Free Malware Removal Forum

[nouxman]

Ok , I ran everything as instructed, with the exception of the JAVA. I ended up with (jre-6u18-windos-i586-p.exe ) I was confused at that step. No bubbles , no troubles.


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ec563a3b318c0249b7831df02c3dccea
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-01-14 05:58:57
# local_time=2010-01-13 11:58:57 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1152970 1152970 0 0
# compatibility_mode=5121 16776869 100 96 3920515 15449350 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=99174
# found=2
# cleaned=0
# scan_time=4513
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.RF virus 00000000000000000000000000000000 I
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt Win32/TrojanDownloader.FakeAlert.AED virus 00000000000000000000000000000000 I



OTL logfile created on: 1/14/2010 5:40:58 PM - Run 2
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Scott\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 479.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.70 Gb Total Space | 43.42 Gb Free Space | 62.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D3RSHR91
Current User Name: Scott
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Documents and Settings\Scott\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\Avanquest\Fix-It\mxtask.exe (Avanquest Software)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe (Sunbelt Software)
PRC - C:\Program Files\Avanquest\Fix-It\MXTask2.exe (Avanquest Software)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Labtec Inc.)
PRC - C:\WINDOWS\system32\LVComS.exe (Labtec Inc.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Scott\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Avanquest\Fix-It\WinHook.dll (Avanquest Software)


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (Fix-It Task Manager) -- C:\Program Files\Avanquest\Fix-It\mxtask.exe (Avanquest Software)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (SBAMSvc) -- C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe (Sunbelt Software)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (hpqddsvc) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (NetSvc) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel(R) Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cli ... channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/01/09 18:50:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/01/05 12:07:37 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Labtec Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Labtec Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/14 17:39:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/01/14 17:38:25 | 27,386,280 | ---- | C] ( ) -- C:\Documents and Settings\Scott\Desktop\AdbeRdr920_en_US.exe
[2010/01/14 17:29:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/01/14 17:29:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/01/14 17:21:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Desktop\JavaRa
[2010/01/13 22:38:30 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/01/12 04:49:04 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/12 04:48:13 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\TFC.exe
[2010/01/12 04:30:56 | 00,000,000 | ---D | C] -- C:\ComboFix
[2010/01/10 13:25:06 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/10 13:22:37 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/10 13:22:36 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/10 13:22:36 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/10 13:22:36 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/10 13:21:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/10 13:16:55 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/09 00:08:04 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Scott\Desktop\mbam-setup.exe
[2010/01/08 18:15:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Events
[2010/01/08 17:58:59 | 00,069,936 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2010/01/08 17:58:58 | 00,013,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2010/01/08 17:56:52 | 00,202,928 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbtis.sys
[2010/01/08 17:52:24 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2010/01/08 17:47:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/08 13:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/08 13:11:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/04 19:08:58 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
[2010/01/01 16:14:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/01/01 16:13:54 | 00,000,000 | ---D | C] -- C:\Program Files\MumboJumbo
[2009/12/11 06:56:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/12/09 20:39:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/07/03 08:42:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/11/17 10:11:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/11/30 18:11:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2006/11/30 18:10:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/08/23 15:19:53 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Application Data\GTek
[2005/08/16 03:49:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/08/16 03:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/08/16 03:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/01/14 17:39:48 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/01/14 17:38:28 | 27,386,280 | ---- | M] ( ) -- C:\Documents and Settings\Scott\Desktop\AdbeRdr920_en_US.exe
[2010/01/14 17:34:41 | 00,024,987 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/01/14 17:34:35 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/14 17:32:23 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/14 17:32:11 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/14 17:31:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/14 17:31:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/14 17:31:20 | 10,717,96224 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/14 17:30:45 | 03,407,872 | -H-- | M] () -- C:\Documents and Settings\Scott\NTUSER.DAT
[2010/01/14 17:30:01 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Scott\ntuser.ini
[2010/01/14 17:20:38 | 00,071,798 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\JavaRa.zip
[2010/01/14 17:16:40 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/13 07:02:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/12 08:48:01 | 01,578,064 | -H-- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\IconCache.db
[2010/01/12 06:50:06 | 00,000,090 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/01/12 04:54:17 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Scott\Ÿ9Ÿ9
[2010/01/12 04:48:14 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\TFC.exe
[2010/01/12 04:41:54 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/12 04:30:27 | 03,820,715 | R--- | M] () -- C:\Documents and Settings\Scott\Desktop\ComboFix.exe
[2010/01/10 13:46:28 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/10 13:25:14 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2010/01/09 05:07:55 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Scott\Ÿ;Ÿ;
[2010/01/09 00:09:56 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/09 00:08:16 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Scott\Desktop\mbam-setup.exe
[2010/01/08 21:07:44 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\befoyaru
[2010/01/08 13:19:20 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 21:49:37 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Scott\settings.dat
[2010/01/06 21:48:14 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\RootRepeal.zip
[2010/01/04 19:18:46 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\5vrlwvzg.exe
[2010/01/04 19:08:59 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
[2010/01/03 09:15:15 | 00,726,146 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\avenger.zip
[2010/01/01 16:14:15 | 00,000,817 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\Discovery.lnk
[2010/01/01 16:09:44 | 00,000,913 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Zuma's Revenge!.lnk
[2010/01/01 01:00:11 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\befoyaru
[2010/01/14 17:39:47 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/01/14 17:20:37 | 00,071,798 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\JavaRa.zip
[2010/01/10 13:49:13 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\Ÿ9Ÿ9
[2010/01/10 13:25:14 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2010/01/10 13:25:09 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/10 13:22:37 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/10 13:22:36 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/10 13:22:36 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/10 13:22:36 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/10 13:22:36 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/10 13:09:31 | 03,820,715 | R--- | C] () -- C:\Documents and Settings\Scott\Desktop\ComboFix.exe
[2010/01/09 00:09:56 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/08 13:19:20 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/01/08 13:11:02 | 00,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/08 13:11:01 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/06 21:49:37 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\settings.dat
[2010/01/06 21:48:14 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\RootRepeal.zip
[2010/01/04 19:18:46 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\5vrlwvzg.exe
[2010/01/01 16:14:15 | 00,000,817 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\Discovery.lnk
[2010/01/01 16:09:44 | 00,000,913 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Zuma's Revenge!.lnk
[2009/12/21 17:17:09 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/10/16 02:07:33 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/09/17 09:39:01 | 00,018,089 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\editakyxad.bin
[2009/09/17 09:39:01 | 00,013,288 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kyquzizoca.lib
[2009/09/17 09:39:00 | 00,019,221 | ---- | C] () -- C:\WINDOWS\System32\vyjanugi.dll
[2009/09/17 09:22:04 | 00,019,226 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\nyfyhupaqe.dl
[2009/09/17 06:05:23 | 00,011,721 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\huzucexify.pif
[2008/01/21 09:53:07 | 00,000,761 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2007/07/19 18:54:58 | 00,017,191 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/07/19 18:54:33 | 00,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2007/07/14 07:09:01 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\PTTreeIcons.dll
[2007/01/10 20:23:15 | 00,000,204 | ---- | C] () -- C:\WINDOWS\WSOPDELX.INI
[2007/01/10 20:22:52 | 00,000,027 | ---- | C] () -- C:\WINDOWS\VPWIN.INI
[2007/01/01 14:10:41 | 00,001,716 | ---- | C] () -- C:\WINDOWS\yahtzee.ini
[2006/08/15 14:13:46 | 00,000,402 | ---- | C] () -- C:\Documents and Settings\Scott\Application Data\wklnhst.dat
[2006/05/14 11:47:37 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Scott\Application Data\dvd.bmk
[2006/04/29 13:18:21 | 00,001,981 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/04/13 18:48:46 | 00,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/06 20:52:40 | 00,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/06 17:58:39 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/06 17:40:05 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\fusioncache.dat
[2006/04/04 08:05:12 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/04 07:58:43 | 00,004,164 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/04 07:55:17 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/04 07:23:58 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 03:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 13:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/27 12:38:00 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[1999/01/27 12:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 06:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/12/30 08:53:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2007/09/22 16:09:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2005/08/16 19:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2010/01/01 16:14:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2006/07/04 20:10:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/12/30 14:46:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/04/04 07:50:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/02 10:14:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/02 14:05:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/12/30 09:00:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Avanquest
[2008/07/31 17:00:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Fisher-Price
[2006/07/03 13:26:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Image Zone Express
[2007/08/15 18:34:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\iWin
[2006/05/14 11:48:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Leadertech
[2006/08/21 14:04:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\UVU
[2007/04/01 09:03:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Viewpoint
[2009/12/15 01:08:30 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/01/01 01:00:11 | 00,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

[shinybeast]

Hi nouxman,

We still have some work to do.

RE: Java

Java was just updated, hence the different filename. From the last OTL log, it looks as if you went ahead and installed the latest Java.


CFScript

1. Open notepad (Start > Run... > type notepad and press enter)
2. Copy the text in the code box below and paste it into notepad.
   
   

   Code: Select all

   http://malwareremoval.com/forum/viewtopic.php?f=11&t=48444&start=0
   
   Collect::
   C:\Documents and Settings\All Users\Application Data\editakyxad.bin
   C:\Documents and Settings\All Users\Application Data\kyquzizoca.lib
   C:\WINDOWS\System32\vyjanugi.dll
   C:\Documents and Settings\All Users\Application Data\nyfyhupaqe.dl
   C:\Documents and Settings\All Users\Application Data\huzucexify.pif
   
   File::
   C:\Documents and Settings\Scott\Ÿ;Ÿ;
   C:\Documents and Settings\Scott\Ÿ9Ÿ9
   C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt
   
   Folder::
   C:\WINDOWS\System32\befoyaru
   

   
   
3. Save this as CFScript.txt in the same location as ComboFix.exe (should be your Desktop)
4. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   NOTE: To disable McAfee SecurityCenter
   
   • Locate McAfee icon in the system tray and double-click it to open McAfee SecurityCenter
   • Click Advanced Menu or Basic Menu in the lower left of the window.
   • Click Computer & Files, then click in the right pane.
   • Under Virus Protection is enabled, select (tick) Off
   • In the popup window, select Never in the drop-down menu, then click OK
   • Select (tick) Off for all other modules installed (Spyware, SystemGuard, etc.)
   • Click Advanced Menu or Basic Menu in the lower left of the window.
   • Click Internet & Network, then click in the right pane.
   • Under Firewall Protection is enabled, select (tick) Off
   • In the popup window, select Never in the drop-down menu, then click OK
   • Close McAfee SecurityCenter
   After tools have run and any necessary reboots have occurred, open McAfee SecurityCenter and click the button in the upper right of the window to enable protection.
   
   
   
   
5. Close any open browsers.
6. Referring to the picture above, drag CFScript.txt and drop it into ComboFix.exe
7. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. See NOTE below.

**NOTE**
When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

When the "Submit Files for further analysis" box pops up, ensure you are connected to the internet and click OK on the message box.


Update and Scan with MalwareBytes'

• Start MalwareBytes' Anti-Malware (MBAM)
• Click the Update tab, then click Check for Updates button
• Allow MBAM to check for and download updates, then click OK
• Click the Scanner tab and select (tick) Perform quick scan
• Click Scan to start then scan.
• When it finishes, click OK in the window that pops up and then click Show Results in the main window
• Check all items then click on Remove Selected.
• When the removal is complete, a logfile will open. Please copy and paste the entire contents of the logfile in your next reply. See NOTE below
• If necessary, the logfile can also be accessed by running Malwarebytes' and clicking the Log tab. Double-click the current log to open it.

NOTE: If Malwarebytes' encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let it proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent Malwarebytes' from removing all the malware.

Please include the ComboFix log (C:\ComboFix.txt) and the MalwareBytes' log in your next reply.

[nouxman]

I ran combofix and malwarebytes. The quick scan did not show anything had been detected.


ComboFix 10-01-11.03 - Scott 01/16/2010 14:35:59.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.475 [GMT -6:00]
Running from: c:\documents and settings\Scott\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Scott\Desktop\CFScript.txt
AV: Avanquest Fix-It *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\documents and settings\Scott\Ÿ;Ÿ;"
"c:\documents and settings\Scott\Ÿ9Ÿ9"
"c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt"

file zipped: c:\documents and settings\All Users\Application Data\editakyxad.bin
file zipped: c:\documents and settings\All Users\Application Data\huzucexify.pif
file zipped: c:\documents and settings\All Users\Application Data\kyquzizoca.lib
file zipped: c:\documents and settings\All Users\Application Data\nyfyhupaqe.dl
file zipped: c:\windows\System32\vyjanugi.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\editakyxad.bin
c:\documents and settings\All Users\Application Data\huzucexify.pif
c:\documents and settings\All Users\Application Data\kyquzizoca.lib
c:\documents and settings\All Users\Application Data\nyfyhupaqe.dl
c:\documents and settings\Scott\Ÿ;Ÿ;
c:\documents and settings\Scott\Ÿ9Ÿ9
c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt
c:\windows\System32\vyjanugi.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-16 to 2010-01-16 )))))))))))))))))))))))))))))))
.

2010-01-14 23:29 . 2010-01-14 23:29 -------- d-----w- c:\program files\Common Files\Java
2010-01-14 23:29 . 2010-01-14 23:29 503808 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-515c0bf0-n\msvcp71.dll
2010-01-14 23:29 . 2010-01-14 23:29 348160 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-515c0bf0-n\msvcr71.dll
2010-01-14 23:29 . 2010-01-14 23:29 61440 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-515c0bf0-n\decora-sse.dll
2010-01-14 23:29 . 2010-01-14 23:29 499712 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-515c0bf0-n\jmc.dll
2010-01-14 23:29 . 2010-01-14 23:29 12800 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-515c0bf0-n\decora-d3d.dll
2010-01-14 23:29 . 2010-01-14 23:29 315392 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-7b19be60-n\jogl.dll
2010-01-14 23:29 . 2010-01-14 23:29 20480 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-7b19be60-n\jogl_awt.dll
2010-01-14 23:29 . 2010-01-14 23:29 20480 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-39604fbd-n\gluegen-rt.dll
2010-01-14 23:29 . 2010-01-14 23:29 114688 ----a-w- c:\documents and settings\Scott\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-7b19be60-n\jogl_cg.dll
2010-01-14 23:28 . 2010-01-14 23:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-14 04:38 . 2010-01-14 04:38 -------- d-----w- c:\program files\ESET
2010-01-12 23:40 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 19:42 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2010-01-10 19:42 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2010-01-09 13:01 . 2010-01-10 21:02 -------- d-----w- c:\documents and settings\Nikki\Application Data\Avanquest
2010-01-09 00:15 . 2010-01-09 00:15 -------- d-----w- c:\windows\system32\Events
2010-01-08 23:58 . 2009-08-11 01:10 69936 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2010-01-08 23:58 . 2009-05-13 23:30 13360 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2010-01-08 23:56 . 2008-10-09 15:48 202928 ----a-w- c:\windows\system32\drivers\sbtis.sys
2010-01-08 23:47 . 2010-01-08 23:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-08 19:16 . 2010-01-08 19:16 -------- d-----w- c:\documents and settings\Nikki\Local Settings\Application Data\Temp
2010-01-08 19:16 . 2010-01-08 19:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-01-08 19:11 . 2010-01-08 19:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-01-07 03:49 . 2010-01-07 03:49 0 ----a-w- c:\documents and settings\Scott\settings.dat
2010-01-01 22:14 . 2010-01-01 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2010-01-01 22:13 . 2010-01-01 22:13 -------- d-----w- c:\program files\MumboJumbo
2009-12-30 22:00 . 2009-12-31 15:54 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-30 21:27 . 2009-12-30 21:27 -------- d-----w- c:\program files\Trend Micro
2009-12-30 20:36 . 2009-12-30 20:36 -------- d-----w- c:\documents and settings\Scott\Local Settings\Application Data\Threat Expert
2009-12-30 20:26 . 2009-12-30 20:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-30 20:10 . 2009-12-30 20:10 0 ----a-w- C:\backup.reg
2009-12-30 20:10 . 2009-12-30 20:10 574 ----a-w- C:\cleanup.bat
2009-12-30 20:10 . 2009-12-30 20:10 135168 ----a-w- C:\zip.exe
2009-12-30 14:53 . 2009-12-30 14:53 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Avanquest
2009-12-30 14:52 . 2009-12-30 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Avanquest
2009-12-30 14:51 . 2009-12-30 14:51 -------- d-----r- C:\_Backup.RC
2009-12-30 14:51 . 2010-01-15 23:55 -------- d-----w- C:\_Backup
2009-12-30 14:49 . 2009-12-30 15:00 -------- d-----w- c:\documents and settings\Scott\Application Data\Avanquest
2009-12-30 14:49 . 2010-01-09 00:11 -------- d-----w- c:\program files\Common Files\AntiVirus
2009-12-30 14:49 . 2009-12-30 14:49 -------- d-----w- c:\program files\Avanquest
2009-12-20 23:31 . 2009-12-21 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-20 23:31 . 2009-12-21 04:38 -------- d-----w- c:\program files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 02:45 . 2008-06-27 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-15 18:23 . 2006-04-08 19:38 51044 ----a-w- c:\documents and settings\Nikki\Application Data\wklnhst.dat
2010-01-14 23:39 . 2006-04-08 05:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 23:27 . 2006-04-04 13:42 -------- d-----w- c:\program files\Java
2010-01-12 12:50 . 2006-04-13 22:48 90 ----a-w- c:\windows\popcinfo.dat
2010-01-09 14:47 . 2004-08-04 03:59 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-01-09 06:10 . 2009-05-13 01:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-08 19:18 . 2006-04-04 14:00 -------- d-----w- c:\program files\Google
2010-01-07 22:07 . 2009-05-13 01:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-05-13 01:45 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 22:09 . 2008-07-26 22:31 -------- d-----w- c:\program files\PopCap Games
2009-12-31 15:55 . 2006-04-04 13:58 -------- d-----w- c:\program files\McAfee
2009-12-31 14:38 . 2009-09-17 15:30 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-30 19:09 . 2007-05-18 00:02 -------- d-----w- c:\program files\QuickTime
2009-12-21 04:52 . 2009-12-30 19:50 264390 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-12-17 06:17 . 2006-04-04 13:55 -------- d-----w- c:\program files\Microsoft Digital Image 2006
2009-12-17 06:12 . 2006-04-04 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\GTek
2009-12-11 12:56 . 2009-12-11 12:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-12-10 02:39 . 2008-10-06 03:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-12-07 04:07 . 2006-04-04 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-21 15:51 . 2005-08-16 09:18 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-16 16:03 . 2009-11-16 16:03 53076 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-02 15:59 . 2009-11-02 15:59 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 07:45 . 2005-08-16 09:18 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2005-08-16 09:18 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2005-08-16 09:18 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 04:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-06-25 00:03 . 2006-04-07 02:52 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-01-12_10.41.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-15 09:20 . 2010-01-15 09:20 16384 c:\windows\Temp\Perflib_Perfdata_27c.dat
- 2005-08-16 09:18 . 2009-06-16 14:36 81920 c:\windows\system32\fontsub.dll
+ 2005-08-16 09:18 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll
- 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-06-16 14:36 . 2009-10-15 16:28 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2010-01-12 14:18 . 2010-01-16 18:00 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-04-06 23:20 . 2010-01-16 18:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-04-06 23:20 . 2010-01-12 10:17 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-01-11 00:14 . 2010-01-12 10:17 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-01-11 00:14 . 2010-01-16 18:00 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-08-16 09:18 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
- 2005-08-16 09:18 . 2009-06-16 14:36 119808 c:\windows\system32\t2embed.dll
+ 2010-01-14 23:28 . 2010-01-14 23:27 153376 c:\windows\system32\javaws.exe
+ 2010-01-14 23:28 . 2010-01-14 23:27 145184 c:\windows\system32\javaw.exe
+ 2010-01-14 23:28 . 2010-01-14 23:27 145184 c:\windows\system32\java.exe
- 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-06-16 14:36 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2010-01-14 23:29 . 2010-01-14 23:29 178176 c:\windows\Installer\a458b4c.msi
+ 2010-01-14 23:27 . 2010-01-14 23:27 577536 c:\windows\Installer\a458b47.msi
+ 2010-01-14 23:40 . 2010-01-14 23:40 3940352 c:\windows\Installer\76f93.msi
+ 2010-01-15 09:00 . 2010-01-04 22:17 29634504 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-17 106496]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-02-12 188416]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-02-12 77824]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-4 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-26 03:27 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-04-22 12:57 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Avanquest\\Fix-It\\Fix-It.exe"=

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [1/8/2010 5:58 PM 13360]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/5/2009 3:58 PM 93872]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [1/8/2010 5:56 PM 202928]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/5/2008 5:39 PM 93320]
R2 SBAMSvc;Fix-It;c:\program files\Common Files\AntiVirus\SBAMSvc.exe [9/8/2009 1:46 PM 1012040]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [1/8/2010 5:58 PM 69936]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/8/2010 1:10 PM 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-01-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-25 11:35]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 19:10]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 19:10]

2010-01-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-04-21 17:22]

2010-01-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-04-21 17:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-16 14:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'winlogon.exe'(1464)
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-01-16 14:47:19
ComboFix-quarantined-files.txt 2010-01-16 20:47
ComboFix2.txt 2010-01-12 10:45
ComboFix3.txt 2010-01-10 19:56

Pre-Run: 46,416,986,112 bytes free
Post-Run: 46,597,783,552 bytes free

- - End Of File - - 5613339834117EE87F23166E674A4686
Upload was successful



Malwarebytes' Anti-Malware 1.44
Database version: 3579
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/16/2010 3:12:14 PM
mbam-log-2010-01-16 (15-12-14).txt

Scan type: Quick Scan
Objects scanned: 131490
Time elapsed: 8 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[shinybeast]

Hi nouxman,

Things are looking pretty good. Please address the issue below and post a new OTL log for a final check.


Multiple Anti-Virus

I strongly suggest you uninstall Avanquest Fix-It as having more than one anti-virus program can slow the system and make it unstable and provides no additional security. In fact, in can decrease the security of the computer.


OTL Quick Scan

• Double-click OTL.exe to start the program
• Click Quick Scan to start the scan
• Once it is finished, a log will open (OTL.txt)
• Please copy and paste the contents of OTL.txt in your next reply.

[nouxman]

We have not been happy with mcafee, Several trojans have slipped passed mcafee. Do you have any recomendations? Right now we have only fix-it actively scaning..


OTL logfile created on: 1/20/2010 6:58:13 AM - Run 3
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Scott\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 467.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.70 Gb Total Space | 43.06 Gb Free Space | 61.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D3RSHR91
Current User Name: Scott
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Documents and Settings\Scott\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\Avanquest\Fix-It\mxtask.exe (Avanquest Software)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe (Sunbelt Software)
PRC - C:\Program Files\Avanquest\Fix-It\MXTask2.exe (Avanquest Software)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe (Yahoo! Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Labtec Inc.)
PRC - C:\WINDOWS\system32\LVComS.exe (Labtec Inc.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Scott\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (Fix-It Task Manager) -- C:\Program Files\Avanquest\Fix-It\mxtask.exe (Avanquest Software)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (SBAMSvc) -- C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe (Sunbelt Software)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (hpqddsvc) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (NetSvc) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel(R) Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cli ... channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/01/09 18:50:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/01/05 12:07:37 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Labtec Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Labtec Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/16 18:14:05 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/14 17:39:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/01/14 17:38:25 | 27,386,280 | ---- | C] ( ) -- C:\Documents and Settings\Scott\Desktop\AdbeRdr920_en_US.exe
[2010/01/14 17:29:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/01/14 17:29:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/01/14 17:21:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Desktop\JavaRa
[2010/01/13 22:38:30 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/01/12 04:48:13 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\TFC.exe
[2010/01/10 13:25:06 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/10 13:22:37 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/10 13:22:36 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/10 13:22:36 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/10 13:22:36 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/10 13:21:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/10 13:16:55 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/09 00:08:04 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Scott\Desktop\mbam-setup.exe
[2010/01/08 18:15:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Events
[2010/01/08 17:58:59 | 00,069,936 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2010/01/08 17:58:58 | 00,013,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2010/01/08 17:56:52 | 00,202,928 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbtis.sys
[2010/01/08 17:52:24 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2010/01/08 17:47:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/08 13:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/08 13:11:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/12/11 06:56:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/12/09 20:39:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/07/03 08:42:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/11/17 10:11:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/11/30 18:11:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2006/11/30 18:10:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/08/23 15:19:53 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Application Data\GTek
[2005/08/16 03:49:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/08/16 03:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/08/16 03:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/01/20 07:02:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/20 06:35:04 | 00,025,365 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/01/20 06:16:27 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/20 00:57:12 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/19 13:16:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/18 18:35:10 | 00,073,592 | ---- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/18 18:34:56 | 00,000,952 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/01/17 09:09:41 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/16 16:43:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/16 16:42:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/16 16:42:57 | 10,717,96224 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/16 14:45:18 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/15 03:19:27 | 03,407,872 | -H-- | M] () -- C:\Documents and Settings\Scott\NTUSER.DAT
[2010/01/15 03:18:45 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Scott\ntuser.ini
[2010/01/15 03:18:36 | 04,285,590 | -H-- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\IconCache.db
[2010/01/15 03:03:23 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/15 01:14:23 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/01/14 17:38:28 | 27,386,280 | ---- | M] ( ) -- C:\Documents and Settings\Scott\Desktop\AdbeRdr920_en_US.exe
[2010/01/14 17:20:38 | 00,071,798 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\JavaRa.zip
[2010/01/12 06:50:06 | 00,000,090 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/01/12 04:48:14 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\TFC.exe
[2010/01/12 04:30:27 | 03,820,715 | R--- | M] () -- C:\Documents and Settings\Scott\Desktop\ComboFix.exe
[2010/01/10 13:46:28 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/10 13:25:14 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2010/01/09 00:09:56 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/09 00:08:16 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Scott\Desktop\mbam-setup.exe
[2010/01/08 21:07:44 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\befoyaru
[2010/01/08 13:19:20 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 21:49:37 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Scott\settings.dat
[2010/01/06 21:48:14 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\RootRepeal.zip

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\befoyaru
[2010/01/14 17:20:37 | 00,071,798 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\JavaRa.zip
[2010/01/10 13:25:14 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2010/01/10 13:25:09 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/10 13:22:37 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/10 13:22:36 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/10 13:22:36 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/10 13:22:36 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/10 13:22:36 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/10 13:09:31 | 03,820,715 | R--- | C] () -- C:\Documents and Settings\Scott\Desktop\ComboFix.exe
[2010/01/09 00:09:56 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/08 13:19:20 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/01/08 13:11:02 | 00,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/08 13:11:01 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/06 21:49:37 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\settings.dat
[2010/01/06 21:48:14 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\RootRepeal.zip
[2009/12/21 17:17:09 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/10/16 02:07:33 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/01/21 09:53:07 | 00,000,761 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2007/07/19 18:54:58 | 00,017,191 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/07/19 18:54:33 | 00,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2007/07/14 07:09:01 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\PTTreeIcons.dll
[2007/01/10 20:23:15 | 00,000,204 | ---- | C] () -- C:\WINDOWS\WSOPDELX.INI
[2007/01/10 20:22:52 | 00,000,027 | ---- | C] () -- C:\WINDOWS\VPWIN.INI
[2007/01/01 14:10:41 | 00,001,716 | ---- | C] () -- C:\WINDOWS\yahtzee.ini
[2006/08/15 14:13:46 | 00,000,402 | ---- | C] () -- C:\Documents and Settings\Scott\Application Data\wklnhst.dat
[2006/05/14 11:47:37 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Scott\Application Data\dvd.bmk
[2006/04/29 13:18:21 | 00,001,981 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/04/13 18:48:46 | 00,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/06 20:52:40 | 00,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/06 17:58:39 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/06 17:40:05 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\fusioncache.dat
[2006/04/04 08:05:12 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/04 07:58:43 | 00,004,164 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/04 07:55:17 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/04 07:23:58 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 03:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 13:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/27 12:38:00 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[1999/01/27 12:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 06:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/12/30 08:53:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2007/09/22 16:09:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2005/08/16 19:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2010/01/01 16:14:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2006/07/04 20:10:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/12/30 14:46:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/04/04 07:50:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/02 10:14:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/02 14:05:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/12/30 09:00:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Avanquest
[2008/07/31 17:00:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Fisher-Price
[2006/07/03 13:26:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Image Zone Express
[2007/08/15 18:34:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\iWin
[2006/05/14 11:48:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Leadertech
[2006/08/21 14:04:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\UVU
[2007/04/01 09:03:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Viewpoint
[2010/01/15 01:14:23 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

[shinybeast]

Hi nouxman,


For some reason, a folder did not get deleted with the last CFScript. Locate and delete the folder below.

Delete Files and Folders

In Explorer (right-click Start, left-click Explore), navigate to and delete the following folder

C:\WINDOWS\System32\befoyaru


There is no perfect solution to preventing malware. There is new malware created constantly and no security software can possibly keep you totally secure. AV Comparatives does independent tests and you can look over what they have found and make your own decision. The best way to prevent malware from getting on your computer is to have good online habits and follow the recommendations below.

As for free security software, I can recommend:

Anti-virus

Avast! Home Edition
Avira AntiVir
Microsoft Security Essentials

Firewall

Online-Armor by Tall Emu
Outpost Firewall by Agnitum
PC Tools Firewall Plus

The important thing to keep in mind is that you want only ONE anti-virus running and ONE firewall running at a time.


If you decide to remove McAfee, use the following method to clean up after uninstalling it.

• Click here to download the McAfee removal tool and save to a convenient location.
• Close all McAfee windows and double-click MCPR.exe to run the tool.
• Reboot the computer when "CleanUp Successful" appears to complete removal.

Uninstall ComboFix

Click Start, click Run..., copy the below bolded text and paste it in the Open: box and click OK.

ComboFix /Uninstall

ComboFix will uninstall and clean up after itself.


OTL Cleanup

Please run OTL which should still be on your desktop
In the upper right click CleanUp
This will delete OTL and will clean up after it.


Delete the randomly named GMER file from your desktop as well as the RootRepeal files.


Your logs are clean!


Implementing the following suggestions will greatly reduce your chances of malware problems in the future.

Update Windows

It is important to keep Windows and Microsoft programs updated to close vulnerabilities as they are discovered.

I suggest that you occasionally visit Microsoft Update and install all important updates. Please visit Microsoft Update as soon as possible as described below.

Close all windows and temporarily disable your anti-virus (usually through a tray icon)

Use Internet Explorer to visit this site: http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-US

Once the page loads follow instructions to install all critical updates. You may need to repeat this process until fully updated.

I encourage you to use Automatic Updates. Information can be found at How to configure and use Automatic Updates in Windows XP


Keep installed programs up to date

Anti-virus
Most important is keeping your anti-virus software up to date. An out of date anti-virus is not much better than no anti-virus. If your anti-virus is not set to update automatically (preferred), it is imperative that you occasionally update it manually. You usually can accomplish this through a tray icon.

Update Other Vulnerable Software
Malware writers are increasingly targeting vulnerabilities in commonly used applications. There are several online sites which will scan your computer for outdated software. I've listed two below. I recommend occasionally visiting and scanning your computer to detect vulnerable software that should be updated.
Secunia Online Software Inspector
F-Secure Health Check

Mozilla Firefox Plug-in Check
If using Firefox, Click here to visit Mozilla, check your plug-ins and update them as necessary.


Best Practices for Email and Downloaded Files.

• Do not read emails from unknown sources.
• Make it a habit to never open email attachments from anyone, including people you know, unless you absolutely have to. If you need to open an attachment, scan it with your anti-virus before you open it.
• Do not use Peer to Peer software to "share" media and software. You will get more than you expected and the "bonus" will not be something you want and will bring you back seeking help.
• Do not use keygens or hacked software. First, it is stealing. Second, it is almost always infected with something. If you cannot afford to buy something, there is likely a free alternative that will be a good substitute. Search around and seek out advice from a trusted forum. Most will be glad to tell you of their favorite free program that performs the job you want done.

Additional Protection Programs

The programs listed below are excellent for improving your computer's security.

WinPatrol by Bill Pytlovany - "WinPatrol is a multi-purpose utility designed to increase performance and protect against unwanted changes." Information on it's many features can be found here

MVPS Hosts file - A replacement HOSTS file that redirects known malicious and ad serving sites to the localhost, thus preventing connection to them.
Note: MVPS Hosts file can sometimes slow down the computer so read the information on the site to mitigate this effect.

I encourage you to check out Tony Klein's article "How did I get infected in the first place?"
and miekiemoes' article "How to prevent Malware:"

If you have any questions about these suggestions, I would be happy to answer them.

Regards,
shinybeast

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

[nouxman]

Thank you for your help Shinybeast. You are doing good work here. I shall sing your name from the highest mountain top!!!!

(not alot of mountains in mississippi tho. ) Thank you so much.

[shinybeast]

You are very welcome, nouxman.
Take care and stay safe.

[Dakeyras]

As this topic is resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.