Xp Inspiron mini

Ulfhere · May 31, 2011

I am using a Inspirion Mini running Windows xp, using IE 8, all security updates are up to date as of 4-19-2011 nrunning service pack 2.

Some form of malware/virus attempted to download. Disconnected but was too late. Went to safe mode, changed to safe boot with minimal startup. Did a system restore a week ahead.

The issue began as what appeared to be a registry error. The All Programs were listed as empty. As I navigated through IE, I kept getting redirected to other websites not attached to the links listed. Eventully the redirection lead to a website that dumped some virus/maleware into the system.

After the system restore, the all programs became available, but My Documents are blank (although using Search locates the files). The redirection still occurs using IE8. I am concerned the virus is still active somewhere and would like assistance finding and removing the issue.

Avira is the anti-virus program being used and now longer functions since the virus occurred.

Went back and checked settings in msconfig and all are restored to normal startup and boot settings. Some startup files have blank names. with a directory. I do not want to just disable programs, I want to remove all the threats.

Where do I begin and what additional information do you need?

Superdave · June 1, 2011

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

************************************************

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

***************************************************

Malwarebytes' Anti-Malware (MBAM)

If you already have Malwarebytes be sure to check for updates before scanning!

Download Malwarebytes Anti-Malware and save it to your desktop. Alternate download link

•Double-click mbam-setup.exe and follow the prompts to install the program.

•Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

•If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

•If an update is found, it will download and install the latest version.

•Once the program has loaded, select Perform Quick Scan, then click Scan.

•When the scan is complete, click OK, then Show Results to view the results.

•Be sure that everything is checked, and click Remove Selected.

•When completed, a log will open in Notepad. Save it to a convenient location like the Desktop.

•The log is also automatically saved and can be viewed later by clicking the Logs tab in MBAM.

•Copy and Paste the contents of the report in your reply.

•Exit MBAM.

.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

**********************************************************

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.

* If your antivirus or firewall try to block DDS then please allow it to run.

* When finished DDS will open two (2) logs.

1) DDS.txt

2) Attach.txt

* Save both logs to your desktop.

* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.

Please just post it as you would any other log by copying and pasting it into the reply.

Ulfhere · June 1, 2011

I attempted to download SuperAntiSpyware and it would only allow me the pay version even though I selected the freee version. Now it has downloaded XP Home Security 2011, why I am attempting to remove. with little success. This has removed all past restore points and willl not allow volume from internet sites, when I can even get on one.

Ulfhere · June 1, 2011

Attempted to repair XP Home Security 2011 via:

Click Start, Run. Type command and press Enter. Type notepad and press Enter.

Notepad opens. Copy all the text below into Notepad.

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe]

[-HKEY_CURRENT_USER\Software\Classes\pezfile]

[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\exefile\shell\open\command]

@="\"%1\" %*"

[HKEY_CLASSES_ROOT\.exe]

@="exefile"

"Content Type"="application/x-msdownload"

Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)

Double Click fix.reg and click YES for confirm.

Reboot your computer.

It comes bacl with The specified file is not a registry file. You can only import registry files.

Ulfhere · June 1, 2011

On the microsoft website it is suggested that entering 1147-175591-6550 as the manual activation will allow you to function to then download programs and use your browser. So far seems to be working.

Superdave · June 1, 2011

Please do not run any other programs on your own. I may just make matters worse. Please download and transfer those tools using the method I described in my first post.

Ulfhere · June 1, 2011

I guess I was not clear. AFTER downloading the first program you mentioned I GOT this new virus. I deleted the program which did not seem to uninstall. I could no longer use any browser to download any program. After using the method on the Microsoft website, I am now able to download mbam. It is still doadloading, but at least I CAN do it. Once I run that program, will post details and then attempt the other two.

Ulfhere · June 1, 2011

I much rather have done it your way, but downloading the spyware tool seemed to deal more damage and add me a new malware program. I repeat, I could not navagate past my home page not could I download any programs which is why I went to another computer to find a way to remove XP Home Security 2011. I posted what I did so I could actually begin a download and keep you informed.

Ulfhere · June 1, 2011

I discovered with XP Home Security 2011, I could not get sound off internet programs, could not find any of my restore points, and could not use any browser (chrome, IE8, or firefox) to download any of the programs you suggested. Also discoved I have service pack 3 loaded.

Ulfhere · June 1, 2011

XP Home Security 2011 also popped up in safe mode, and would not shut down using selective startup or services.

Ulfhere · June 1, 2011

Malwarebytes' Anti-Malware (MBAM) log

Malwarebytes' Anti-Malware 1.50.1.1100

http://www.malwarebytes.org

Database version: 6748

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/1/2011 5:47:25 PM

mbam-log-2011-06-01 (17-47-25).txt

Scan type: Quick scan

Objects scanned: 170816

Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

c:\documents and settings\elizabeth bassett\local settings\application data\llq.exe (Trojan.ExeShell.Gen) -> 472 -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\llq.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\llq.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\llq.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\llq.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\elizabeth bassett\local settings\application data\llq.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\elizabeth bassett\local settings\Temp\36.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

Ulfhere · June 1, 2011

DDS Text

.

