Malware Computer Freezing And Software Not Responding

I stupidly downloaded uTorrent and Nod32 found 7 trojans, Adware and Groskster on December 28th. Malwarebytes Pro disappeared and Superantispyware was disabled. The computer has been freezing and software isn't responding. I am in safe mode right now. I would appreciate any help you may be able to give me. The logs requested will follow. Thank you.





Malwarebytes' Anti-Malware 1.44
Database version: 3606
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/20/2010 11:17:56 PM
mbam-log-2010-01-20 (23-17-56).txt

Scan type: Quick Scan
Objects scanned: 150638
Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-21 14:12:35
Windows 5.1.2600 Service Pack 3
Running: t0b551w0.exe; Driver: C:\DOCUME~1\Joe\LOCALS~1\Temp\kwdyypog.sys


---- System - GMER 1.0.15 ----

SSDT 8A3878A0 ZwAssignProcessToJobObject
SSDT 8A386CB0 ZwOpenProcess
SSDT 8A3870D0 ZwOpenThread
SSDT 8A3876D0 ZwSuspendProcess
SSDT 8A3874F0 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB69DB0B0]
SSDT 8A387310 ZwTerminateThread
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA04A16D0]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9571380, 0x34C81F, 0xE8000020]
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[368] ws2_32.dll!getsockname 71AB3D10 6 Bytes JMP 00EB0000
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[368] ws2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 00F00000
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[368] ws2_32.dll!connect 71AB4A07 6 Bytes JMP 00EF0000
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[368] ws2_32.dll!WSAStartup 71AB6A55 6 Bytes JMP 00ED0000
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[368] ws2_32.dll!getpeername 71AC0B68 4 Bytes [FF, 25, 1C, 00]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[368] ws2_32.dll!getpeername + 5 71AC0B6D 1 Byte [00]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[368] ws2_32.dll!WSAConnect 71AC0C81 6 Bytes JMP 00EE0000
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[384] ws2_32.dll!getsockname 71AB3D10 6 Bytes JMP 01950000
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[384] ws2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 019A0000
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[384] ws2_32.dll!connect 71AB4A07 6 Bytes JMP 01990000
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[384] ws2_32.dll!WSAStartup 71AB6A55 6 Bytes JMP 01970000
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[384] ws2_32.dll!getpeername 71AC0B68 6 Bytes JMP 01960000
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[384] ws2_32.dll!WSAConnect 71AC0C81 6 Bytes JMP 01980000
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[392] ws2_32.dll!getsockname 71AB3D10 6 Bytes JMP 00AE0000
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[392] ws2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 00B30000
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[392] ws2_32.dll!connect 71AB4A07 6 Bytes JMP 00B20000
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[392] ws2_32.dll!WSAStartup 71AB6A55 6 Bytes JMP 00B00000
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[392] ws2_32.dll!getpeername 71AC0B68 6 Bytes JMP 00AF0000
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[392] ws2_32.dll!WSAConnect 71AC0C81 6 Bytes JMP 00B10000
.text C:\WINDOWS\system32\ctfmon.exe[396] ws2_32.dll!getsockname 71AB3D10 6 Bytes JMP 00B40000
.text C:\WINDOWS\system32\ctfmon.exe[396] ws2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 00B90000
.text C:\WINDOWS\system32\ctfmon.exe[396] ws2_32.dll!connect 71AB4A07 6 Bytes JMP 00B80000
.text C:\WINDOWS\system32\ctfmon.exe[396] ws2_32.dll!WSAStartup 71AB6A55 6 Bytes JMP 00B60000
.text C:\WINDOWS\system32\ctfmon.exe[396] ws2_32.dll!getpeername 71AC0B68 6 Bytes JMP 00B50000
.text C:\WINDOWS\system32\ctfmon.exe[396] ws2_32.dll!WSAConnect 71AC0C81 6 Bytes JMP 00B70000
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[404] ws2_32.dll!getsockname 71AB3D10 6 Bytes JMP 00B20000
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[404] ws2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 00B70000
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[404] ws2_32.dll!connect 71AB4A07 6 Bytes JMP 00B60000
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[404] ws2_32.dll!WSAStartup 71AB6A55 6 Bytes JMP 00B40000
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[404] ws2_32.dll!getpeername 71AC0B68 6 Bytes JMP 00B30000
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[404] ws2_32.dll!WSAConnect 71AC0C81 6 Bytes JMP 00B50000
.text C:\WINDOWS\system32\notepad.exe[492] ws2_32.dll!getsockname 71AB3D10 6 Bytes JMP 009B0000
.text C:\WINDOWS\system32\notepad.exe[492] ws2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 00A00000
.text C:\WINDOWS\system32\notepad.exe[492] ws2_32.dll!connect 71AB4A07 6 Bytes JMP 009F0000
.text C:\WINDOWS\system32\notepad.exe[492] ws2_32.dll!WSAStartup 71AB6A55 6 Bytes JMP 009D0000
