04/15 17:56:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/04/15 15:35:53 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/04/08 20:38:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\concert jphotos
[2011/03/30 17:17:22 | 000,134,480 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys
[2011/03/29 19:03:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\Paiges Camera photos
[2011/03/26 21:47:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/03/23 17:19:40 | 000,221,184 | ---- | C] (SnoopFree Software) -- C:\WINDOWS\SnoopFreeUI.exe
[2011/03/23 17:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SnoopFree Privacy Shield
[2011/03/20 11:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\Melanies Business Start-up
[2009/04/03 14:42:42 | 001,531,392 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Application Data\tsdnwin.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users.WINDOWS\Application Data\*.tmp files -> C:\Documents and Settings\All Users.WINDOWS\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/17 20:05:27 | 000,456,634 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/17 20:05:27 | 000,075,414 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/17 20:01:14 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2011/04/17 20:00:55 | 000,000,314 | -HS- | M] () -- C:\WINDOWS\tasks\subljcbvzm.job
[2011/04/17 20:00:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/17 17:33:20 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Avira AntiVir Control Center.lnk
[2011/04/17 15:59:16 | 112,641,638 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/04/17 15:54:43 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 2011.lnk
[2011/04/17 15:21:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/17 15:21:27 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/17 15:21:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/17 15:21:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/17 15:21:27 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/17 09:50:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\OTL.exe
[2011/04/17 09:49:19 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\rkill.com
[2011/04/17 09:38:37 | 000,474,817 | ---- | M] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\AVGInstLog.cab
[2011/04/17 09:32:24 | 000,000,177 | ---- | M] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\rk-proxy.reg
[2011/04/17 09:30:25 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\rkill.exe
[2011/04/16 22:31:36 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/16 22:31:36 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2011/04/16 21:42:42 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 21:42:26 | 010,687,672 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\SUPERAntiSpyware(2).exe
[2011/04/16 21:36:43 | 000,000,158 | ---- | M] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Application Data\default.pls
[2011/04/16 21:36:36 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/16 21:34:55 | 012,580,112 | ---- | M] (Mozilla) -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\Firefox Setup 4.0.exe
[2011/04/16 08:25:51 | 005,497,592 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\avg_avct_stb_all_2011_1321_ppc2.exe
[2011/04/15 18:29:07 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\zlf3hop2.exe
[2011/04/15 18:06:45 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\47t9y3h4.exe
[2011/04/15 18:05:14 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\HijackThis.exe
[2011/04/15 17:05:20 | 148,511,688 | ---- | M] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\4-15-2011.reg
[2011/04/15 16:45:11 | 000,017,702 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\1605731243
[2011/04/15 16:45:10 | 000,017,702 | -HS- | M] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Local Settings\Application Data\1605731243
[2011/04/15 15:15:24 | 000,002,436 | ---- | M] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Application Data\60C2.93E
[2011/04/15 14:53:32 | 000,238,704 | -HS- | M] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Local Settings\Application Data\mqy.exe
[2011/04/15 08:23:06 | 000,432,350 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/15 03:02:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/11 10:24:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/06 07:42:47 | 000,432,350 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110415-082306.backup
[2011/04/02 18:42:37 | 000,000,481 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011/04/02 17:09:54 | 000,000,026 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2011/03/31 08:53:15 | 002,001,051 | ---- | M] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\Washer Use and Care Guide - 8183090.pdf
[2011/03/31 08:42:56 | 000,002,385 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SolidWorks 2009 SP3.0.lnk
[2011/03/30 17:17:22 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys
[2011/03/30 08:05:17 | 000,431,590 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110406-074247.backup
[2011/03/23 17:25:44 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2011/03/23 17:19:40 | 000,221,184 | ---- | M] (SnoopFree Software) -- C:\WINDOWS\SnoopFreeUI.exe
[2011/03/23 17:19:40 | 000,090,112 | ---- | M] () -- C:\WINDOWS\System32\SnoopFreeSvc.exe
[2011/03/23 17:19:40 | 000,045,056 | ---- | M] () -- C:\WINDOWS\SnoopFreeDll.dll
[2011/03/23 17:19:40 | 000,009,472 | ---- | M] () -- C:\WINDOWS\System32\drivers\SnopFree.sys
[2011/03/23 10:06:26 | 000,431,458 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110330-070517.backup
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users.WINDOWS\Application Data\*.tmp files -> C:\Documents and Settings\All Users.WINDOWS\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/17 17:33:20 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Avira AntiVir Control Center.lnk
[2011/04/17 15:59:16 | 112,641,638 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/04/17 15:54:43 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 2011.lnk
[2011/04/17 09:49:19 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\rkill.com
[2011/04/17 09:38:37 | 000,474,817 | ---- | C] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\AVGInstLog.cab
[2011/04/17 09:32:24 | 000,000,177 | ---- | C] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\rk-proxy.reg
[2011/04/17 09:30:24 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\rkill.exe
[2011/04/16 22:31:36 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/16 22:31:36 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2011/04/16 21:36:43 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Application Data\default.pls
[2011/04/16 21:36:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/15 18:29:07 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\zlf3hop2.exe
[2011/04/15 18:06:44 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\47t9y3h4.exe
[2011/04/15 17:03:37 | 148,511,688 | ---- | C] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\4-15-2011.reg
[2011/04/15 14:53:38 | 000,002,436 | ---- | C] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Application Data\60C2.93E
