|
-
October 22nd, 2010, 01:59 AM
#1
Can't run scans
I'm hoping this forum can help, and I'm in kind of a bad spot as I was handed my niece's computer because it's not running right, so I have no idea what she's loaded and what sites she's been to. I loaded Spybot, Malwarebytes and Superantispyware, but none of them will run, they do install but when I try to run them, they just lock up. Also, Windows Security has been turned off and I'm not able to turn it back on, it says I need administrator status to do that, but I'm logged in as the administrator. Also not able to rename EXE files outside of safe mode for the same reason.
I went to ESET.com and did an onlne scan, it's the only scan that would run, and it found 4 trojans and removed them, when I ran it again it said nothing found, but I still can't run any of the other scans.
I read the sticky post and I did try renaming the EXE files for Spybot and Malwarebytes, but they still wouldn't run. Spybot just doesn't run and Malwarebytes runs for about 30 seconds and then freezes.
I also ran GMER and it didn't find anything.
I ran DDS, here's the log. Thanks in advance for any help, I'm not sure where to even start with this since I have no idea what she's done with her computer.
DDS (Ver_10-10-21.02) - NTFS_AMD64 NETWORK
Run by Sarah at 0:33:52.20 on Fri 10/22/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3999.3027 [GMT -5:00]
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Sarah\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ares] "C:\Ares\Ares.exe" -h
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQ"&"inst=NwA3AC0AMQAwADYANgAxADEANwAzADQALQBCADMALQA"&"prod=90"&"ver=9.0.856
mRunOnce: [<NO NAME>]
mRunOnce: [GrpConv] grpconv -o
StartupFolder: C:\Users\Sarah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
mRun-x64: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
============= SERVICES / DRIVERS ===============
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-9-4 64000]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/16 03:25:36];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_79b15e90d309c284\AESTSr64.exe [2009-7-16 89088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 23040]
S2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-1-13 365952]
S2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]
S2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-1-13 222512]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2008-9-22 126464]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-10-12 7408]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-8 1255736]
SUnknown SASDIFSV;SASDIFSV; [x]
SUnknown SASKUTIL;SASKUTIL; [x]
=============== Created Last 30 ================
2010-10-22 04:45:50 -------- d-----w- C:\PROGRA~3\!SASCORE
2010-10-22 04:45:48 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2010-10-22 03:50:04 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{C4507B18-C774-4735-B2C5-A318CC9E531E}\mpengine.dll
2010-10-21 00:55:35 -------- d-----w- C:\Program Files (x86)\ESET
2010-10-20 23:38:03 -------- d-----w- C:\PROGRA~3\MFAData
2010-10-20 23:35:53 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-10-20 23:35:53 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-10-16 04:43:01 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-10-16 04:43:01 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-10-16 04:43:00 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-10-16 04:43:00 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2010-10-16 04:43:00 2085376 ----a-w- C:\Windows\System32\ole32.dll
2010-10-16 04:43:00 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2010-10-11 23:56:25 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-10-11 23:56:25 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2010-10-11 21:28:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-11 21:28:03 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-11 21:27:56 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-10-11 21:27:56 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-09-22 16:44:58 558592 ----a-w- C:\Windows\System32\spoolsv.exe
==================== Find3M ====================
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
============= FINISH: 0:34:21.57 ===============
-
October 22nd, 2010, 05:43 AM
#2
Hi and welcome to the VDr forums  .
=========
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe
- * Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run then try to immediately run the following.
Now download and run exeHelper.
- * Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
=================================================================
Now try and run MBA-M immediately before doing anything else.
Let me know how you go.
-
October 22nd, 2010, 11:09 PM
#3
Thanks for your help, I was able to run Rkill from the first link ypou provided and it ran suiccessfully. She does have Windows 7, but I didn't see an option to run as administrator when I right clicked on the icon, but it ran by just right clicking and clicking on open. Here's what the lolg said after it was done:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Sarah on 10/22/2010 at 21:57:47.
Services Stopped:
Processes terminated by Rkill or while it was running:
C:\iTunesHelper.exe
C:\Users\Sarah\Desktop\rkill.com
Rkill completed on 10/22/2010 at 21:57:54.
I ran exeHelper when that was done, here's the log from that:
exeHelper by Raktor
Build 20100414
Run at 21:59:05 on 10/22/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
No errors running either as far as I can tell, but then I tried to run Malwarerbytes and got the same result, it starts and then locks up. I'm unable to close it via the cancel button, it asks if I really want to stop scanning, I click yes, and it just stays there. I also can't close it down via Task Manager either. Any suggestions? Thanks again for your help.
-
October 22nd, 2010, 11:51 PM
#4
Try running this please:
Please download ComboFix by sUBs from HERE or HERE- You must download it to and run it from your Desktop
- Physically disconnect from the internet.
- Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
- Double click combofix.exe & follow the prompts.
- When finished, it will produce a log. Please save that log to post in your next reply.
- Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Run Combofix ONCE only!!
-
October 23rd, 2010, 12:14 AM
#5
I disconnected the wireless connection, shut down all of the scanning software, and ran ComboFix, but I got an error saying, "Incompatible OS. ComboFix only works for workstations with Windows 2000 and XP.
-
October 23rd, 2010, 01:02 AM
#6
As an update, I did try running Malwarebytes again just to try, and I changed from quick scan to full scan, and it appears to be running. Or at least its progressed much further than it eveI has before. its running now, hopefully it will complete the scan.
-
October 23rd, 2010, 01:06 AM
#7
My Bad. I should have looked closer. You have a 64bit operating system and that is why Combofix does not work.
==
Download OTL to your Desktop.
* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
-
October 23rd, 2010, 01:26 PM
#8
OK, Malwarebytes and Superantispyware were both able to run now, Malwarebytes didn't find anything but Superantispyware found what is says are 2 trojans, the pathways are:
c:\USERS\SARAH\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\ELU9BUMJ\PXFPYLXY[1].EXE
C:\USERS\SARAH\DESKTOP\PXFPYLXY.EXE
Not sure if those really are viruses, i wasn't able to find anything about them online.
Superantispyware asked to reboot, but I didn't do that yet per your instructions.
Also, here's the Malwarebytes log:
Scan type: Full scan (C:\|D:\|)
Objects scanned: 345828
Time elapsed: 1 hour(s), 15 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
And I ran the OTL quick scan with the parameters you recommended, but I only got one log, here's the results of that. The log taes this message to almost 50,000 characters and only 20,000 are allowed per post, so I'll post in 3 messages.
OTL logfile created on: 10/23/2010 12:06:46 PM - Run 1
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Users\Sarah\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.05 Gb Total Space | 204.22 Gb Free Space | 71.64% Space Free | Partition Type: NTFS
Drive D: | 13.04 Gb Total Space | 1.46 Gb Free Space | 11.22% Space Free | Partition Type: NTFS
Drive E: | 1.26 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 3.69 Gb Total Space | 0.99 Gb Free Space | 26.88% Space Free | Partition Type: FAT32
Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2010/10/23 12:05:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
PRC - [2009/09/14 10:33:54 | 003,062,272 | ---- | M] (Official Ares) -- C:\Ares\Ares.exe
PRC - [2009/08/19 11:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 11:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/07/17 22:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe
PRC - [2009/05/08 19:32:38 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2008/12/25 15:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/25 15:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/12/17 19:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/11/28 20:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/26 19:13:08 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/11/26 19:13:08 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
========== Modules (SafeList) ==========
MOD - [2010/10/23 12:05:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/10/26 15:49:46 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_79b15e90d309c284\stacsv64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 10:53:06 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_79b15e90d309c284\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 18:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/17 19:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/26 19:13:08 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2008/11/26 19:13:08 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/16 04:49:18 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/10/26 15:50:58 | 000,469,504 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/09/22 00:49:58 | 000,126,464 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2008/09/19 19:43:58 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR)
DRV:64bit: - [2008/09/04 12:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2008/08/06 11:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/24 11:48:10 | 000,250,928 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/03/27 14:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 14:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2007/06/18 19:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/10/12 22:24:56 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/11/28 20:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/07/16 03:25:36] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ares] C:\Ares\Ares.exe (Official Ares)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindows7upgrade.arvato...ProdDetect.cab (HP Product Detection Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
-
October 23rd, 2010, 01:31 PM
#9
Part 2:
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2010/10/23 12:05:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2010/10/22 23:48:14 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/10/22 00:40:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/22 00:39:34 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sarah\Desktop\mbam-setup-1.46.exe
[2010/10/21 23:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/10/21 23:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/21 23:45:10 | 009,578,056 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Sarah\Desktop\SUPERAntiSpyware.exe
[2010/10/20 19:55:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/10/20 19:25:41 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Sarah\Desktop\HijackThis.exe
[2010/10/20 19:10:02 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Sarah\Desktop\bot.exe
[2010/10/20 18:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/10/20 18:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/20 18:35:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/10/20 18:34:11 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Sarah\Desktop\spybotsd162.exe
[2010/10/01 14:59:37 | 000,000,000 | -H-D | C] -- C:\Users\Sarah\Documents\backup
[2010/10/01 14:40:06 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\New folder
[2010/10/01 14:39:45 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\New folder (2)
[2010/10/01 14:39:33 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\New folder
[2010/09/28 22:11:52 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\pics 2 put up
========== Files - Modified Within 30 Days ==========
[2070/04/26 11:20:48 | 001,182,528 | ---- | M] () -- C:\Users\Sarah\Documents\100_3005.JPG
[2070/04/26 11:20:48 | 001,156,676 | ---- | M] () -- C:\Users\Sarah\Documents\100_3019.JPG
[2070/04/26 11:20:48 | 001,150,268 | ---- | M] () -- C:\Users\Sarah\Documents\100_3001.JPG
[2070/04/26 11:20:48 | 001,130,928 | ---- | M] () -- C:\Users\Sarah\Documents\100_3003.JPG
[2070/04/26 11:20:48 | 001,115,896 | ---- | M] () -- C:\Users\Sarah\Documents\100_3010.JPG
[2070/04/26 11:20:48 | 001,109,820 | ---- | M] () -- C:\Users\Sarah\Documents\100_3007.JPG
[2070/04/26 11:20:48 | 001,108,068 | ---- | M] () -- C:\Users\Sarah\Documents\100_3039.JPG
[2070/04/26 11:20:48 | 001,101,664 | ---- | M] () -- C:\Users\Sarah\Documents\100_3002.JPG
[2070/04/26 11:20:48 | 001,092,320 | ---- | M] () -- C:\Users\Sarah\Documents\100_3004.JPG
[2070/04/26 11:20:48 | 001,076,016 | ---- | M] () -- C:\Users\Sarah\Documents\100_3041.JPG
[2070/04/26 11:20:48 | 001,074,580 | ---- | M] () -- C:\Users\Sarah\Documents\100_2989.JPG
[2070/04/26 11:20:48 | 001,045,632 | ---- | M] () -- C:\Users\Sarah\Documents\100_2992.JPG
[2070/04/26 11:20:48 | 001,041,804 | ---- | M] () -- C:\Users\Sarah\Documents\100_3018.JPG
[2070/04/26 11:20:48 | 001,041,632 | ---- | M] () -- C:\Users\Sarah\Documents\100_3017.JPG
[2070/04/26 11:20:48 | 001,040,196 | ---- | M] () -- C:\Users\Sarah\Documents\100_3021.JPG
[2070/04/26 11:20:48 | 001,036,140 | ---- | M] () -- C:\Users\Sarah\Documents\100_2999.JPG
[2070/04/26 11:20:48 | 001,031,676 | ---- | M] () -- C:\Users\Sarah\Documents\100_3013.JPG
[2070/04/26 11:20:48 | 001,017,188 | ---- | M] () -- C:\Users\Sarah\Documents\100_3014.JPG
[2070/04/26 11:20:48 | 001,010,912 | ---- | M] () -- C:\Users\Sarah\Documents\100_3012.JPG
[2070/04/26 11:20:48 | 001,006,160 | ---- | M] () -- C:\Users\Sarah\Documents\100_3022.JPG
[2070/04/26 11:20:48 | 001,005,624 | ---- | M] () -- C:\Users\Sarah\Documents\100_3027.JPG
[2070/04/26 11:20:48 | 001,002,336 | ---- | M] () -- C:\Users\Sarah\Documents\100_3024.JPG
[2070/04/26 11:20:48 | 001,000,008 | ---- | M] () -- C:\Users\Sarah\Documents\100_2987.JPG
[2070/04/26 11:20:48 | 000,993,660 | ---- | M] () -- C:\Users\Sarah\Documents\100_3016.JPG
[2070/04/26 11:20:48 | 000,990,832 | ---- | M] () -- C:\Users\Sarah\Documents\100_2958.JPG
[2070/04/26 11:20:48 | 000,980,156 | ---- | M] () -- C:\Users\Sarah\Documents\100_3025.JPG
[2070/04/26 11:20:48 | 000,977,992 | ---- | M] () -- C:\Users\Sarah\Documents\100_3034.JPG
[2070/04/26 11:20:48 | 000,961,304 | ---- | M] () -- C:\Users\Sarah\Documents\100_3035.JPG
[2070/04/26 11:20:48 | 000,957,196 | ---- | M] () -- C:\Users\Sarah\Documents\100_3008.JPG
[2070/04/26 11:20:48 | 000,943,832 | ---- | M] () -- C:\Users\Sarah\Documents\100_3006.JPG
[2070/04/26 11:20:48 | 000,929,400 | ---- | M] () -- C:\Users\Sarah\Documents\100_3032.JPG
[2070/04/26 11:20:48 | 000,886,116 | ---- | M] () -- C:\Users\Sarah\Documents\100_3036.JPG
[2070/04/26 11:20:48 | 000,866,788 | ---- | M] () -- C:\Users\Sarah\Documents\100_3040.JPG
[2033/08/19 16:40:12 | 000,852,972 | ---- | M] () -- C:\Users\Sarah\Documents\100_3572.JPG
[2033/08/19 16:37:56 | 001,105,452 | ---- | M] () -- C:\Users\Sarah\Documents\100_3570.JPG
[2033/08/19 16:37:14 | 000,942,548 | ---- | M] () -- C:\Users\Sarah\Documents\100_3568.JPG
[2033/08/19 16:30:30 | 001,019,568 | ---- | M] () -- C:\Users\Sarah\Documents\100_3563.JPG
[2033/08/19 16:27:18 | 000,898,276 | ---- | M] () -- C:\Users\Sarah\Documents\100_3562.JPG
[2033/08/19 16:26:02 | 000,913,440 | ---- | M] () -- C:\Users\Sarah\Documents\100_3556.JPG
[2033/08/19 16:09:58 | 000,978,936 | ---- | M] () -- C:\Users\Sarah\Documents\100_3553.JPG
[2033/08/19 16:09:50 | 000,942,776 | ---- | M] () -- C:\Users\Sarah\Documents\100_3552.JPG
[2033/08/19 16:08:44 | 000,986,548 | ---- | M] () -- C:\Users\Sarah\Documents\100_3550.JPG
[2033/08/19 16:08:32 | 000,980,276 | ---- | M] () -- C:\Users\Sarah\Documents\100_3549.JPG
[2033/08/17 15:54:32 | 431,733,406 | ---- | M] () -- C:\Users\Sarah\Documents\100_3548.MOV
[2033/08/17 15:39:48 | 001,089,500 | ---- | M] () -- C:\Users\Sarah\Documents\100_3546.JPG
[2033/08/17 15:39:42 | 000,999,248 | ---- | M] () -- C:\Users\Sarah\Documents\100_3545.JPG
[2033/08/17 15:39:36 | 001,222,640 | ---- | M] () -- C:\Users\Sarah\Documents\100_3544.JPG
[2033/08/17 15:38:56 | 001,146,288 | ---- | M] () -- C:\Users\Sarah\Documents\100_3542.JPG
[2033/08/17 15:38:52 | 001,318,856 | ---- | M] () -- C:\Users\Sarah\Documents\100_3541.JPG
[2033/08/17 15:38:44 | 001,154,316 | ---- | M] () -- C:\Users\Sarah\Documents\100_3539.JPG
[2033/08/17 15:38:42 | 001,123,188 | ---- | M] () -- C:\Users\Sarah\Documents\100_3538.JPG
[2033/08/17 15:38:38 | 001,214,800 | ---- | M] () -- C:\Users\Sarah\Documents\100_3537.JPG
[2033/08/17 15:38:30 | 001,275,992 | ---- | M] () -- C:\Users\Sarah\Documents\100_3536.JPG
[2033/08/17 15:37:16 | 001,175,128 | ---- | M] () -- C:\Users\Sarah\Documents\100_3531.JPG
[2033/08/17 15:26:54 | 074,592,934 | ---- | M] () -- C:\Users\Sarah\Documents\100_3529.MOV
[2033/08/17 15:22:20 | 059,303,670 | ---- | M] () -- C:\Users\Sarah\Documents\100_3528.MOV
[2033/08/17 15:20:04 | 091,613,842 | ---- | M] () -- C:\Users\Sarah\Documents\100_3527.MOV
[2033/08/17 15:17:22 | 036,458,330 | ---- | M] () -- C:\Users\Sarah\Documents\100_3526.MOV
[2033/08/17 15:16:18 | 115,644,106 | ---- | M] () -- C:\Users\Sarah\Documents\facebook.MOV
[2033/08/17 15:12:16 | 183,321,614 | ---- | M] () -- C:\Users\Sarah\Documents\100_3524.MOV
[2033/08/17 14:53:58 | 001,010,560 | ---- | M] () -- C:\Users\Sarah\Documents\100_3523.JPG
[2033/07/19 13:35:32 | 001,212,520 | ---- | M] () -- C:\Users\Sarah\Documents\100_3358.JPG
[2033/07/19 13:35:24 | 001,132,964 | ---- | M] () -- C:\Users\Sarah\Documents\100_3357.JPG
[2033/07/19 13:35:18 | 001,240,552 | ---- | M] () -- C:\Users\Sarah\Documents\100_3356.JPG
[2033/07/19 13:35:12 | 001,057,944 | ---- | M] () -- C:\Users\Sarah\Documents\100_3355.JPG
[2033/07/19 13:35:06 | 001,027,580 | ---- | M] () -- C:\Users\Sarah\Documents\100_3354.JPG
[2033/07/19 13:34:38 | 001,141,248 | ---- | M] () -- C:\Users\Sarah\Documents\100_3353.JPG
[2033/07/19 12:55:14 | 001,151,396 | ---- | M] () -- C:\Users\Sarah\Documents\100_3349.JPG
[2033/07/19 12:55:08 | 000,954,764 | ---- | M] () -- C:\Users\Sarah\Documents\100_3348.JPG
[2033/07/19 12:54:56 | 001,058,876 | ---- | M] () -- C:\Users\Sarah\Documents\100_3347.JPG
[2033/07/19 11:02:12 | 001,078,280 | ---- | M] () -- C:\Users\Sarah\Documents\100_3338.JPG
[2033/07/19 09:36:36 | 001,043,644 | ---- | M] () -- C:\Users\Sarah\Documents\100_3336.JPG
[2033/07/19 09:36:16 | 001,036,664 | ---- | M] () -- C:\Users\Sarah\Documents\100_3334.JPG
[2033/07/19 09:34:38 | 001,065,660 | ---- | M] () -- C:\Users\Sarah\Documents\100_3329.JPG
[2033/07/19 09:34:32 | 001,076,280 | ---- | M] () -- C:\Users\Sarah\Documents\100_3328.JPG
[2033/07/19 09:33:08 | 000,987,156 | ---- | M] () -- C:\Users\Sarah\Documents\100_3327.JPG
[2033/07/19 09:32:54 | 000,995,696 | ---- | M] () -- C:\Users\Sarah\Documents\100_3325.JPG
[2033/07/19 09:32:50 | 000,953,108 | ---- | M] () -- C:\Users\Sarah\Documents\100_3324.JPG
[2033/07/19 09:32:40 | 001,035,372 | ---- | M] () -- C:\Users\Sarah\Documents\100_3322.JPG
[2033/07/19 09:32:36 | 001,022,564 | ---- | M] () -- C:\Users\Sarah\Documents\100_3321.JPG
[2033/07/19 09:32:18 | 001,056,832 | ---- | M] () -- C:\Users\Sarah\Documents\100_3318.JPG
[2033/07/19 09:32:14 | 001,054,780 | ---- | M] () -- C:\Users\Sarah\Documents\100_3317.JPG
[2033/07/19 09:32:08 | 001,019,656 | ---- | M] () -- C:\Users\Sarah\Documents\100_3316.JPG
[2033/07/19 09:32:02 | 000,956,160 | ---- | M] () -- C:\Users\Sarah\Documents\100_3314.JPG
[2033/07/19 09:27:08 | 001,171,672 | ---- | M] () -- C:\Users\Sarah\Documents\100_3310.JPG
[2033/07/19 09:26:58 | 001,058,532 | ---- | M] () -- C:\Users\Sarah\Documents\100_3309.JPG
[2033/07/19 09:26:48 | 001,028,376 | ---- | M] () -- C:\Users\Sarah\Documents\100_3308.JPG
[2033/07/19 09:26:36 | 000,983,824 | ---- | M] () -- C:\Users\Sarah\Documents\100_3307.JPG
[2033/07/19 09:26:30 | 001,013,392 | ---- | M] () -- C:\Users\Sarah\Documents\100_3306.JPG
[2033/07/19 09:26:22 | 001,077,200 | ---- | M] () -- C:\Users\Sarah\Documents\100_3305.JPG
[2033/07/19 09:26:10 | 000,956,536 | ---- | M] () -- C:\Users\Sarah\Documents\100_3304.JPG
[2033/07/19 09:24:34 | 001,061,300 | ---- | M] () -- C:\Users\Sarah\Documents\100_3296.JPG
[2033/07/17 16:48:48 | 033,598,722 | ---- | M] () -- C:\Users\Sarah\Documents\100_3288.MOV
[2033/07/17 13:26:26 | 000,902,188 | ---- | M] () -- C:\Users\Sarah\Documents\100_3283.JPG
[2033/07/17 13:26:22 | 000,763,320 | ---- | M] () -- C:\Users\Sarah\Documents\100_3282.JPG
[2033/07/17 11:43:18 | 001,182,860 | ---- | M] () -- C:\Users\Sarah\Documents\100_3279.JPG
[2033/07/17 11:35:54 | 001,068,368 | ---- | M] () -- C:\Users\Sarah\Documents\100_3274.JPG
[2033/07/17 11:35:42 | 001,088,400 | ---- | M] () -- C:\Users\Sarah\Documents\100_3273.JPG
[2033/07/17 11:00:02 | 001,144,392 | ---- | M] () -- C:\Users\Sarah\Documents\100_3272.JPG
[2033/07/17 10:44:40 | 001,184,748 | ---- | M] () -- C:\Users\Sarah\Documents\100_3271.JPG
[2033/07/17 10:44:30 | 001,152,196 | ---- | M] () -- C:\Users\Sarah\Documents\100_3270.JPG
[2033/07/17 10:44:26 | 001,189,092 | ---- | M] () -- C:\Users\Sarah\Documents\100_3269.JPG
[2033/07/17 10:44:22 | 000,782,676 | ---- | M] () -- C:\Users\Sarah\Documents\100_3268.JPG
[2033/07/17 10:39:00 | 000,827,884 | ---- | M] () -- C:\Users\Sarah\Documents\100_3267.JPG
[2033/07/17 10:38:52 | 000,868,324 | ---- | M] () -- C:\Users\Sarah\Documents\100_3266.JPG
[2033/07/17 10:37:56 | 000,948,868 | ---- | M] () -- C:\Users\Sarah\Documents\100_3265.JPG
[2033/07/17 10:23:28 | 000,970,064 | ---- | M] () -- C:\Users\Sarah\Documents\100_3261.JPG
[2033/07/17 10:20:32 | 000,997,840 | ---- | M] () -- C:\Users\Sarah\Documents\100_3252.JPG
[2033/07/17 10:20:22 | 001,194,160 | ---- | M] () -- C:\Users\Sarah\Documents\100_3251.JPG
[2033/07/17 10:19:38 | 000,710,984 | ---- | M] () -- C:\Users\Sarah\Documents\100_3250.JPG
[2033/07/17 10:19:14 | 000,989,800 | ---- | M] () -- C:\Users\Sarah\Documents\100_3248.JPG
[2033/07/17 10:19:06 | 000,704,688 | ---- | M] () -- C:\Users\Sarah\Documents\100_3247.JPG
[2033/07/17 10:17:30 | 001,208,736 | ---- | M] () -- C:\Users\Sarah\Documents\100_3239.JPG
[2033/07/17 10:17:22 | 001,176,064 | ---- | M] () -- C:\Users\Sarah\Documents\100_3238.JPG
[2033/07/17 10:17:10 | 001,086,848 | ---- | M] () -- C:\Users\Sarah\Documents\100_3237.JPG
[2033/07/17 10:17:00 | 001,218,804 | ---- | M] () -- C:\Users\Sarah\Documents\100_3236.JPG
[2033/07/17 10:16:58 | 001,166,340 | ---- | M] () -- C:\Users\Sarah\Documents\100_3235.JPG
[2033/07/17 10:16:54 | 001,076,856 | ---- | M] () -- C:\Users\Sarah\Documents\100_3234.JPG
[2033/07/17 09:18:28 | 001,230,068 | ---- | M] () -- C:\Users\Sarah\Documents\100_3233.JPG
[2033/07/17 09:17:08 | 000,986,216 | ---- | M] () -- C:\Users\Sarah\Documents\100_3228.JPG
[2033/07/17 09:17:02 | 001,006,904 | ---- | M] () -- C:\Users\Sarah\Documents\100_3227.JPG
[2033/07/17 08:43:38 | 001,148,768 | ---- | M] () -- C:\Users\Sarah\Documents\100_3223.JPG
[2010/10/23 12:06:34 | 000,016,271 | ---- | M] () -- C:\Users\Sarah\Desktop\dr.odt
[2010/10/23 12:05:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2010/10/23 11:53:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/22 23:07:09 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/22 23:07:09 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/22 22:58:50 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/22 22:56:20 | 003,884,020 | ---- | M] () -- C:\Users\Sarah\Desktop\ComboFix.exe
[2010/10/22 22:50:02 | 000,001,282 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/22 22:50:02 | 000,001,258 | ---- | M] () -- C:\Users\Sarah\Desktop\Spybot - Search & Destroy.lnk
[2010/10/22 21:59:23 | 003,169,744 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/22 21:59:23 | 000,702,600 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2010/10/22 21:59:23 | 000,701,624 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2010/10/22 21:59:23 | 000,671,974 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2010/10/22 21:59:23 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/22 21:59:23 | 000,137,196 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2010/10/22 21:59:23 | 000,130,274 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2010/10/22 21:59:23 | 000,128,228 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2010/10/22 21:59:23 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/22 21:59:02 | 000,294,400 | ---- | M] () -- C:\Users\Sarah\Desktop\exeHelper.com
[2010/10/22 21:56:42 | 000,364,032 | ---- | M] () -- C:\Users\Sarah\Desktop\rkill.com
[2010/10/22 00:40:19 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/22 00:39:49 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sarah\Desktop\mbam-setup-1.46.exe
[2010/10/22 00:33:51 | 001,094,656 | ---- | M] () -- C:\Users\Sarah\Desktop\dds.scr
[2010/10/21 23:45:50 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/21 23:45:39 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Sarah\Desktop\SUPERAntiSpyware.exe
[2010/10/20 19:25:50 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Sarah\Desktop\HijackThis.exe
[2010/10/20 19:10:02 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Sarah\Desktop\bot.exe
[2010/10/20 18:38:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm
[2010/10/20 18:38:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm
[2010/10/20 18:34:19 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Sarah\Desktop\spybotsd162.exe
[2010/10/19 20:14:36 | 000,010,649 | ---- | M] () -- C:\Users\Sarah\Desktop\work cited.odt
[2010/10/19 20:14:00 | 000,055,966 | ---- | M] () -- C:\Users\Sarah\Desktop\brochure final.odt
[2010/10/19 20:09:00 | 000,036,909 | ---- | M] () -- C:\Users\Sarah\Desktop\bruchure final cont..odt
[2010/10/18 16:56:05 | 000,028,711 | ---- | M] () -- C:\Users\Sarah\Desktop\brochure assignment.odt
[2010/10/18 14:35:42 | 000,366,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/17 21:14:06 | 365,599,235 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/17 19:56:31 | 000,017,408 | ---- | M] () -- C:\Users\Sarah\Desktop\brochure.doc
[2010/10/11 17:40:23 | 000,014,363 | ---- | M] () -- C:\Users\Sarah\Desktop\bio disscussion.odt
[2010/10/10 11:15:23 | 000,020,204 | ---- | M] () -- C:\Users\Sarah\Desktop\DAT.odt
[2010/10/07 00:15:05 | 000,058,234 | ---- | M] () -- C:\Users\Sarah\AppData\Local\tmpP_01437.0
[2010/10/07 00:15:05 | 000,028,466 | ---- | M] () -- C:\Users\Sarah\AppData\Local\tmpP_01437.JPG
[2010/10/03 19:12:12 | 000,018,663 | ---- | M] () -- C:\Users\Sarah\Desktop\facebook.odt
[2010/10/03 00:53:15 | 000,015,943 | ---- | M] () -- C:\Users\Sarah\Documents\facebook 2.odt
[2010/10/01 14:59:40 | 000,010,769 | ---- | M] () -- C:\Users\Sarah\Documents\p_01375.jpg
[2010/10/01 14:41:39 | 000,001,048 | ---- | M] () -- C:\Users\Sarah\Desktop\untitled - Shortcut.lnk
[2010/10/01 14:26:26 | 000,047,082 | ---- | M] () -- C:\Users\Sarah\Desktop\p_01433.jpg
[2010/09/28 22:45:31 | 001,246,580 | ---- | M] () -- C:\Users\Sarah\AppData\Local\tmp100_4293.JPG
[2010/09/28 22:24:27 | 000,818,895 | ---- | M] () -- C:\Users\Sarah\AppData\Local\tmp100_4380.JPG
[2010/09/28 22:24:26 | 001,030,131 | ---- | M] () -- C:\Users\Sarah\AppData\Local\tmp100_4380.0
[2010/09/27 23:25:22 | 000,995,369 | ---- | M] () -- C:\Users\Sarah\AppData\Local\tmp100_4130.JPG
[2010/09/27 23:25:21 | 001,102,188 | ---- | M] () -- C:\Users\Sarah\AppData\Local\tmp100_4130.0
[2010/09/24 21:42:32 | 000,050,350 | ---- | M] () -- C:\Users\Sarah\Documents\p_01374.jpg
[2010/09/24 21:42:26 | 000,039,585 | ---- | M] () -- C:\Users\Sarah\Documents\p_01373.jpg
[2010/09/24 21:42:16 | 000,048,965 | ---- | M] () -- C:\Users\Sarah\Documents\p_01372.jpg
========== Files Created - No Company Name ==========
[2010/10/23 12:03:16 | 000,016,271 | ---- | C] () -- C:\Users\Sarah\Desktop\dr.odt
[2010/10/22 22:50:02 | 000,001,282 | ---- | C] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/22 22:50:02 | 000,001,258 | ---- | C] () -- C:\Users\Sarah\Desktop\Spybot - Search & Destroy.lnk
-
October 23rd, 2010, 01:32 PM
#10
Part 3:
[2010/10/22 21:58:59 | 000,294,400 | ---- | C] () -- C:\Users\Sarah\Desktop\exeHelper.com
[2010/10/22 21:56:40 | 000,364,032 | ---- | C] () -- C:\Users\Sarah\Desktop\rkill.com
[2010/10/22 00:40:19 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/22 00:33:40 | 001,094,656 | ---- | C] () -- C:\Users\Sarah\Desktop\dds.scr
[2010/10/21 23:53:32 | 003,884,020 | ---- | C] () -- C:\Users\Sarah\Desktop\ComboFix.exe
[2010/10/19 20:14:30 | 000,010,649 | ---- | C] () -- C:\Users\Sarah\Desktop\work cited.odt
[2010/10/19 19:40:56 | 000,036,909 | ---- | C] () -- C:\Users\Sarah\Desktop\bruchure final cont..odt
[2010/10/19 11:48:47 | 000,055,966 | ---- | C] () -- C:\Users\Sarah\Desktop\brochure final.odt
[2010/10/18 16:15:16 | 000,028,711 | ---- | C] () -- C:\Users\Sarah\Desktop\brochure assignment.odt
[2010/10/17 19:56:25 | 000,017,408 | ---- | C] () -- C:\Users\Sarah\Desktop\brochure.doc
[2010/10/11 17:40:22 | 000,014,363 | ---- | C] () -- C:\Users\Sarah\Desktop\bio disscussion.odt
[2010/10/10 11:11:20 | 000,020,204 | ---- | C] () -- C:\Users\Sarah\Desktop\DAT.odt
[2010/10/07 00:14:36 | 000,058,234 | ---- | C] () -- C:\Users\Sarah\AppData\Local\tmpP_01437.0
[2010/10/07 00:14:36 | 000,028,466 | ---- | C] () -- C:\Users\Sarah\AppData\Local\tmpP_01437.JPG
[2010/10/03 00:53:14 | 000,015,943 | ---- | C] () -- C:\Users\Sarah\Documents\facebook 2.odt
[2010/10/01 14:41:39 | 000,001,048 | ---- | C] () -- C:\Users\Sarah\Desktop\untitled - Shortcut.lnk
[2010/10/01 14:41:19 | 001,094,502 | ---- | C] () -- C:\Users\Sarah\Documents\untitled.bmp
[2010/10/01 14:41:19 | 000,192,742 | ---- | C] () --
C:\Users\Sarah\Documents\Snapshot_20090903_21.jpg
[2010/10/01 14:41:19 | 000,191,922 | ---- | C] () -- C:\Users\Sarah\Documents\Snapshot_20090903_22.jpg
[2010/10/01 14:41:19 | 000,105,378 | ---- | C] () -- C:\Users\Sarah\Documents\picc.jpg
[2010/10/01 14:41:19 | 000,076,724 | ---- | C] () -- C:\Users\Sarah\Documents\pic5.jpg
[2010/10/01 14:41:19 | 000,054,652 | ---- | C] () -- C:\Users\Sarah\Documents\p_012066.jpg
[2010/10/01 14:41:19 | 000,050,350 | ---- | C] () -- C:\Users\Sarah\Documents\p_01374.jpg
[2010/10/01 14:41:19 | 000,048,965 | ---- | C] () -- C:\Users\Sarah\Documents\p_01372.jpg
[2010/10/01 14:41:19 | 000,039,585 | ---- | C] () -- C:\Users\Sarah\Documents\p_01373.jpg
[2010/10/01 14:41:19 | 000,035,724 | ---- | C] () -- C:\Users\Sarah\Documents\p_01370.jpg
[2010/10/01 14:41:19 | 000,010,769 | ---- | C] () -- C:\Users\Sarah\Documents\p_01375.jpg
[2010/10/01 14:40:16 | 000,047,082 | ---- | C] () -- C:\Users\Sarah\Desktop\p_01433.jpg
[2010/09/28 22:44:58 | 001,246,580 | ---- | C] () -- C:\Users\Sarah\AppData\Local\tmp100_4293.JPG
[2010/09/28 22:24:27 | 001,030,131 | ---- | C] () -- C:\Users\Sarah\AppData\Local\tmp100_4380.0
[2010/09/28 22:24:27 | 000,818,895 | ---- | C] () -- C:\Users\Sarah\AppData\Local\tmp100_4380.JPG
[2010/09/27 23:25:22 | 001,102,188 | ---- | C] () -- C:\Users\Sarah\AppData\Local\tmp100_4130.0
[2010/09/27 23:25:22 | 000,995,369 | ---- | C] () -- C:\Users\Sarah\AppData\Local\tmp100_4130.JPG
[2010/09/05 22:09:36 | 000,036,227 | ---- | C] () -- C:\Users\Sarah\AppData\Local\tmpP_01360.0
[2010/09/05 22:09:36 | 000,010,354 | ---- | C] () -- C:\Users\Sarah\AppData\Local\tmpP_01360.JPG
[2010/07/04 17:32:15 | 000,936,394 | ---- | C] () -- C:\Users\Sarah\AppData\Local\tmp100_2706.JPG
[2010/07/04 17:32:14 | 001,298,966 | ---- | C] () -- C:\Users\Sarah\AppData\Local\tmp100_2706.0
[2010/07/04 17:29:07 | 001,093,852 | ---- | C] () -- C:\Users\Sarah\AppData\Local\tmp100_3657.JPG
[2010/05/03 00:54:53 | 001,175,128 | ---- | C] () -- C:\Users\Sarah\AppData\Local\tmp100_3531.JPG
[2010/04/09 15:27:42 | 001,190,768 | ---- | C] () -- C:\Users\Sarah\AppData\Local\tmp100_3148.JPG
[2010/02/18 23:31:28 | 000,074,938 | ---- | C] () -- C:\Users\Sarah\AppData\Local\tmpSNAPSHOT_20091104.0
[2010/02/18 23:31:28 | 000,058,424 | ---- | C] () -- C:\Users\Sarah\AppData\Local\tmpSNAPSHOT_20091104.JPG
[2010/01/24 01:53:11 | 000,277,350 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2010/01/24 01:53:11 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Local\QSwitch.txt
[2010/01/24 01:53:11 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DSwitch.txt
[2010/01/24 01:53:11 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Local\AtStart.txt
[2009/10/04 18:40:33 | 000,024,226 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\UserTile.png
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
========== LOP Check ==========
[2010/01/24 01:17:33 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OpenOffice.org
[2009/10/04 18:40:33 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\PeerNetworking
[2010/01/24 01:17:35 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\PlayFirst
[2010/01/24 01:17:35 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\WildTangent
[2010/09/27 23:01:50 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2009/11/12 17:33:04 | 010,358,048 | ---- | M] (Apple Inc.) -- C:\iTunes.exe