DDS (Ver_2011-06-01.06) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Run by elizabeth bassett at 18:05:17 on 2011-06-01

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.419 [GMT -4:00]

.

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\WSED\WSED.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\OA012Mon.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\CapsLKNotify\CapsLKNotify.exe

C:\Program Files\Battery Meter\BTMeter.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://ecampus.phoenix.edu/Portal/Portal/Public/Login.aspx

uInternet Connection Wizard,ShellNext = iexplore

uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AOL Radio Toolbar Loader: {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - c:\program files\aol radio toolbar\aolradiotb.dll

BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

TB: AOL Radio Toolbar: {9167da98-6f9b-46f1-991d-826cae46cab6} - c:\program files\aol radio toolbar\aolradiotb.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [Google Update] "c:\documents and settings\elizabeth bassett\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US

mRun: [WSED] c:\program files\wsed\WSED.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [OA012Mon] c:\windows\OA012Mon.exe

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [CapsLKNotify] c:\program files\capslknotify\CapsLKNotify.exe

mRun: [bTMeter] c:\program files\battery meter\BTMeter.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Alcmtr] ALCMTR.EXE

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\docume~1\elizab~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\elizab~1\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for windows mobile\PdaNetPC.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

TCP: DhcpNameServer = 10.0.1.1

TCP: Interfaces\{4B861D70-A005-4D27-BF1B-1B4FB94381F5} : DhcpNameServer = 10.0.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\elizabeth bassett\application data\mozilla\firefox\profiles\qbclgos3.default\

FF - plugin: c:\documents and settings\elizabeth bassett\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\c2mp\npdivx32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-8-7 14248]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-5 11608]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-5 136360]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-5 61960]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-27 54752]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-8-7 143840]

R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [2009-8-7 135168]

R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [2009-8-7 133632]

R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [2009-8-7 272032]

R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2009-10-8 9472]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-8-7 162816]

S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-5 269480]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-7 1684736]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

.

=============== Created Last 30 ================

.

2011-06-01 21:28:50 -------- d-----w- c:\documents and settings\elizabeth bassett\application data\Malwarebytes

2011-06-01 21:28:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-01 21:28:21 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-06-01 21:28:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-01 14:18:24 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-06-01 14:18:24 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-01 02:20:00 -------- d-----w- c:\documents and settings\elizabeth bassett\application data\SUPERAntiSpyware.com

2011-06-01 02:19:59 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-06-01 01:40:51 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-05-31 20:51:43 -------- d-----w- c:\documents and settings\elizabeth bassett\application data\Avira

.

==================== Find3M ====================

.

2011-03-29 19:09:32 21504 ----a-w- c:\windows\system32\drivers\libusb0.sys

2011-03-29 19:09:30 37376 ----a-w- c:\windows\system32\libusb0.dll

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 18:37:13 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

.

============= FINISH: 18:06:19.89 ===============

Attach file

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-01.06)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 8/29/2009 12:04:03 PM

System Uptime: 6/1/2011 5:52:58 PM (1 hours ago)

.

Motherboard: Dell Inc. | | CN0Y53

Processor: Intel® Atom CPU N270 @ 1.60GHz | U1 | 1596/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 130.253 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}

Description: Communications Port

Device ID: ROOT\PORTS\0000

Manufacturer: (Standard port types)

Name: Communications Port (COM3)

PNP Device ID: ROOT\PORTS\0000

Service: Serial

.

==== System Restore Points ===================

.

RP1: 6/1/2011 11:35:10 AM - System Checkpoint

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.4

Advanced Audio FX Engine

AIM 7

AIM Toolbar

Algebra 1 Solved!

Amazon Kindle For PC

AOL Radio Toolbar

AOL Toolbar

Avira AntiVir Personal - Free Antivirus

Basic Math Solved!

Battery Meter

Bing Bar

Borders Desktop

CapsLKNotify

College Algebra Solved!

Compatibility Pack for the 2007 Office system

Dell Box.net Launcher

Dell Support Center (Support Software)

Dell Touchpad

Dell Video Chat

Dell Webcam Central

Dell Wireless WLAN Card Utility

Download Updater (AOL LLC)

EMSC

Function Keys

Google Chrome

Graphing Solved!

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB953955)

Hotfix for Windows XP (KB954434)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB959252)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Integrated Webcam Driver (1.02.02.0403)

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Java 6 Update 21

Junk Mail filter update

Linear Algebra Solved!

Live! Cam Avatar Creator

Malwarebytes' Anti-Malware

Media Player Codec Pack 3.8.0

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft ActiveSync

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Default Manager

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Ultimate 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft UI Engine

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Works

Mozilla Firefox (3.6.8)

MSVCRT

MSXML 6.0 Parser (KB927977)

PdaNet for Windows Mobile 2.0

PRS-500 USB driver

Reader Library by Sony

Realtek High Definition Audio Driver

RideMax 6.0

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2466156)

Security Update for 2007 Microsoft Office System (KB2509488)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2464583)

Security Update for Microsoft Office Groove 2007 (KB2494047)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Skype™ 4.2

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 (KB2509470)

Update for Outlook 2007 Junk Email Filter (KB2536413)

Update for Windows Internet Explorer 8 (KB973874)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB898461)

Update for Windows XP (KB951618-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation

Windows Search 4.0

WSED

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

6/1/2011 9:32:40 AM, error: PSched [14103] - QoS [Adapter {92E6E128-E139-4E5F-9AED-5AC96010251B}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.

6/1/2011 10:59:26 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.

6/1/2011 10:32:35 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

6/1/2011 10:30:36 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

6/1/2011 10:30:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

6/1/2011 10:25:54 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv Tcpip

5/31/2011 10:33:28 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/30/2011 8:54:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

5/30/2011 8:54:46 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/30/2011 8:54:31 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip

5/30/2011 8:54:31 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

5/30/2011 8:54:31 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/30/2011 8:54:31 PM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/30/2011 8:54:31 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/30/2011 8:54:31 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

5/28/2011 9:29:46 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Print Spooler service to connect.

5/28/2011 9:29:46 PM, error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/28/2011 9:21:47 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/28/2011 9:16:00 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/28/2011 8:48:10 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

5/28/2011 8:48:10 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/28/2011 8:48:10 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

5/28/2011 4:30:56 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

5/27/2011 8:14:35 PM, error: Dhcp [1002] - The IP address lease 192.168.1.109 for the Network Card with network address 00225FBA5B2A has been denied by the DHCP server 10.0.1.1 (The DHCP Server sent a DHCPNACK message).

5/27/2011 11:02:10 PM, error: Dhcp [1002] - The IP address lease 10.0.1.15 for the Network Card with network address 00225FBA5B2A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

Ulfhere · June 2, 2011

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 06/01/2011 at 07:29 PM

Application Version : 4.51.1000

Core Rules Database Version : 6955

Trace Rules Database Version: 4991

Scan type : Quick Scan

Total Scan Time : 00:48:30

Memory items scanned : 568

Memory threats detected : 0

Registry items scanned : 1690

Registry threats detected : 1

File items scanned : 24208

File threats detected : 546

System.BrokenFileAssociation

HKCR\.exe

Adware.Tracking Cookie

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@segment-pixel.invitemedia[2].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@andomedia[1].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@atdmt[2].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@ad.yieldmanager[4].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@advertising[1].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@ads.pointroll[2].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@at.atwola[1].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@fastclick[3].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@d.mediadakine[2].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@imrworldwide[3].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@adbrite[2].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@lucidmedia[2].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@atwola[1].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@search.findxml[1].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@tacoda.at.atwola[2].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@apmebf[1].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@ad.yieldmanager[3].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@tribalfusion[2].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@mediadakine[1].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@media6degrees[5].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@network.realmedia[1].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@content.yieldmanager[5].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@content.yieldmanager[6].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@serving-sys[1].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@pointroll[4].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@ads.undertone[1].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@pointroll[2].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@realmedia[4].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@ru4[1].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@r1-ads.ace.advertising[2].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@ads.pointroll[3].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@doubleclick[3].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@ar.atwola[1].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@invitemedia[5].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@mediabrandsww[1].txt

C:\Documents and Settings\elizabeth bassett\Cookies\elizabeth_bassett@ad.wsod[3].txt

a.ads2.msads.net [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

ads2.msads.net [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

b.ads2.msads.net [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

bbca.channelfinder.net [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

cdn4.specificclick.net [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

cloudfront.mediamatters.org [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

content.oddcast.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

convoad.technoratimedia.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

convoad.technoratimedia.net [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

core.insightexpressai.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

crackle.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

ec.atdmt.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

ia.media-imdb.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

image.wistatutor.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

m1.2mdn.net [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

macromedia.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

media.kompolt.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

media.mtvnservices.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

media.scanscout.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

media1.break.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

mediastore.verizonwireless.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

msnbcmedia.msn.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

objects.tremormedia.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

secure-us.imrworldwide.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

sftrack.searchforce.net [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

udn.specificclick.net [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

wdw1.wdpromedia.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

wdw2.wdpromedia.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

http://www.monarchdigimedia.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Macromedia\Flash Player\#SharedObjects\VBSNRAJ9 ]

.adultfriendfinder.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.gaypornpicpost.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.pornplays.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.microsoftoffice.112.2o7.net [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.atdmt.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.doubleclick.net [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.fastclick.net [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.advertising.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

righteffortlove.media.officelive.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.imrworldwide.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.msnportal.112.2o7.net [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.statcounter.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.apmebf.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.mediaplex.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.specificclick.net [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.specificmedia.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

cdn4.specificclick.net [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.specificclick.net [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

cdn4.specificclick.net [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.serving-sys.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.revsci.net [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.questionmarket.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.at.atwola.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.advertising.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.atwola.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.at.atwola.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.tacoda.at.atwola.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.at.atwola.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.advertising.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.atdmt.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.eyewonder.com [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.revsci.net [ C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\cookies.sqlite ]

.atdmt.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.realmedia.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.advertising.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.iacas.adbureau.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adbureau.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.dmtracker.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.zedo.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.linksynergy.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.ads.pointroll.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.247realmedia.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.mediaplex.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.microsoftwindows.112.2o7.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.msnbc.112.2o7.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.msnportal.112.2o7.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.imrworldwide.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.collective-media.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adbrite.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.stats.citypromedia.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.interclick.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.kontera.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.edge.ru4.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.insightexpressai.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.pointroll.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adlegend.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.overture.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.statcounter.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.bbos.112.2o7.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

data.coremetrics.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.spafinder.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.http://www.spafinder.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.marriottinternational.122.2o7.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

media.adrevolver.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.2o7.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.insightexpressai.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.2o7.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.borders.112.2o7.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.microsoftinternetexplorer.112.2o7.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.amazonmerchants.122.2o7.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.apmebf.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

stat.onestat.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

tracking.admarketplace.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adserver.adtechus.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.nipporn.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.insightexpressai.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.2o7.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.insightexpressai.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.coxtravelchannel.112.2o7.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

http://www.monarchdigimedia.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.doubleclick.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.eyewonder.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.socialmedia.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

counter.hitslink.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.care2.112.2o7.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.statcounter.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ads2.drivelinemedia.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

rotator.adjuggler.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.statcounter.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.smartadserver.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

stat.onestat.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.eharmony.112.2o7.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.traveladvertising.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.at.atwola.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.pornplays.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.insightexpressai.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.hotelscom.122.2o7.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.clickshift.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.overture.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adultfriendfinder.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.insightexpressai.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.lfstmedia.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.foxinteractivemedia.122.2o7.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.fim.122.2o7.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.traffic.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adbureau.traffic.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.traffic.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adxpose.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.healyourlife.122.2o7.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.interclick.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.mediaplex.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adinterax.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.247realmedia.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.realmedia.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.msnaccountservices.112.2o7.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.microsoftwlmailmkt.112.2o7.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.associatedcontent.112.2o7.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.iacas.adbureau.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.linksynergy.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.2o7.net [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

info.s3safesexstore.com [ C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Google\Chrome\User

Ulfhere · June 2, 2011

Hope that last part posted

Superdave · June 2, 2011

Download OTL to your desktop.

* Open OTL

* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

:OTL
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
mRun: [Alcmtr] ALCMTR.EXE

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix

* OTLI2 may ask to reboot the machine. Please do so if asked.

* Click OK

* A report will open. Copy and Paste that report in your next reply.

****************************************************

Please download ComboFix http://img7.imageshack.us/img7/4930/combofix.gif from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.

It would be easiest to download using Internet Explorer.

If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab

* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here

Double click ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

http://i424.photobucket.com/albums/pp322/digistar/Query_RC.gif

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i424.photobucket.com/albums/pp322/digistar/RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

Ulfhere · June 2, 2011

After running OTL, IE8 and Firefox will not open. Chrome will. I received two reports.

OTL Text:

OTL logfile created on: 6/2/2011 1:59:30 PM - Run 1

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\elizabeth bassett\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 578.41 Mb Available Physical Memory | 57.02% Memory free

2.39 Gb Paging File | 2.00 Gb Available in Paging File | 83.86% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.01 Gb Total Space | 132.19 Gb Free Space | 88.71% Space Free | Partition Type: NTFS

Computer Name: OCEANVIEWS | User Name: elizabeth bassett | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/02 13:42:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\elizabeth bassett\Desktop\OTL.exe

PRC - [2011/04/29 09:29:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE

PRC - [2010/07/13 01:34:46 | 000,906,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

PRC - [2009/06/03 15:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2009/06/03 15:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2009/05/11 17:11:24 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OA012Mon.exe

PRC - [2009/03/31 17:03:46 | 000,251,176 | ---- | M] (Dell) -- C:\Program Files\WSED\WSED.exe

PRC - [2009/02/23 10:03:06 | 000,320,808 | ---- | M] (Compal Electronics, Inc) -- C:\Program Files\CapsLKNotify\CapsLKNotify.exe

PRC - [2008/11/04 22:47:38 | 000,623,912 | ---- | M] (Dell) -- C:\Program Files\Battery Meter\BTMeter.exe

PRC - [2008/07/31 22:45:36 | 000,185,560 | ---- | M] () -- C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe

PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/06/02 13:42:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\elizabeth bassett\Desktop\OTL.exe

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

========== Driver Services (SafeList) ==========

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USCON/1

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://ecampus.phoenix.edu/Portal/Portal/Public/Login.aspx

IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/09 10:56:12 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 08:42:49 | 000,000,000 | ---D | M]

[2010/08/09 10:56:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Extensions

[2010/11/09 11:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\extensions

[2010/08/09 10:58:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/08/16 08:23:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/11/09 11:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/08/16 08:23:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/04/07 18:08:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/06/02 13:46:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (AOL Radio Toolbar Loader) - {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)

O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (AOL Radio Toolbar) - {9167da98-6f9b-46f1-991d-826cae46cab6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)

O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (AOL Radio Toolbar) - {9167DA98-6F9B-46F1-991D-826CAE46CAB6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [bTMeter] C:\Program Files\Battery Meter\BTMeter.exe (Dell)

O4 - HKLM..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe (Compal Electronics, Inc)

O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [OA012Mon] C:\WINDOWS\OA012Mon.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)

O4 - HKLM..\Run: [WSED] C:\Program Files\WSED\WSED.exe (Dell)

O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)

O4 - Startup: C:\Documents and Settings\elizabeth bassett\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.17 68.105.29.17

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/04/25 21:45:49 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/02 13:46:55 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/06/02 13:42:31 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\elizabeth bassett\Desktop\OTL.exe

[2011/06/01 18:12:10 | 011,008,200 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\elizabeth bassett\Desktop\SUPERAntiSpyware.exe

[2011/06/01 18:05:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\elizabeth bassett\Start Menu\Programs\Administrative Tools

[2011/06/01 18:04:54 | 000,607,294 | R--- | C] (Swearware) -- C:\Documents and Settings\elizabeth bassett\Desktop\dds.scr

[2011/06/01 17:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\elizabeth bassett\Application Data\Malwarebytes

[2011/06/01 17:28:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/06/01 17:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/06/01 17:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/06/01 17:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/05/31 22:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\elizabeth bassett\Application Data\SUPERAntiSpyware.com

[2011/05/31 22:19:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2011/05/31 22:19:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware

[2011/05/31 21:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2011/05/31 16:51:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\elizabeth bassett\Application Data\Avira

[2011/05/30 21:17:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\elizabeth bassett\Recent

========== Files - Modified Within 30 Days ==========

[2011/06/02 13:58:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/06/02 13:52:35 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys

[2011/06/02 13:46:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

[2011/06/02 13:42:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\elizabeth bassett\Desktop\OTL.exe

[2011/06/02 13:41:15 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6DBEB801-57E6-408F-A94E-D54881017A71}.job

[2011/06/02 01:28:00 | 000,001,026 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3573447251-3527773996-2837483881-1006UA.job

[2011/06/01 22:28:00 | 000,000,974 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3573447251-3527773996-2837483881-1006Core.job

[2011/06/01 18:13:00 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011/06/01 18:12:10 | 011,008,200 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\elizabeth bassett\Desktop\SUPERAntiSpyware.exe

[2011/06/01 18:04:58 | 000,607,294 | R--- | M] (Swearware) -- C:\Documents and Settings\elizabeth bassett\Desktop\dds.scr

[2011/06/01 17:38:49 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/06/01 17:28:28 | 000,002,374 | ---- | M] () -- C:\Documents and Settings\elizabeth bassett\Desktop\Google Chrome.lnk

[2011/06/01 17:28:28 | 000,002,352 | ---- | M] () -- C:\Documents and Settings\elizabeth bassett\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/06/01 17:08:46 | 000,019,846 | -HS- | M] () -- C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\6h86d7sr2domqf81n08t4n

[2011/06/01 17:08:46 | 000,019,846 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6h86d7sr2domqf81n08t4n

[2011/06/01 12:32:37 | 000,000,322 | ---- | M] () -- C:\Documents and Settings\elizabeth bassett\My Documents\fix.reg

[2011/06/01 12:29:29 | 000,000,324 | ---- | M] () -- C:\Documents and Settings\elizabeth bassett\Desktop\fix.reg

[2011/06/01 11:29:46 | 000,000,211 | RHS- | M] () -- C:\boot.ini

[2011/05/31 22:21:25 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/05/28 15:54:59 | 000,000,392 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\21552932

[2011/05/28 15:52:50 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~21552932r

[2011/05/28 15:52:50 | 000,000,104 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~21552932

[2011/05/28 01:52:32 | 000,467,714 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/05/28 01:52:32 | 000,080,780 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/05/13 12:29:35 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/05/07 00:37:09 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2011/06/01 17:28:25 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/06/01 12:47:22 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys

[2011/06/01 12:32:37 | 000,000,322 | ---- | C] () -- C:\Documents and Settings\elizabeth bassett\My Documents\fix.reg

[2011/06/01 12:29:29 | 000,000,324 | ---- | C] () -- C:\Documents and Settings\elizabeth bassett\Desktop\fix.reg

[2011/06/01 11:29:39 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

[2011/06/01 11:29:39 | 000,000,949 | ---- | C] () -- C:\Documents and Settings\elizabeth bassett\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

[2011/06/01 11:29:39 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\elizabeth bassett\Start Menu\Programs\Startup\PdaNet Desktop.lnk

[2011/05/31 21:40:35 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011/05/31 21:34:15 | 000,019,846 | -HS- | C] () -- C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\6h86d7sr2domqf81n08t4n

[2011/05/31 21:34:15 | 000,019,846 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6h86d7sr2domqf81n08t4n

[2011/05/28 15:52:50 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~21552932r

[2011/05/28 15:52:50 | 000,000,104 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~21552932

[2011/05/28 15:52:40 | 000,000,392 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\21552932

[2010/08/09 10:56:16 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat

[2010/06/29 21:48:18 | 000,000,140 | -H-- | C] () -- C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\fusioncache.dat

[2009/11/15 01:12:55 | 000,002,528 | -H-- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc

[2009/10/08 21:41:38 | 000,002,528 | -H-- | C] () -- C:\Documents and Settings\elizabeth bassett\Application Data\$_hpcst$.hpc

[2009/10/07 21:04:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/09/19 21:55:34 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\elizabeth bassett\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/29 16:36:24 | 000,002,816 | -H-- | C] () -- C:\Documents and Settings\elizabeth bassett\Application Data\wklnhst.dat

[2009/08/27 15:04:44 | 000,557,003 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2009/08/27 15:04:32 | 000,811,835 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll

[2009/08/27 15:03:52 | 004,456,201 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

[2009/08/25 14:07:36 | 000,328,334 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll

[2009/08/25 13:38:04 | 000,425,040 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll

[2009/08/25 12:56:56 | 000,829,781 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/08/25 12:37:02 | 000,146,098 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll

[2009/08/11 16:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe

[2009/08/07 23:13:47 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe

[2009/08/07 23:13:37 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2009/08/07 23:10:11 | 000,001,155 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2009/08/07 20:58:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/08/07 20:47:10 | 000,000,075 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin

[2009/08/07 20:36:03 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\EMSC.DLL

[2009/08/07 20:34:54 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2009/08/07 20:34:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE

[2009/08/07 20:34:52 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2009/06/02 13:15:44 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll

[2009/06/02 13:15:18 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll

[2009/06/02 13:15:04 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll

[2009/06/02 13:14:56 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll

[2009/06/02 13:14:30 | 000,486,400 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll

[2009/06/02 13:13:58 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll

[2009/06/02 13:13:50 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll

[2009/06/02 13:11:26 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

[2009/06/02 13:11:16 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/01/10 18:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll

[2009/01/10 18:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll

[2009/01/10 18:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll

[2009/01/10 18:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll

[2009/01/10 18:16:04 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe

[2009/01/10 18:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll

[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll

[2009/01/10 18:15:36 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe

[2009/01/10 18:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll

[2009/01/10 18:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll

[2009/01/10 18:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll

[2009/01/10 18:15:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe

[2009/01/10 18:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll

[2009/01/10 18:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll

[2008/12/03 18:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2008/05/26 22:59:42 | 000,018,904 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 22:59:40 | 000,106,605 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2008/04/25 21:47:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008/04/25 21:44:05 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/04/25 21:42:57 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2008/04/25 16:33:19 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/25 16:33:18 | 000,467,714 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/04/25 16:33:18 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/25 16:33:18 | 000,080,780 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/04/25 16:33:18 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/25 16:33:17 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin

[2008/04/25 16:33:17 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat

[2008/04/25 16:33:16 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat

[2008/04/25 16:33:14 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/25 16:33:14 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/25 16:33:10 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/25 16:33:06 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/25 09:39:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/04/25 09:38:33 | 000,278,152 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini

[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

< End of report >

Ulfhere · June 2, 2011

OTL Extras logfile created on: 6/2/2011 1:59:30 PM - Run 1

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\elizabeth bassett\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 578.41 Mb Available Physical Memory | 57.02% Memory free

2.39 Gb Paging File | 2.00 Gb Available in Paging File | 83.86% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.01 Gb Total Space | 132.19 Gb Free Space | 88.71% Space Free | Partition Type: NTFS

Computer Name: OCEANVIEWS | User Name: elizabeth bassett | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Dell Video Chat\DellVideoChat.exe" = C:\Program Files\Dell Video Chat\DellVideoChat.exe:*:Enabled:Dell Video Chat -- (Dell Inc. and SightSpeed Inc.)

"C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe" = C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe:*:Enabled:PdaNetPC -- ()

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{053E51D3-885D-425C-9586-EA5183C4C688}" = Function Keys

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{19587EFF-CC82-4E85-A85D-0D476DAA9C35}" = Linear Algebra Solved!

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{25511981-E2E8-45FA-9417-3E15A2B43CB3}" = Algebra 1 Solved!

"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine

"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java 6 Update 21

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator

"{6C82BEFA-21A9-4CC0-9F73-93BD0F406E33}" = College Algebra Solved!

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify

"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007

"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync

"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4

"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony

"{B840FAB0-0E67-4DD9-A93C-A92BA7DF9625}" = Dell Box.net Launcher

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C381C370-6464-494A-83F2-A719835D51E3}" = Graphing Solved!

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E6CB6126-D120-4FB5-9D1B-E2E19003E66C}" = WSED

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F807552B-40E9-4E98-8F5D-404E5FB6F6D1}" = Basic Math Solved!

"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"AIM Toolbar" = AIM Toolbar

"AIM_7" = AIM 7

"Amazon Kindle For PC" = Amazon Kindle For PC

"AOL Radio Toolbar" = AOL Radio Toolbar

"AOL Toolbar" = AOL Toolbar

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Borders Desktop" = Borders Desktop

"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Creative OA012" = Integrated Webcam Driver (1.02.02.0403)

"Dell Video Chat" = Dell Video Chat

"Dell Webcam Central" = Dell Webcam Central

"HDMI" = Intel® Graphics Media Accelerator Driver

"ie8" = Windows Internet Explorer 8

"InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter

"InstallShield_{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Media Player - Codec Pack" = Media Player Codec Pack 3.8.0

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"PdaNet_is1" = PdaNet for Windows Mobile 2.0

"RideMax" = RideMax 6.0

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"SynTPDeinstKey" = Dell Touchpad

"ULTIMATER" = Microsoft Office Ultimate 2007

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >

Superdave · June 2, 2011

Please run ComboFix and post the log.

Ulfhere · June 2, 2011

Rebooting the mini allowed me access to my browser programs.

Combofix logs

ComboFix 11-06-01.07 - elizabeth bassett 06/02/2011 14:55:52.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.587 [GMT -4:00]

Running from: c:\documents and settings\elizabeth bassett\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Install.exe

.

Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected

Restored copy from - Kitty had a snack :p

.

((((((((((((((((((((((((( Files Created from 2011-05-02 to 2011-06-02 )))))))))))))))))))))))))))))))

.

2011-06-02 18:51 . 2011-06-02 18:51 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS

2011-06-02 18:51 . 2011-06-02 18:51 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS

2011-06-02 18:51 . 2011-06-02 18:51 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS

2011-06-02 18:51 . 2011-06-02 18:51 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS

2011-06-02 18:51 . 2011-06-02 18:51 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS

2011-06-02 18:51 . 2011-06-02 18:51 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS

2011-06-02 18:51 . 2011-06-02 18:51 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS

2011-06-02 18:51 . 2011-06-02 18:51 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS

2011-06-02 18:51 . 2011-06-02 18:51 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS

2011-06-02 18:51 . 2011-06-02 18:51 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS

2011-06-02 18:51 . 2011-06-02 18:51 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS

2011-06-02 18:51 . 2011-06-02 18:51 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS

2011-06-02 17:46 . 2011-06-02 17:46 -------- d-----w- C:\_OTL

2011-06-01 21:28 . 2011-06-01 21:28 -------- d-----w- c:\documents and settings\elizabeth bassett\Application Data\Malwarebytes

2011-06-01 21:28 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-01 21:28 . 2011-06-01 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-06-01 21:28 . 2011-06-01 21:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-01 14:18 . 2011-06-01 14:18 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-01 02:20 . 2011-06-01 02:20 -------- d-----w- c:\documents and settings\elizabeth bassett\Application Data\SUPERAntiSpyware.com

2011-06-01 02:19 . 2011-06-02 00:46 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-06-01 01:40 . 2011-06-01 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-05-31 20:51 . 2011-05-31 20:51 -------- d-----w- c:\documents and settings\elizabeth bassett\Application Data\Avira

2011-05-31 00:53 . 2011-05-31 01:11 -------- d-s---w- c:\documents and settings\Administrator

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-29 19:09 . 2011-03-29 19:09 21504 ----a-w- c:\windows\system32\drivers\libusb0.sys

2011-03-29 19:09 . 2011-03-29 19:09 37376 ----a-w- c:\windows\system32\libusb0.dll

2011-03-07 05:33 . 2008-04-26 01:44 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 20:11 . 2009-10-05 11:31 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WSED"="c:\program files\WSED\WSED.exe" [2009-03-31 251176]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-15 1434920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"RTHDCPL"="RTHDCPL.EXE" [2009-03-15 17529856]

"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-15 137752]

"OA012Mon"="c:\windows\OA012Mon.exe" [2009-05-11 24576]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-15 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-15 166424]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]

"CapsLKNotify"="c:\program files\CapsLKNotify\CapsLKNotify.exe" [2009-02-23 320808]

"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2008-11-05 623912]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

.

c:\documents and settings\elizabeth bassett\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

PdaNet Desktop.lnk - c:\program files\PdaNet for Windows Mobile\PdaNetPC.exe [2009-10-8 185560]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\PdaNet for Windows Mobile\\PdaNetPC.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [8/7/2009 8:36 PM 14248]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/5/2009 7:31 AM 136360]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [8/7/2009 8:45 PM 143840]

R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [8/7/2009 11:13 PM 135168]

R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [8/7/2009 11:13 PM 133632]

R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [8/7/2009 11:13 PM 272032]

R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [10/8/2009 10:04 PM 9472]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [8/7/2009 11:13 PM 162816]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/7/2009 11:13 PM 1684736]

S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 6:44 PM 183560]

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3573447251-3527773996-2837483881-1006Core.job

- c:\documents and settings\elizabeth bassett\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-14 12:34]

.

2011-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3573447251-3527773996-2837483881-1006UA.job

- c:\documents and settings\elizabeth bassett\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-14 12:34]

.

2011-06-02 c:\windows\Tasks\User_Feed_Synchronization-{6DBEB801-57E6-408F-A94E-D54881017A71}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]

.

------- Supplementary Scan -------

.

uStart Page = https://ecampus.phoenix.edu/Portal/Portal/Public/Login.aspx

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 68.105.28.17 68.105.29.17

FF - ProfilePath - c:\documents and settings\elizabeth bassett\Application Data\Mozilla\Firefox\Profiles\qbclgos3.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - user.js: yahoo.homepage.dontask - true

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-02 15:01

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(848)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\System32\BCMLogon.dll

c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\MFC80.DLL

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll

.

Completion time: 2011-06-02 15:03:58

ComboFix-quarantined-files.txt 2011-06-02 19:03

.

Pre-Run: 141,725,282,304 bytes free

Post-Run: 141,776,539,648 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 8857FCE676F3F331E457B4182C7EBF8B

Superdave · June 2, 2011

The log shows that your Avira is out-of-date. Please update it.

SysProt Antirootkit

Download

SysProt Antirootkit from the link below (you will find it at the bottom

of the page under attachments, or you can get it from one of the

mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
[*]At the bottom of the page
- Hidden Objects Only << Selected
[*]Click on the Create Log button on the bottom right.
[*]After a few seconds a new window should appear.
[*]Select Scan Root Drive. Click on the Start button.
[*]When it is complete a new window will appear to indicate that the scan is finished.
[*]The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Ulfhere · June 2, 2011

Sorry it took so long to get the Comboix report. Could only use one browser and was laggging for over an hour before I rebooted to try again. One bit of good news is now I have audio over internet music stations which I had lost. I have a background in tech support mainly concewrning hardware and networking issues.

Ulfhere · June 2, 2011

It was up to date but when the first virus hit, it disabled the propgram and I had been unable to update it.

Ulfhere · June 2, 2011

Could you give me a more direct link, the 4 listed give multiple links and they all seem to lead away from SysProt Antirootkit

Ulfhere · June 2, 2011

Took me a bit but finally got it downloaded.

SysProt AntiRootkit v1.0.1.0

by swatkat

******************************************************************************************

No Hidden Processes found

******************************************************************************************

Kernel Modules:

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys

Service Name: ---

Module Base: A9E91000

Module End: A9EA9000

Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS

Service Name: ---

Module Base: F7A3B000

Module End: F7A3D000

Hidden: Yes

Module Name: \??\C:\DOCUME~1\ELIZAB~1\LOCALS~1\Temp\catchme.sys

Service Name: catchme

Module Base: F7835000

Module End: F783D000

Hidden: Yes

Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS

Service Name: ---

Module Base: F7A87000

Module End: F7A89000

Hidden: Yes

******************************************************************************************

SSDT:

Function Name: ZwCreateKey

Address: F7C1D3F6

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

Function Name: ZwCreateThread

Address: F7C1D3EC

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

Function Name: ZwDeleteKey

Address: F7C1D3FB

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

Function Name: ZwDeleteValueKey

Address: F7C1D405

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

Function Name: ZwLoadKey

Address: F7C1D40A

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

Function Name: ZwOpenProcess

Address: F7C1D3D8

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

Function Name: ZwOpenThread

Address: F7C1D3DD

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

Function Name: ZwReplaceKey

Address: F7C1D414

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

Function Name: ZwRestoreKey

Address: F7C1D40F

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

Function Name: ZwSetValueKey

Address: F7C1D400

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

******************************************************************************************

No Kernel Hooks found

******************************************************************************************

Hidden files/folders:

Object: C:\Qoobox\BackEnv\AppData.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat

Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00

Status: Access denied

Superdave · June 2, 2011

Is your computer running any better?

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

In your next reply please include the ESET Online Scan Log

Xp Inspiron mini

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Archived