[2011/04/15 14:53:33 | 000,017,702 | -HS- | C] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Local Settings\Application Data\1605731243
[2011/04/15 14:53:33 | 000,017,702 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\1605731243
[2011/04/15 14:53:32 | 000,238,704 | -HS- | C] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Local Settings\Application Data\mqy.exe
[2011/04/15 14:15:24 | 000,000,314 | -HS- | C] () -- C:\WINDOWS\tasks\subljcbvzm.job
[2011/03/31 08:53:09 | 002,001,051 | ---- | C] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Desktop\Washer Use and Care Guide - 8183090.pdf
[2011/03/23 17:19:40 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SnoopFreeSvc.exe
[2011/03/23 17:19:40 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SnoopFreeDll.dll
[2011/03/23 17:19:40 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\SnopFree.sys
[2010/11/23 19:04:42 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\bd404cdn.dat
[2010/08/10 08:55:05 | 000,077,381 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/07/30 15:40:12 | 000,157,791 | ---- | C] () -- C:\WINDOWS\hpwins25.dat
[2010/07/30 15:40:12 | 000,000,403 | ---- | C] () -- C:\WINDOWS\hpwmdl25.dat
[2010/04/11 08:31:38 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BO405CDN.INI
[2010/02/10 14:46:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack16.INI
[2010/02/05 21:34:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/10 11:14:19 | 000,078,020 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/09 09:59:26 | 000,000,023 | ---- | C] () -- C:\WINDOWS\bo404cdn.ini
[2010/01/09 09:57:10 | 000,000,481 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/01/09 09:57:10 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/05/28 17:25:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2009/05/04 18:23:27 | 000,007,003 | ---- | C] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Application Data\PrimoPDFSet.xml
[2009/05/04 18:20:39 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/04/28 08:27:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/03 14:41:43 | 000,000,455 | ---- | C] () -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Application Data\SamsungLiveUpdateConfig.ini
[2009/04/03 12:06:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/03 10:00:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/04/03 09:56:24 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/04/03 09:56:19 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/04/03 09:56:18 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/04/03 09:56:18 | 000,201,875 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/04/03 09:56:18 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/04/03 09:40:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/03 09:35:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/04/03 04:29:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/03 04:27:05 | 000,356,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/21 04:40:00 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/10/21 04:40:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/04/28 12:13:33 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2007/02/05 14:24:28 | 000,018,271 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2007/02/05 14:24:26 | 000,099,999 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/01/03 11:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 11:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 11:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/03 21:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 10:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/17 07:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 16:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 16:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 16:00:00 | 000,456,634 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 16:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 16:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 16:00:00 | 000,075,414 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 16:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 16:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 16:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 16:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/04/17 08:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2009/04/03 08:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/28 14:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Autodesk
[2010/05/15 08:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Autodesk NavisWorks Freedom 2009
[2011/04/17 15:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
[2011/04/17 15:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG10
[2011/04/16 08:37:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2009/04/03 17:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DassaultSystemes
[2010/12/27 21:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Electronic Arts
[2010/11/24 19:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LightScribe
[2011/04/17 15:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2010/05/15 08:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NavisWorks 2009
[2011/04/15 08:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010/04/04 08:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/09 08:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/05/28 08:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Application Data\Autodesk
[2010/05/15 08:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Application Data\Autodesk NavisWorks Freedom 2009
[2011/04/16 08:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Application Data\AVG10
[2009/04/03 17:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Application Data\DassaultSystemes
[2010/09/23 17:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Application Data\IM
[2010/09/24 06:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Application Data\Stardock
[2009/05/28 17:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie.MELANIE-BFC6A70\Application Data\Windows Desktop Search
[2011/04/17 20:00:55 | 000,000,314 | -HS- | M] () -- C:\WINDOWS\Tasks\subljcbvzm.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
Bubby79-300
Active Member
 
Posts: 4
Joined: April 15th, 2011, 3:35 pm

Re: Computer Hijacked Help

Unread postby askey127 » April 18th, 2011, 8:04 am

Bubby79-300,
This machine has not been properly patched since 2008. Whether that has been due to a problem with the Windows key, I have no idea.
Microsoft has not supported or updated SP2 at all since July 2010.
So, this machine is missing hundreds of Windows patches, and in the process it has been picking up the infections those patches were designed to prevent.
The prospect of being able to Fix this machine is very poor.

In addition, Your logs would suggest this is not a normal Home computer.

I would suggest that you archive all critical files on another media, and get this machine reformatted, and Windows Re-Installed/updated, either by your company or a commercial PC shop.
We are choosing not to continue with this thread, and it will be closed.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 12 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware