Infected and can't get on Internet

3 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Infected and can't get on Internet19th January 2011, 10:29 pm

I can't get onto the internet to update and run any anti-virus software so my computer is infected and not secured. How can I remove the problems and get the Internet back running?

*******************************************************************************************
OTL logfile created on: 1/19/2011 10:52:24 AM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\mindy\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.00 Mb Total Physical Memory | 117.00 Mb Available Physical Memory | 31.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 13.28 Gb Free Space | 35.65% Space Free | Partition Type: NTFS
Drive E: | 979.98 Mb Total Space | 903.62 Mb Free Space | 92.21% Space Free | Partition Type: FAT32

Computer Name: MINDY-DB2QZ5SQ6 | User Name: mindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/19 12:00:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mindy\Desktop\OTL.com
PRC - [2008/10/07 07:23:46 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2007/07/03 13:50:21 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/23 08:36:19 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/11/14 11:25:02 | 000,057,344 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
PRC - [2005/01/21 16:04:42 | 000,163,840 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe
PRC - [2003/10/06 14:57:32 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2003/07/31 22:29:22 | 004,638,720 | ---- | M] (The Linksys Group, Inc.) -- C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
PRC - [2003/04/06 01:17:18 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2002/11/23 02:15:00 | 000,631,362 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe
PRC - [2002/11/21 09:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE

========== Modules (SafeList) ==========

MOD - [2011/01/19 12:00:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mindy\Desktop\OTL.com
MOD - [2006/08/25 07:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/03 23:56:43 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2003/10/06 14:57:50 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
MOD - [2002/11/23 02:15:00 | 000,004,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\itchhk.dll
MOD - [2002/11/21 09:50:00 | 000,023,552 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2002/11/21 09:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2003/07/29 13:41:42 | 000,458,752 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe -- (NICSer_WMP11)
SRV - [2003/03/09 12:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010/01/06 17:21:00 | 000,594,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2008/06/20 01:52:06 | 000,225,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2006/05/03 08:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/07 17:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 22:08:21 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 21:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/10/21 17:26:08 | 000,904,496 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/10/21 17:23:44 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2003/10/21 17:22:18 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003/10/14 11:17:56 | 000,332,800 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/10/13 17:42:12 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/10/08 10:09:10 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/10/08 10:08:12 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/10/08 10:06:50 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/10/08 10:06:04 | 000,366,160 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/09/20 08:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/02/12 14:29:00 | 000,166,272 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwl5.sys -- (BCM43XX)
DRV - [2002/12/13 00:06:40 | 000,129,875 | R--- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2002/11/14 18:15:00 | 000,012,640 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2002/11/08 01:50:00 | 000,070,238 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2002/11/08 01:50:00 | 000,052,238 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2002/10/15 00:00:00 | 000,101,431 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel(R)
DRV - [2002/10/15 00:00:00 | 000,013,891 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2000/10/15 17:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2004/12/05 20:40:22 | 000,272,672 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 00hq.com #[Adware.Winshow][Parasite.Winshow]
O1 - Hosts: 127.0.0.1 01.sharedsource.org
O1 - Hosts: 127.0.0.1 0190-dialer.com
O1 - Hosts: 127.0.0.1 03.sharedsource.org #[UDConnect Class]
O1 - Hosts: 127.0.0.1 05.sharedsource.org
O1 - Hosts: 127.0.0.1 05p.com
O1 - Hosts: 127.0.0.1 09.sharedsource.org
O1 - Hosts: 127.0.0.1 0cj.net
O1 - Hosts: 127.0.0.1 0-ol1oiz-xolxii1-oxli10ozl1l1-o-l-11-iizxp-l-0o-oll11iz0oil-ol.com
O1 - Hosts: 127.0.0.1 0websearch.com
O1 - Hosts: 127.0.0.1 1.marketbanker.com
O1 - Hosts: 127.0.0.1 1.primaryads.com
O1 - Hosts: 127.0.0.1 10.xxor.biz
O1 - Hosts: 127.0.0.1 1000stars.ru
O1 - Hosts: 127.0.0.1 1234.2bro.com #[Adware.Satbo]
O1 - Hosts: 127.0.0.1 123count.com
O1 - Hosts: 127.0.0.1 123go.com
O1 - Hosts: 127.0.0.1 123stat.com
O1 - Hosts: 127.0.0.1 13f15.ilxt.info
O1 - Hosts: 127.0.0.1 14713804A.l2m.net #[LiveTechnology]
O1 - Hosts: 127.0.0.1 17.sharedsource.org
O1 - Hosts: 127.0.0.1 171203.com
O1 - Hosts: 7557 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKCU..\Run: [Advanced Virus Remover] File not found
O4 - HKCU..\Run: [Esae] File not found
O4 - HKCU..\Run: [NBJ] File not found
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Shzaek] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-B PCI Adapter Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe (The Linksys Group, Inc.)
O4 - Startup: C:\Documents and Settings\mindy\Start Menu\Programs\Startup\RDP2009.lnk = C:\Program Files\Angle Interactive\RDP2009\RDP2009.exe (Angle Interactive)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} http://musicstore.connect.com/XSL/mb_us//html/activexplayer/SMALStreaming.cab (MALPlaybackCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: gihofoyes - {3e77f0d7-57c8-46d0-8c23-333374b13dba} - File not found
O22 - SharedTaskScheduler: {3e77f0d7-57c8-46d0-8c23-333374b13dba} - gahurihor - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\mindy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mindy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0c39daf0-2394-11e0-9fff-944452a09951}\Shell - "" = AutoRun
O33 - MountPoints2\{0c39daf0-2394-11e0-9fff-944452a09951}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c39daf0-2394-11e0-9fff-944452a09951}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{0c39daf1-2394-11e0-9fff-944452a09951}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dmb1 - m3jpeg32.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.MJPG - m3jpeg32.dll File not found
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2011/01/19 10:50:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mindy\Desktop\OTL.com
[2011/01/19 10:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/19 10:27:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/19 10:27:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/19 10:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/19 10:26:33 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\mindy\Desktop\mbam-setup-1.46.exe
[2011/01/19 10:17:11 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/19 10:17:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2011/01/19 10:16:59 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\mindy\Desktop\HJTInstall.exe
[2011/01/18 22:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mindy\Application Data\U3
[2011/01/18 22:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2011/01/18 22:10:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\{113016FE-E013-4FAF-85FB-8649DEED76B2}
[2004/11/08 12:33:44 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/19 12:00:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mindy\Desktop\OTL.com
[2011/01/19 10:39:47 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/19 10:39:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/19 10:39:24 | 402,161,664 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/19 10:38:30 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/01/19 10:38:30 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/01/19 10:38:30 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-00511102}.dat
[2011/01/19 10:38:30 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000004-00511102}.dat
[2011/01/19 10:38:29 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000004-00511102}.rfx
[2011/01/19 10:38:29 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000009-00001102-00000004-00511102}.rfx
[2011/01/19 10:38:29 | 000,027,408 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000004-00511102}.rfx
[2011/01/19 10:38:29 | 000,027,408 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000004-00511102}.rfx
[2011/01/19 10:38:16 | 003,162,278 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000004-00511102}.CDF
[2011/01/19 10:27:12 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/19 10:17:11 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\mindy\Desktop\HijackThis.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/19 10:27:12 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/19 10:17:11 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\mindy\Desktop\HijackThis.lnk
[2009/09/06 10:53:25 | 000,019,526 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ykefimid.sys
[2009/09/06 10:53:25 | 000,016,178 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pyxikava.bin
[2009/09/06 10:53:25 | 000,013,159 | ---- | C] () -- C:\Program Files\Common Files\ohixyz.vbs
[2009/09/06 10:53:25 | 000,012,907 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\divyzataf.dl
[2009/09/06 10:53:25 | 000,011,923 | ---- | C] () -- C:\Documents and Settings\mindy\Local Settings\Application Data\ezyheryjo.vbs
[2009/09/06 10:53:25 | 000,011,025 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\owylapi.bin
[2009/09/06 10:53:25 | 000,010,580 | ---- | C] () -- C:\Documents and Settings\mindy\Application Data\atebi.db
[2009/09/06 10:53:24 | 000,015,179 | ---- | C] () -- C:\Program Files\Common Files\ifuh.dll
[2009/09/06 10:53:24 | 000,014,907 | ---- | C] () -- C:\Documents and Settings\mindy\Application Data\gybezatyd.db
[2007/01/27 18:21:10 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/12/02 23:10:55 | 000,001,020 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2006/12/02 22:49:09 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/20 12:38:15 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/23 23:24:53 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/09/29 11:20:35 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/21 10:56:07 | 000,000,110 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2006/08/21 10:53:09 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2006/08/21 10:53:09 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2006/04/09 02:09:28 | 000,002,259 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/03/19 22:35:29 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2005/01/28 19:34:39 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\mindy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/11/16 15:30:42 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2004/11/09 21:30:55 | 000,000,188 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/11/08 12:33:48 | 000,043,492 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2004/11/08 12:33:48 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/11/08 12:33:44 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2004/11/08 12:33:44 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/11/08 11:52:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/08 01:45:56 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/11/07 17:15:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/03/09 12:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1999/03/21 17:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/11/08 01:28:30 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 02:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2004/06/01 10:35:20 | 000,417,792 | ---- | M] () -- C:\WINDOWS\PhotoShow.scr
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/01/19 10:02:31 | 000,001,610 | -H-- | M] () -- C:\Documents and Settings\mindy\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2005/01/11 13:42:22 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/11/24 18:44:17 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\mindy\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/11/08 01:34:34 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\mindy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2009/12/09 19:02:30 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\mindy\Desktop\HJTInstall.exe
[2010/11/08 15:15:46 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\mindy\Desktop\mbam-setup-1.46.exe

< %PROGRAMFILES%\Common Files\*.* >
[2009/09/06 10:53:24 | 000,015,179 | ---- | M] () -- C:\Program Files\Common Files\ifuh.dll
[2009/09/06 10:53:25 | 000,013,159 | ---- | M] () -- C:\Program Files\Common Files\ohixyz.vbs

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2005/01/11 14:03:15 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\mindy\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/11/07 17:12:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/11/07 17:12:57 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/11/07 17:12:56 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2003/03/31 04:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2003/03/31 04:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2003/03/31 04:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2003/03/31 04:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2003/03/31 04:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2003/03/31 04:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2003/03/31 04:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2003/03/31 04:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2003/03/31 04:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2003/03/31 04:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/05/17 14:43:02 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/05/17 14:43:07 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/05/17 14:43:04 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/05/17 14:43:09 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/05/17 14:43:06 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2000/10/15 17:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS
[2004/08/03 22:07:32 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2009/04/17 01:58:57 | 001,846,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2004/08/03 23:56:41 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2004/08/03 23:56:41 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2004/08/03 23:56:41 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2004/08/03 23:56:41 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2004/08/03 23:56:41 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2004/08/03 23:56:41 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2004/08/03 23:56:41 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2006/05/03 08:10:35 | 000,040,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2erec.dll
[2004/08/03 23:56:41 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2004/08/03 23:56:41 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2004/08/03 23:56:41 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2004/08/03 23:56:41 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2004/08/03 23:56:41 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2004/08/03 23:56:41 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2004/08/03 23:56:45 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2004/08/03 23:56:46 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %SYSTEMDRIVE%\*.* >
[2009/09/05 12:59:24 | 000,000,002 | ---- | M] () -- C:\1350494964
[2005/01/11 13:42:59 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2004/11/08 01:28:59 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/01/19 10:39:24 | 402,161,664 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/22 17:44:07 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2009/08/22 17:44:07 | 000,539,993 | ---- | M] () -- C:\hpfr3425.log
[2004/11/08 01:28:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004/11/08 01:28:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/01/11 13:35:59 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2005/01/11 13:35:59 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/01/19 10:39:22 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys
[2004/12/05 20:42:00 | 004,232,230 | ---- | M] (Skype Software S.A. ) -- C:\SkypeSetup.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %PROGRAMFILES%\*. >
[2006/05/16 20:02:02 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/09/28 00:16:59 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2009/09/06 10:33:30 | 000,000,000 | ---D | M] -- C:\Program Files\Angle Interactive
[2006/11/24 18:48:10 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2007/01/27 18:24:10 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2006/12/02 23:01:37 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2011/01/18 22:11:02 | 000,000,000 | ---D | M] -- C:\Program Files\Belkin
[2011/01/19 10:38:01 | 000,000,000 | ---D | M] -- C:\Program Files\Common
[2009/09/06 10:53:25 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/11/08 01:25:12 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2004/11/08 12:33:38 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2005/12/01 19:37:51 | 000,000,000 | ---D | M] -- C:\Program Files\exPressit S.E. 2.1
[2009/01/19 12:51:01 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2004/11/09 21:37:52 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2006/12/01 12:21:34 | 000,000,000 | ---D | M] -- C:\Program Files\HOTLLAMA Media
[2007/01/27 18:24:10 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2004/11/08 01:38:21 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/08/10 08:06:02 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/03/06 16:11:14 | 000,000,000 | ---D | M] -- C:\Program Files\KODAK
[2004/11/08 12:54:30 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2004/11/08 12:37:24 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys
[2004/11/16 15:28:36 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2011/01/19 10:27:12 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2006/08/21 10:53:09 | 000,000,000 | ---D | M] -- C:\Program Files\MARS
[2008/08/19 14:20:36 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2004/11/08 11:49:21 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2004/11/08 11:49:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2004/11/08 11:51:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2005/01/11 13:41:15 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/08/10 08:11:35 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2004/11/08 01:24:58 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/11/08 01:24:45 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/08/10 08:02:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2006/12/01 10:35:41 | 000,000,000 | ---D | M] -- C:\Program Files\MTV Networks
[2006/01/16 02:25:42 | 000,000,000 | ---D | M] -- C:\Program Files\Musicmatch
[2005/01/11 13:38:05 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2004/11/08 01:27:23 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/08/17 09:05:57 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2007/01/27 18:20:50 | 000,000,000 | ---D | M] -- C:\Program Files\Panasonic
[2006/02/11 21:30:22 | 000,000,000 | ---D | M] -- C:\Program Files\Philips
[2006/11/20 13:38:42 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/10/23 08:36:53 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/08/10 08:11:19 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2005/11/08 00:40:30 | 000,000,000 | ---D | M] -- C:\Program Files\Simple Star
[2011/01/19 10:17:11 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2004/11/08 01:34:20 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/09/29 16:42:08 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2004/12/01 22:15:23 | 000,000,000 | ---D | M] -- C:\Program Files\WebSecureAlert
[2006/12/01 10:31:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2006/12/01 10:31:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2005/01/11 13:37:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/11/08 01:24:59 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/09/29 16:17:51 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2008/01/05 22:16:37 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2004/11/08 01:29:24 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2008/10/30 13:50:19 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2009/09/06 10:53:25 | 000,010,580 | ---- | M] () -- C:\Documents and Settings\mindy\Application Data\atebi.db
[2004/11/07 17:14:33 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\mindy\Application Data\desktop.ini
[2009/09/06 10:53:24 | 000,014,907 | ---- | M] () -- C:\Documents and Settings\mindy\Application Data\gybezatyd.db

< MD5 for: AGP440.SYS >
[2005/01/11 13:31:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2005/01/11 13:31:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004/08/03 22:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/03 22:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
[2001/08/17 05:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2003/03/31 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2005/01/11 13:31:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2005/01/11 13:31:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2003/03/31 04:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2003/03/31 04:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2003/03/31 04:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 21:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2003/03/31 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2005/01/11 13:31:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2005/01/11 13:31:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2004/08/03 21:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2004/08/03 21:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/03 23:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

< MD5 for: IDECHNDR.SYS >
[2002/10/15 00:00:00 | 000,101,431 | ---- | M] (Intel Corporation) MD5=7D2B8BE9E89628663C1FB571F7C34062 -- C:\Program Files\Intel\Intel Application Accelerator\Driver\IdeChnDr.sys
[2002/10/15 00:00:00 | 000,101,431 | ---- | M] (Intel Corporation) MD5=7D2B8BE9E89628663C1FB571F7C34062 -- C:\WINDOWS\system32\drivers\IdeChnDr.sys

< MD5 for: LOGEVENT.DLL >
[2004/08/03 23:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\logevent.dll

< MD5 for: NETLOGON.DLL >
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2004/08/03 23:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/03 23:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/03 23:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2003/03/31 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2005/01/11 13:31:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2005/01/11 13:31:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2004/08/03 22:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2004/08/03 22:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-09-07 13:01:09

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$hf_mig$\KB932168\KB932168] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB933729\KB933729] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB943460\KB943460] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP140.tmp\ZAP140.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29A.tmp\ZAP29A.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP37C.tmp\ZAP37C.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP398.tmp\ZAP398.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\temp\temp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\tmp\tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Config\Config] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Connection Wizard\Connection Wizard] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\chsime\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\CHTIME\Applets\Applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imejp\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imejp98\imejp98] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imjp8_1\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imkr6_1\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imkr6_1\dicts\dicts] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\shared\res\res] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\java\classes\classes] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\java\trustlib\trustlib] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\msapps\msinfo\msinfo] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\ErrorRep\QHEADLES\QHEADLES] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\ErrorRep\QSIGNOFF\QSIGNOFF] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\ErrorRep\UserDumps\UserDumps] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\Config\News\News] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Registration\CRMLog\CRMLog] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\1025\1025] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\1028\1028] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\1031\1031] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\1037\1037] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\1041\1041] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\1042\1042] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\1054\1054] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\2052\2052] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\3076\3076] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\3com_dmi\3com_dmi] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\appmgmt\S-1-5-21-1645522239-1935655697-1343024091-1003\S-1-5-21-1645522239-1935655697-1343024091-1003] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Application Data] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\config\systemprofile\Recent\Recent] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\dhcp\dhcp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\drivers\disdn\disdn] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\export\export] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\LogFiles\WUDF\WUDF] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\mui\dispspec\dispspec] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\oobe\html\oemcust\oemcust] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\oobe\html\oemhw\oemhw] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\oobe\html\oemreg\oemreg] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\oobe\sample\sample] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\ShellExt\ShellExt] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\spool\PRINTERS\PRINTERS] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\wbem\mof\bad\bad] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\wbem\snmp\snmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\wins\wins] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\system32\xircom\xircom] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\WinSxS\InstallTemp\InstallTemp] -> \Device\__max++>\^ -> Mount Point

< End of report >

Re: Infected and can't get on Internet19th January 2011, 10:32 pm

OTL Extras logfile created on: 1/19/2011 10:52:24 AM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\mindy\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.00 Mb Total Physical Memory | 117.00 Mb Available Physical Memory | 31.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 13.28 Gb Free Space | 35.65% Space Free | Partition Type: NTFS
Drive E: | 979.98 Mb Total Space | 903.62 Mb Free Space | 92.21% Space Free | Partition Type: FAT32

Computer Name: MINDY-DB2QZ5SQ6 | User Name: mindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe" = C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime -- (Nero AG)
"C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader
"C:\My Downloads\WoW-BurningCrusade-enUS-Installer-downloader.exe" = C:\My Downloads\WoW-BurningCrusade-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.75
"{5C6956F3-B586-4674-BCD0-CCF7EC1DF766}" = Wireless-B PCI Adapter WLAN Monitor
"{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}" = ArcSoft PhotoImpression 4
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
"{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{BAE20F4A-96D7-4D96-966F-41D7E87786E0}" = Philips PSS Device Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1B3874F-3057-11D6-B2EA-0050BA18806B}" = Camera Driver
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"exPressit S.E. 2.1" = exPressit S.E. 2.1
"HijackThis" = HijackThis 2.0.2
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"InstallShield_{BAE20F4A-96D7-4D96-966F-41D7E87786E0}" = Philips PSS Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoShow Express" = PhotoShow Express
"RealPlayer 6.0" = RealPlayer
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >

Re: Infected and can't get on Internet20th January 2011, 1:52 am

Hi Becca,

Please download ComboFix Infected and can't get on Internet Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Infected and can't get on Internet Query_RC

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Infected and can't get on Internet RC_successful

Infected and can't get on Internet RC_successful

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Re: Infected and can't get on Internet20th January 2011, 3:37 am

Microsoft Windows Recovery Console is not installed and one of the problems I have is it won't let me get onto the internet so combofix can't connect to install the console.

What should I do?

Re: Infected and can't get on Internet20th January 2011, 3:59 am

I went ahead and ran it..

ComboFix 11-01-19.01 - mindy 01/19/2011 18:37:04.1.1 - x86
Running from: c:\documents and settings\mindy\Desktop\commy.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\mindy\Cookies\jequjuj.com
c:\program files\Common
c:\windows\system32\wnsintcc.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2010-12-20 to 2011-01-20 )))))))))))))))))))))))))))))))
.

2011-01-19 21:20 . 2011-01-19 21:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Sunbelt
2011-01-19 19:09 . 2011-01-19 19:09 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-01-19 19:08 . 2011-01-20 02:15 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-01-19 19:08 . 2011-01-19 19:08 -------- dc----w- c:\program files\Alwil Software
2011-01-19 18:27 . 2010-04-29 23:39 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-19 18:27 . 2011-01-19 18:27 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-19 18:27 . 2010-04-29 23:39 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-01-19 18:17 . 2011-01-19 18:17 -------- dc----w- c:\program files\Trend Micro
2011-01-19 06:19 . 2011-01-19 07:14 -------- dc----w- c:\documents and settings\mindy\Application Data\U3
2011-01-19 06:11 . 2011-01-19 06:11 -------- dc----w- c:\program files\Belkin
2011-01-19 06:10 . 2011-01-19 06:10 -------- dc----w- c:\windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 18:53 . 2009-09-06 18:53 13159 -c--a-w- c:\program files\Common Files\ohixyz.vbs
2009-09-06 18:53 . 2009-09-06 18:53 15179 -c--a-w- c:\program files\Common Files\ifuh.dll
.

------- Sigcheck -------

[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\eventlog.dll

c:\windows\System32\drivers\beep.sys ... is missing !!
c:\windows\System32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shzaek"="c:\windows\System32\l?ass.exe" [?]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-22 163840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-23 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-26 282624]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

c:\documents and settings\mindy\Start Menu\Programs\Startup\
RDP2009.lnk - c:\program files\Angle Interactive\RDP2009\RDP2009.exe [2009-6-29 1193408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-8 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-1-27 57344]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
Wireless-B PCI Adapter Utility.lnk - c:\program files\Linksys\WMP11 Config Utility\WMP11Cfg.exe [2004-11-8 4638720]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\My Downloads\\WoW-BurningCrusade-enUS-Installer-downloader.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-19 136176]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-07 594048]

.
Contents of the 'Scheduled Tasks' folder

2004-12-17 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2003-03-31 07:56]

2007-03-04 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8100065084.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 08:52]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-19 19:09]

2009-12-23 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Esae - c:\documents and settings\mindy\Application Data\aart.exe
HKCU-Run-NBJ - (no file)
SharedTaskScheduler-{3e77f0d7-57c8-46d0-8c23-333374b13dba} - c:\windows\system32\dujupesa.dll
SSODL-gihofoyes-{3e77f0d7-57c8-46d0-8c23-333374b13dba} - c:\windows\system32\dujupesa.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-19 18:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2356)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\windows\system32\IEFRAME.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\mshtml.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Completion time: 2011-01-19 18:52:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-20 02:52

Pre-Run: 14,164,549,632 bytes free
Post-Run: 14,072,418,304 bytes free

- - End Of File - - 40E4D0F2D3F9BF166267E73B06D27973

Re: Infected and can't get on Internet20th January 2011, 7:32 am

Hi,

Oh boy. This should be fun!

Download Win32kDiag from any of the following locations and save it to your Desktop.

Double-click Win32kDiag.exe to run Win32kDiag and let it finish.

When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.

Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

Re: Infected and can't get on Internet20th January 2011, 6:19 pm

Running from: C:\Documents and Settings\mindy\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\mindy\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP140.tmp\ZAP140.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29A.tmp\ZAP29A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP37C.tmp\ZAP37C.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP398.tmp\ZAP398.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\ErrorRep\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\ErrorRep\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\ErrorRep\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-1645522239-1935655697-1343024091-1003\S-1-5-21-1645522239-1935655697-1343024091-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Application Data

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Finished!

Re: Infected and can't get on Internet21st January 2011, 12:05 am

We need to run the tool with the following command to fix some malware related changes.

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK:

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your
desktop. Please open it with notepad and post the contents here.

Re: Infected and can't get on Internet21st January 2011, 2:11 am

Running from: C:\Documents and Settings\mindy\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\mindy\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP140.tmp\ZAP140.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP140.tmp\ZAP140.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29A.tmp\ZAP29A.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29A.tmp\ZAP29A.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP37C.tmp\ZAP37C.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP37C.tmp\ZAP37C.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP398.tmp\ZAP398.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP398.tmp\ZAP398.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\PCHealth\ErrorRep\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\ErrorRep\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\PCHealth\ErrorRep\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\ErrorRep\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\PCHealth\ErrorRep\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\ErrorRep\UserDumps\UserDumps

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\News\News

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\News\News

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1025\1025

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1028\1028

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1031\1031

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1037\1037

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1041\1041

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1042\1042

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1054\1054

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\2052\2052

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3076\3076

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-1645522239-1935655697-1343024091-1003\S-1-5-21-1645522239-1935655697-1343024091-1003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-1645522239-1935655697-1343024091-1003\S-1-5-21-1645522239-1935655697-1343024091-1003

Found mount point : C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir

Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Application Data

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Application Data

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\dhcp\dhcp

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\export\export

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\sample\sample

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wins\wins

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\xircom\xircom

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Finished!

Re: Infected and can't get on Internet21st January 2011, 8:19 am

Hi,

Please run ComboFix once more and post that log. We're almost done here

Re: Infected and can't get on Internet21st January 2011, 6:28 pm

ComboFix 11-01-19.01 - mindy 01/21/2011 9:13.2.1 - x86
Running from: c:\documents and settings\mindy\Desktop\commy.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-12-21 to 2011-01-21 )))))))))))))))))))))))))))))))
.

2011-01-19 21:20 . 2011-01-19 21:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Sunbelt
2011-01-19 19:09 . 2011-01-19 19:09 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-01-19 19:08 . 2011-01-20 02:15 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-01-19 19:08 . 2011-01-19 19:08 -------- dc----w- c:\program files\Alwil Software
2011-01-19 18:27 . 2010-04-29 23:39 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-19 18:27 . 2011-01-19 18:27 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-19 18:27 . 2010-04-29 23:39 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-01-19 18:17 . 2011-01-19 18:17 -------- dc----w- c:\program files\Trend Micro
2011-01-19 06:19 . 2011-01-19 07:14 -------- dc----w- c:\documents and settings\mindy\Application Data\U3
2011-01-19 06:11 . 2011-01-19 06:11 -------- dc----w- c:\program files\Belkin
2011-01-19 06:10 . 2011-01-19 06:10 -------- dc----w- c:\windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 18:53 . 2009-09-06 18:53 13159 -c--a-w- c:\program files\Common Files\ohixyz.vbs
2009-09-06 18:53 . 2009-09-06 18:53 15179 -c--a-w- c:\program files\Common Files\ifuh.dll
.

------- Sigcheck -------

[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\eventlog.dll

c:\windows\System32\drivers\beep.sys ... is missing !!
c:\windows\System32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shzaek"="c:\windows\System32\l?ass.exe" [?]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-22 163840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-23 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-26 282624]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

c:\documents and settings\mindy\Start Menu\Programs\Startup\
RDP2009.lnk - c:\program files\Angle Interactive\RDP2009\RDP2009.exe [2009-6-29 1193408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-8 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-1-27 57344]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
Wireless-B PCI Adapter Utility.lnk - c:\program files\Linksys\WMP11 Config Utility\WMP11Cfg.exe [2004-11-8 4638720]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\My Downloads\\WoW-BurningCrusade-enUS-Installer-downloader.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-19 136176]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-07 594048]

.
Contents of the 'Scheduled Tasks' folder

2004-12-17 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2003-03-31 07:56]

2007-03-04 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8100065084.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 08:52]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-19 19:09]

2009-12-23 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-21 09:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(456)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-01-21 09:24:22
ComboFix-quarantined-files.txt 2011-01-21 17:24
ComboFix2.txt 2011-01-20 02:52

Pre-Run: 14,051,663,872 bytes free
Post-Run: 14,046,683,136 bytes free

- - End Of File - - 43060B72E2E49D7C0E8AE1A2218E8776

Re: Infected and can't get on Internet21st January 2011, 7:36 pm

Hi,

Do you have the CD's that came with your machine? We've still got a bit of work to do.

Re: Infected and can't get on Internet21st January 2011, 9:07 pm

No I do not. I have a copy of XP from my other computers though.

Re: Infected and can't get on Internet21st January 2011, 10:05 pm

Is it the same Service Pack level as your machine? Any CD with the same Service Pack level will do.

Re: Infected and can't get on Internet21st January 2011, 10:24 pm

Ya I have an old hp operating system CD -- XP pro SP2...that will work, right?

Re: Infected and can't get on Internet21st January 2011, 11:21 pm

It should, yes. Do you need to find it or actually have it in hand?

Re: Infected and can't get on Internet22nd January 2011, 3:52 am

I have it right now.

Re: Infected and can't get on Internet22nd January 2011, 4:28 am

Hi,

First, let's do this:

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
MIA::
c:\windows\System32\drivers\beep.sys
c:\windows\System32\eventlog.dll
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: Infected and can't get on Internet22nd January 2011, 3:27 pm

It says I have Avira AntiVir PersonalEdition Classic "Active" but I can seem to find it anywhere to remove it.

Here is the log anyway...thx for helping Smile...

ComboFix 11-01-19.01 - mindy 01/22/2011 6:11.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.383.122 [GMT -8:00]
Running from: c:\documents and settings\mindy\Desktop\commy.exe
Command switches used :: c:\documents and settings\mindy\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {806ED0B3-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {806ED0B3-FFA4-00FC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {806ED0B3-FFA4-00DA-0D24-347CA8A3377C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\drivers\beep.sys . . . is missing!!

c:\windows\System32\eventlog.dll was missing
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.
((((((((((((((((((((((((( Files Created from 2010-12-22 to 2011-01-22 )))))))))))))))))))))))))))))))
.

2011-01-22 14:19 . 2004-08-04 07:56 55808 -c--a-w- c:\windows\system32\eventlog.dll
2011-01-22 14:19 . 2004-08-04 07:56 55808 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2011-01-19 21:20 . 2011-01-19 21:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Sunbelt
2011-01-19 19:09 . 2011-01-19 19:09 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-01-19 19:08 . 2011-01-20 02:15 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-01-19 19:08 . 2011-01-19 19:08 -------- dc----w- c:\program files\Alwil Software
2011-01-19 18:27 . 2010-04-29 23:39 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-19 18:27 . 2011-01-19 18:27 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-19 18:27 . 2010-04-29 23:39 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-01-19 18:17 . 2011-01-19 18:17 -------- dc----w- c:\program files\Trend Micro
2011-01-19 06:19 . 2011-01-19 07:14 -------- dc----w- c:\documents and settings\mindy\Application Data\U3
2011-01-19 06:11 . 2011-01-19 06:11 -------- dc----w- c:\program files\Belkin
2011-01-19 06:10 . 2011-01-19 06:10 -------- dc----w- c:\windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 18:53 . 2009-09-06 18:53 13159 -c--a-w- c:\program files\Common Files\ohixyz.vbs
2009-09-06 18:53 . 2009-09-06 18:53 15179 -c--a-w- c:\program files\Common Files\ifuh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shzaek"="c:\windows\System32\l?ass.exe" [?]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-22 163840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-23 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-26 282624]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

c:\documents and settings\mindy\Start Menu\Programs\Startup\
RDP2009.lnk - c:\program files\Angle Interactive\RDP2009\RDP2009.exe [2009-6-29 1193408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-8 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-1-27 57344]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
Wireless-B PCI Adapter Utility.lnk - c:\program files\Linksys\WMP11 Config Utility\WMP11Cfg.exe [2004-11-8 4638720]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\My Downloads\\WoW-BurningCrusade-enUS-Installer-downloader.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/19/2011 11:09 AM 136176]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [1/6/2010 5:21 PM 594048]
.
Contents of the 'Scheduled Tasks' folder

2004-12-17 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2003-03-31 07:56]

2007-03-04 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8100065084.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 08:52]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-19 19:09]

2009-12-23 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-22 06:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2984)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-01-22 06:22:24
ComboFix-quarantined-files.txt 2011-01-22 14:22
ComboFix2.txt 2011-01-21 17:24
ComboFix3.txt 2011-01-20 02:52

Pre-Run: 14,046,937,088 bytes free
Post-Run: 14,042,509,312 bytes free

- - End Of File - - 74F584505E5C64E2DBF1D1453A269B72

Re: Infected and can't get on Internet22nd January 2011, 6:20 pm

Hi,

As the machine boots up it might ask you to press any key to boot from the CD, if not please hit F8 to bring up the boot menu. In that menu please choose CD\DVD ROM Drive

At the "Welcome to Setup" screen, press R to start Recovery Console. Choose the installation to be repaired by number (usually 1) and press "Enter".

When you are asked for the Administrator password, leave it blank and press "Enter".

Copy the following file to the root directory of the primary hard disk. In the example we are copying these files from the CD-ROM drive letter "C". This letter may be different on your computer. At the command prompt (C:\Windows>), type the following and press "Enter":

expand E:\i386\beep.sy_ c:\windows\System32\drivers\beep.sys

Once this is completed successfully, remove the CD from the computer and reboot.

Re: Infected and can't get on Internet22nd January 2011, 9:37 pm

I tried but it said:
"Unable to create file beep.sys.
0 file(s) expanded."

What should I do now?

Re: Infected and can't get on Internet23rd January 2011, 1:07 am

Can you post a new ComboFix log please? I think I have an idea Smile...

Re: Infected and can't get on Internet23rd January 2011, 1:51 am

Here u go

ComboFix 11-01-19.01 - mindy 01/22/2011 16:37:40.4.1 - x86
Running from: c:\documents and settings\mindy\Desktop\commy.exe
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {806ED0B3-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {806ED0B3-FFA4-00FC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {806ED0B3-FFA4-00DA-0D24-347CA8A3377C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-12-23 to 2011-01-23 )))))))))))))))))))))))))))))))
.

2011-01-22 14:19 . 2004-08-04 07:56 55808 -c--a-w- c:\windows\system32\eventlog.dll
2011-01-22 14:19 . 2004-08-04 07:56 55808 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2011-01-19 21:20 . 2011-01-19 21:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Sunbelt
2011-01-19 19:09 . 2011-01-19 19:09 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-01-19 19:08 . 2011-01-20 02:15 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-01-19 19:08 . 2011-01-19 19:08 -------- dc----w- c:\program files\Alwil Software
2011-01-19 18:27 . 2010-04-29 23:39 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-19 18:27 . 2011-01-19 18:27 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-19 18:27 . 2010-04-29 23:39 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-01-19 18:17 . 2011-01-19 18:17 -------- dc----w- c:\program files\Trend Micro
2011-01-19 06:19 . 2011-01-19 07:14 -------- dc----w- c:\documents and settings\mindy\Application Data\U3
2011-01-19 06:11 . 2011-01-19 06:11 -------- dc----w- c:\program files\Belkin
2011-01-19 06:10 . 2011-01-19 06:10 -------- dc----w- c:\windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 18:53 . 2009-09-06 18:53 13159 -c--a-w- c:\program files\Common Files\ohixyz.vbs
2009-09-06 18:53 . 2009-09-06 18:53 15179 -c--a-w- c:\program files\Common Files\ifuh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shzaek"="c:\windows\System32\l?ass.exe" [?]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-22 163840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-23 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-26 282624]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

c:\documents and settings\mindy\Start Menu\Programs\Startup\
RDP2009.lnk - c:\program files\Angle Interactive\RDP2009\RDP2009.exe [2009-6-29 1193408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-8 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-1-27 57344]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
Wireless-B PCI Adapter Utility.lnk - c:\program files\Linksys\WMP11 Config Utility\WMP11Cfg.exe [2004-11-8 4638720]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\My Downloads\\WoW-BurningCrusade-enUS-Installer-downloader.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/19/2011 11:09 AM 136176]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [1/6/2010 5:21 PM 594048]
.
Contents of the 'Scheduled Tasks' folder

2004-12-17 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2003-03-31 07:56]

2007-03-04 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8100065084.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 08:52]

2011-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-19 19:09]

2011-01-23 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-22 16:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3316)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-01-22 16:48:25
ComboFix-quarantined-files.txt 2011-01-23 00:48
ComboFix2.txt 2011-01-22 14:22
ComboFix3.txt 2011-01-21 17:24
ComboFix4.txt 2011-01-20 02:52

Pre-Run: 14,021,742,592 bytes free
Post-Run: 14,016,847,872 bytes free

- - End Of File - - A639EC036FC53A416939FF64809AF27C

Re: Infected and can't get on Internet23rd January 2011, 3:59 am

Thanks. I'm working on a plan of attack. I will be back asap

Re: Infected and can't get on Internet23rd January 2011, 6:45 am

Alright thanks!

Re: Infected and can't get on Internet24th January 2011, 12:37 am

Hi,

Please read carefully and let me know if you have any questions.

We need to backup your registry:
Please go to Start > Run
Paste in the following line:

regedit /e c:\registrybackup.reg

Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass. *Note: You will find "registrybackup.reg" in your C: drive.

Next

Please Download
beep.sys Save it to your desktop.

extract beep.sys to your Desktop

Right click on the beep.sys file and select Copy. Now it's on the clipboard. Ready to be paste.
Click on the main hard drive, which is normally designated as the "(C:)" drive.
Click Show hidden files and folders. Click on the "Windows" system folder.
Scroll down to the "System32" folder, and click on it to open it.
Right click on a empty space and select Paste. This will copy the beep.sys file into the System32 folder. Exit out.

To make sure the beep.sys is working. Click on Start, then Run and typing cmd.exe in the text box and click OK. In the Command Prompt window, type echo, then hold down the Ctrl key and type G, then release Ctrl and press Enter. Listen for a beep sound. Let me know?

Re: Infected and can't get on Internet24th January 2011, 7:14 pm

Says:
'echo' is not recognized as an internal or external command, operable program or batch file.

Re: Infected and can't get on Internet24th January 2011, 7:19 pm

Sorry that last post was made from my friends acct. Her computer isnt working either and my laptop is the only one that can get on the internet lol.

but sorry bout that, I thought I was logged into my acct.

Re: Infected and can't get on Internet24th January 2011, 9:16 pm

Did it beep? I get the same message but the beep is what is important

Re: Infected and can't get on Internet24th January 2011, 9:35 pm

I dont have any speakers hooked up to it if that matters but no, no beep.

Re: Infected and can't get on Internet24th January 2011, 11:32 pm

Alright. I'll get back to you

Re: Infected and can't get on Internet25th January 2011, 2:31 am

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2[list]
[*]Double-click SystemLook.exe to run it.
[*]Copy the content of the following codebox into the main textfield:

Code:


:filefind
beep.sys

Re: Infected and can't get on Internet25th January 2011, 6:13 pm

SystemLook 04.09.10 by jpshortstuff
Log created at 09:09 on 25/01/2011 by mindy
Administrator - Elevation successful

========== filefind ==========

Searching for "beep.sys"
C:\Documents and Settings\mindy\Desktop\beep.sys --a--c- 4224 bytes [18:08 24/01/2011] [14:00 14/04/2008] DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\beep.sys --a--c- 4224 bytes [18:08 24/01/2011] [14:00 14/04/2008] DA1F27D85E0D1525F6621372E7B685E9

-= EOF =-

Re: Infected and can't get on Internet26th January 2011, 7:22 am

Thanks for that log. I'm currently consulting with my colleagues. I'll be back to you asap

Re: Infected and can't get on Internet26th January 2011, 5:50 pm

Alright, no prob. Thanks.

Re: Infected and can't get on Internet28th January 2011, 7:11 pm

Hi becca,

Sorry for the delay

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\program files\Common Files\ohixyz.vbs
c:\program files\Common Files\ifuh.dll

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shzaek"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: Infected and can't get on Internet28th January 2011, 10:26 pm

ComboFix 11-01-28.01 - mindy 01/28/2011 13:02:48.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.383.117 [GMT -8:00]
Running from: c:\documents and settings\mindy\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\mindy\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {806ED0B3-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {806ED0B3-FFA4-00FC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {806ED0B3-FFA4-00DA-0D24-347CA8A3377C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\program files\Common Files\ifuh.dll"
"c:\program files\Common Files\ohixyz.vbs"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\ifuh.dll
c:\program files\Common Files\ohixyz.vbs

.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-28 )))))))))))))))))))))))))))))))
.

2011-01-24 18:08 . 2008-04-14 14:00 4224 -c--a-w- c:\windows\system32\beep.sys
2011-01-24 18:05 . 2011-01-24 18:05 85613654 -c--a-w- C:\registrybackup.reg
2011-01-22 14:19 . 2004-08-04 07:56 55808 -c--a-w- c:\windows\system32\eventlog.dll
2011-01-22 14:19 . 2004-08-04 07:56 55808 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2011-01-19 21:20 . 2011-01-19 21:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Sunbelt
2011-01-19 19:09 . 2011-01-19 19:09 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-01-19 19:08 . 2011-01-20 02:15 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-01-19 19:08 . 2011-01-19 19:08 -------- dc----w- c:\program files\Alwil Software
2011-01-19 18:27 . 2010-04-29 23:39 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-19 18:27 . 2011-01-19 18:27 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-19 18:27 . 2010-04-29 23:39 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-01-19 18:17 . 2011-01-19 18:17 -------- dc----w- c:\program files\Trend Micro
2011-01-19 06:19 . 2011-01-19 07:14 -------- dc----w- c:\documents and settings\mindy\Application Data\U3
2011-01-19 06:11 . 2011-01-19 06:11 -------- dc----w- c:\program files\Belkin
2011-01-19 06:10 . 2011-01-19 06:10 -------- dc----w- c:\windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[7] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\beep.sys

c:\windows\System32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-22 163840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-23 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-26 282624]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

c:\documents and settings\mindy\Start Menu\Programs\Startup\
RDP2009.lnk - c:\program files\Angle Interactive\RDP2009\RDP2009.exe [2009-6-29 1193408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-8 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-1-27 57344]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
Wireless-B PCI Adapter Utility.lnk - c:\program files\Linksys\WMP11 Config Utility\WMP11Cfg.exe [2004-11-8 4638720]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\My Downloads\\WoW-BurningCrusade-enUS-Installer-downloader.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/19/2011 11:09 AM 136176]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [1/6/2010 5:21 PM 594048]
.
Contents of the 'Scheduled Tasks' folder

2004-12-17 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2003-03-31 07:56]

2007-03-04 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8100065084.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 08:52]

2011-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-19 19:09]

2011-01-28 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-28 13:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-01-28 13:13:21
ComboFix-quarantined-files.txt 2011-01-28 21:13
ComboFix2.txt 2011-01-23 00:48
ComboFix3.txt 2011-01-22 14:22
ComboFix4.txt 2011-01-21 17:24
ComboFix5.txt 2011-01-28 20:49

Pre-Run: 13,933,899,776 bytes free
Post-Run: 13,931,413,504 bytes free

- - End Of File - - 014A7810316DF2E6A7E573AB6FB7A719

Re: Infected and can't get on Internet29th January 2011, 12:26 am

Aha! Now I see the problem. beep.sys is in System32. It needs to be one more level down in:

c:\windows\System32\drivers\

can you copy it there please?

Re: Infected and can't get on Internet9th February 2011, 7:11 pm

Alright I copied it there.

Re: Infected and can't get on Internet9th February 2011, 8:38 pm

Run ComboFix once more now please

Re: Infected and can't get on Internet9th February 2011, 11:53 pm

ComboFix 11-02-09.02 - mindy 02/09/2011 13:13:54.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.383.17 [GMT -8:00]
Running from: c:\documents and settings\mindy\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {806ED0B3-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {806ED0B3-FFA4-00FC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {806ED0B3-FFA4-00DA-0D24-347CA8A3377C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2011-01-09 to 2011-02-09 )))))))))))))))))))))))))))))))
.

2011-01-24 18:08 . 2008-04-14 14:00 4224 -c--a-w- c:\windows\system32\drivers\beep.sys
2011-01-24 18:08 . 2008-04-14 14:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2011-01-24 18:05 . 2011-01-24 18:05 85613654 -c--a-w- C:\registrybackup.reg
2011-01-22 14:19 . 2004-08-04 07:56 55808 -c--a-w- c:\windows\system32\eventlog.dll
2011-01-22 14:19 . 2004-08-04 07:56 55808 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2011-01-19 21:20 . 2011-01-19 21:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Sunbelt
2011-01-19 19:09 . 2011-01-19 19:09 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-01-19 19:08 . 2011-01-20 02:15 -------- dc----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-01-19 19:08 . 2011-01-19 19:08 -------- dc----w- c:\program files\Alwil Software
2011-01-19 18:27 . 2010-04-29 23:39 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-19 18:27 . 2011-01-19 18:27 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-19 18:27 . 2010-04-29 23:39 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-01-19 18:17 . 2011-01-19 18:17 -------- dc----w- c:\program files\Trend Micro
2011-01-19 06:19 . 2011-01-19 07:14 -------- dc----w- c:\documents and settings\mindy\Application Data\U3
2011-01-19 06:11 . 2011-01-19 06:11 -------- dc----w- c:\program files\Belkin
2011-01-19 06:10 . 2011-01-19 06:10 -------- dc----w- c:\windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-22 163840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-23 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-26 282624]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

c:\documents and settings\mindy\Start Menu\Programs\Startup\
RDP2009.lnk - c:\program files\Angle Interactive\RDP2009\RDP2009.exe [2009-6-29 1193408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-8 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-1-27 57344]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-21 65588]
Wireless-B PCI Adapter Utility.lnk - c:\program files\Linksys\WMP11 Config Utility\WMP11Cfg.exe [2004-11-8 4638720]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\My Downloads\\WoW-BurningCrusade-enUS-Installer-downloader.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/19/2011 11:09 AM 136176]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [1/6/2010 5:21 PM 594048]
.
Contents of the 'Scheduled Tasks' folder

2004-12-17 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2003-03-31 07:56]

2007-03-04 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8100065084.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 08:52]

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-19 19:09]

2011-02-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-09 13:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1556)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-09 13:24:38
ComboFix-quarantined-files.txt 2011-02-09 21:24
ComboFix2.txt 2011-01-28 21:13
ComboFix3.txt 2011-01-23 00:48
ComboFix4.txt 2011-01-22 14:22
ComboFix5.txt 2011-02-09 21:10

Pre-Run: 13,901,283,328 bytes free
Post-Run: 13,896,970,240 bytes free

- - End Of File - - 162363D7580191163945BFB162765772

Re: Infected and can't get on Internet10th February 2011, 1:08 am

Awesome. Beep.sys is back in its proper location. How is the machine running?

Re: Infected and can't get on Internet15th February 2011, 12:01 am

It's running the same...cant seem to get on the internet and it's slow

Re: Infected and can't get on Internet15th February 2011, 3:00 am

Slowness can be attributed to the lack of RAM in this machine. You barely have 512 MB.

Are you connecting wired or wireless? Have you been able to get on the internet and are just disconnected?

Infected and can't get on Internet

descriptionInfected and can't get on Internet19th January 2011, 10:29 pm

descriptionRe: Infected and can't get on Internet19th January 2011, 10:32 pm

descriptionRe: Infected and can't get on Internet20th January 2011, 1:52 am

descriptionRe: Infected and can't get on Internet20th January 2011, 3:37 am

descriptionRe: Infected and can't get on Internet20th January 2011, 3:59 am

descriptionRe: Infected and can't get on Internet20th January 2011, 7:32 am

descriptionRe: Infected and can't get on Internet20th January 2011, 6:19 pm

descriptionRe: Infected and can't get on Internet21st January 2011, 12:05 am

descriptionRe: Infected and can't get on Internet21st January 2011, 2:11 am

descriptionRe: Infected and can't get on Internet21st January 2011, 8:19 am

descriptionRe: Infected and can't get on Internet21st January 2011, 6:28 pm

descriptionRe: Infected and can't get on Internet21st January 2011, 7:36 pm

descriptionRe: Infected and can't get on Internet21st January 2011, 9:07 pm

descriptionRe: Infected and can't get on Internet21st January 2011, 10:05 pm

descriptionRe: Infected and can't get on Internet21st January 2011, 10:24 pm

descriptionRe: Infected and can't get on Internet21st January 2011, 11:21 pm

descriptionRe: Infected and can't get on Internet22nd January 2011, 3:52 am

descriptionRe: Infected and can't get on Internet22nd January 2011, 4:28 am

descriptionRe: Infected and can't get on Internet22nd January 2011, 3:27 pm

descriptionRe: Infected and can't get on Internet22nd January 2011, 6:20 pm

descriptionRe: Infected and can't get on Internet22nd January 2011, 9:37 pm

descriptionRe: Infected and can't get on Internet23rd January 2011, 1:07 am

descriptionRe: Infected and can't get on Internet23rd January 2011, 1:51 am

descriptionRe: Infected and can't get on Internet23rd January 2011, 3:59 am

descriptionRe: Infected and can't get on Internet23rd January 2011, 6:45 am

descriptionRe: Infected and can't get on Internet24th January 2011, 12:37 am

descriptionRe: Infected and can't get on Internet24th January 2011, 7:14 pm

descriptionRe: Infected and can't get on Internet24th January 2011, 7:19 pm

descriptionRe: Infected and can't get on Internet24th January 2011, 9:16 pm

descriptionRe: Infected and can't get on Internet24th January 2011, 9:35 pm

descriptionRe: Infected and can't get on Internet24th January 2011, 11:32 pm

descriptionRe: Infected and can't get on Internet25th January 2011, 2:31 am

descriptionRe: Infected and can't get on Internet25th January 2011, 6:13 pm

descriptionRe: Infected and can't get on Internet26th January 2011, 7:22 am

descriptionRe: Infected and can't get on Internet26th January 2011, 5:50 pm

descriptionRe: Infected and can't get on Internet28th January 2011, 7:11 pm

descriptionRe: Infected and can't get on Internet28th January 2011, 10:26 pm

descriptionRe: Infected and can't get on Internet29th January 2011, 12:26 am

descriptionRe: Infected and can't get on Internet9th February 2011, 7:11 pm

descriptionRe: Infected and can't get on Internet9th February 2011, 8:38 pm

descriptionRe: Infected and can't get on Internet9th February 2011, 11:53 pm

descriptionRe: Infected and can't get on Internet10th February 2011, 1:08 am

descriptionRe: Infected and can't get on Internet15th February 2011, 12:01 am

descriptionRe: Infected and can't get on Internet15th February 2011, 3:00 am

descriptionRe: Infected and can't get on Internet