[2009/11/12 17:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\iTunesHelper.exe
[2009/11/12 17:33:12 | 000,292,640 | ---- | M] (Apple Inc.) -- C:\iTunesPhotoProcessor.exe
< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2007/05/18 00:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
< MD5 for: IASTORV.SYS >
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 20:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/07/13 20:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
< %systemroot%\System32\config\*.sav >
< >
< End of report >
-
October 23rd, 2010, 01:35 PM
#11
Sorry, there actually was a second log, I didn't see it at first, here's that:
OTL Extras logfile created on: 10/23/2010 12:06:49 PM - Run 1
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Users\Sarah\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.05 Gb Total Space | 204.22 Gb Free Space | 71.64% Space Free | Partition Type: NTFS
Drive D: | 13.04 Gb Total Space | 1.46 Gb Free Space | 11.22% Space Free | Partition Type: NTFS
Drive E: | 1.26 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 3.69 Gb Total Space | 0.99 Gb Free Space | 26.88% Space Free | Partition Type: FAT32
Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{36E90C09-EB23-4EAC-8B47-12C0CA5DBD3A}" = HP User Guides 0126
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Ares_is1" = Ares 3.1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ESET Online Scanner" = ESET Online Scanner v3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP.MediaSmartSlingPlayer_is1" = HP MediaSmart SlingPlayer
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"WildTangent hp Master Uninstall" = HP Games
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
-
October 23rd, 2010, 09:02 PM
#12
MBA-M log was incomplete. I am unable to see the headers. Please re-post.
==
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
:Commands
[emptyflash]
[emptytemp]
[resethosts]
[Reboot]
- Then click the Run Fix button at the top.
- Let the program run unhindered, reboot the PC when it is done.
- Post log from this run.
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
October 24th, 2010, 01:07 PM
#13
Here's the Malwarebytes log:
/Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4930
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
10/23/2010 10:10:15 PM
mbam-log-2010-10-23 (22-10-15).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 344007
Time elapsed: 1 hour(s), 3 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Here's the OTL log before rebooting:
All processes killed
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[resethosts]> in the current context!
Error: Unable to interpret <[Reboot]> in the current context!
OTL by OldTimer - Version 3.2.17.0 log created on 10242010_114836
Files\Folders moved on Reboot...
C:\Users\Sarah\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Users\Sarah\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Sarah\AppData\Local\Temp\~DF24957CC0C2DAC4A6.TMP not found!
File\Folder C:\Users\Sarah\AppData\Local\Temp\~DF95983A6A31246DBA.TMP not found!
File\Folder C:\Users\Sarah\AppData\Local\Temp\~DFAB7593ACECD06A07.TMP not found!
File\Folder C:\Users\Sarah\AppData\Local\Temp\~DFB3DDF6AF93C47EC0.TMP not found!
File\Folder C:\Users\Sarah\AppData\Local\Temp\~DFCB46FCC837BB78AD.TMP not found!
File\Folder C:\Users\Sarah\AppData\Local\Temp\~DFD9AAE53AE8686BB5.TMP not found!
C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M04RX2CK\VDI_Banner_300x250_30k[3].html moved successfully.
Registry entries deleted on Reboot...
After I rebooted I can't run the scans again, OTL just says "Getting drive info" and nothing happens, and I'm also not able to run Malwarebytres. It does what it did before, starts scanning and freezes after a few seconds, and I'm not able to close it.
-
October 24th, 2010, 04:31 PM
#14
Go to Kaspersky website and perform an online antivirus scan.
1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on the Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
- Mail databases
6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
-
October 24th, 2010, 10:00 PM
#15
Sorry, I tried running the Kaspersky scan but it says I'm running other anitvirus software and it can't run. I checked my security settings and it says Windows did not find any antivirus software on this computer. Any suggestions?
Thanks again
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