.text C:\WINDOWS\system32\notepad.exe[492] ws2_32.dll!getpeername 71AC0B68 6 Bytes JMP 009C0000
.text C:\WINDOWS\system32\notepad.exe[492] ws2_32.dll!WSAConnect 71AC0C81 6 Bytes JMP 009E0000
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[500] WS2_32.dll!getsockname 71AB3D10 6 Bytes JMP 05620000
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[500] WS2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 05670000
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[500] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 05660000
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[500] WS2_32.dll!WSAStartup 71AB6A55 6 Bytes JMP 05640000
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[500] WS2_32.dll!getpeername 71AC0B68 6 Bytes JMP 05630000
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[500] WS2_32.dll!WSAConnect 71AC0C81 6 Bytes JMP 05650000
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[620] WS2_32.dll!getsockname 71AB3D10 6 Bytes JMP 00C50000
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[620] WS2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 00CA0000
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[620] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 00C90000
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[620] WS2_32.dll!WSAStartup 71AB6A55 6 Bytes JMP 00C70000
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[620] WS2_32.dll!getpeername 71AC0B68 6 Bytes JMP 00C60000
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[620] WS2_32.dll!WSAConnect 71AC0C81 6 Bytes JMP 00C80000
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1300] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\WINDOWS\Explorer.EXE[2036] ws2_32.dll!getsockname 71AB3D10 6 Bytes JMP 01EB0000
.text C:\WINDOWS\Explorer.EXE[2036] ws2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 01F00000
.text C:\WINDOWS\Explorer.EXE[2036] ws2_32.dll!connect 71AB4A07 6 Bytes JMP 01EF0000
.text C:\WINDOWS\Explorer.EXE[2036] ws2_32.dll!WSAStartup 71AB6A55 6 Bytes JMP 01ED0000
.text C:\WINDOWS\Explorer.EXE[2036] ws2_32.dll!getpeername 71AC0B68 4 Bytes [FF, 25, 1C, 00]
.text C:\WINDOWS\Explorer.EXE[2036] ws2_32.dll!getpeername + 5 71AC0B6D 1 Byte [01]
.text C:\WINDOWS\Explorer.EXE[2036] ws2_32.dll!WSAConnect 71AC0C81 6 Bytes JMP 01EE0000
.text C:\Documents and Settings\Joe\Desktop\t0b551w0.exe[2420] ws2_32.dll!getsockname 71AB3D10 6 Bytes JMP 00B60000
.text C:\Documents and Settings\Joe\Desktop\t0b551w0.exe[2420] ws2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 00BB0000
.text C:\Documents and Settings\Joe\Desktop\t0b551w0.exe[2420] ws2_32.dll!connect 71AB4A07 6 Bytes JMP 00BA0000
.text C:\Documents and Settings\Joe\Desktop\t0b551w0.exe[2420] ws2_32.dll!WSAStartup 71AB6A55 6 Bytes JMP 00B80000
.text C:\Documents and Settings\Joe\Desktop\t0b551w0.exe[2420] ws2_32.dll!getpeername 71AC0B68 6 Bytes JMP 00B70000
.text C:\Documents and Settings\Joe\Desktop\t0b551w0.exe[2420] ws2_32.dll!WSAConnect 71AC0C81 6 Bytes JMP 00B90000
.text C:\WINDOWS\notepad.exe[2844] ws2_32.dll!getsockname 71AB3D10 6 Bytes JMP 009B0000
.text C:\WINDOWS\notepad.exe[2844] ws2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 00A00000
.text C:\WINDOWS\notepad.exe[2844] ws2_32.dll!connect 71AB4A07 6 Bytes JMP 009F0000
.text C:\WINDOWS\notepad.exe[2844] ws2_32.dll!WSAStartup 71AB6A55 6 Bytes JMP 009D0000
.text C:\WINDOWS\notepad.exe[2844] ws2_32.dll!getpeername 71AC0B68 6 Bytes JMP 009C0000
.text C:\WINDOWS\notepad.exe[2844] ws2_32.dll!WSAConnect 71AC0C81 6 Bytes JMP 009E0000
.text C:\WINDOWS\system32\wuauclt.exe[2972] ws2_32.dll!getsockname 71AB3D10 6 Bytes JMP 00AC0000
.text C:\WINDOWS\system32\wuauclt.exe[2972] ws2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 00B10000
.text C:\WINDOWS\system32\wuauclt.exe[2972] ws2_32.dll!connect 71AB4A07 6 Bytes JMP 00B00000
.text C:\WINDOWS\system32\wuauclt.exe[2972] ws2_32.dll!WSAStartup 71AB6A55 6 Bytes JMP 00AE0000
.text C:\WINDOWS\system32\wuauclt.exe[2972] ws2_32.dll!getpeername 71AC0B68 6 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\wuauclt.exe[2972] ws2_32.dll!WSAConnect 71AC0C81 6 Bytes JMP 00AF0000
.text C:\WINDOWS\notepad.exe[3532] ws2_32.dll!getsockname 71AB3D10 6 Bytes JMP 009B0000
.text C:\WINDOWS\notepad.exe[3532] ws2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 00A00000
.text C:\WINDOWS\notepad.exe[3532] ws2_32.dll!connect 71AB4A07 6 Bytes JMP 009F0000
.text C:\WINDOWS\notepad.exe[3532] ws2_32.dll!WSAStartup 71AB6A55 6 Bytes JMP 009D0000
.text C:\WINDOWS\notepad.exe[3532] ws2_32.dll!getpeername 71AC0B68 6 Bytes JMP 009C0000
.text C:\WINDOWS\notepad.exe[3532] ws2_32.dll!WSAConnect 71AC0C81 6 Bytes JMP 009E0000
.text C:\WINDOWS\system32\notepad.exe[4060] ws2_32.dll!getsockname 71AB3D10 6 Bytes JMP 009B0000
.text C:\WINDOWS\system32\notepad.exe[4060] ws2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 00A00000
.text C:\WINDOWS\system32\notepad.exe[4060] ws2_32.dll!connect 71AB4A07 6 Bytes JMP 009F0000
.text C:\WINDOWS\system32\notepad.exe[4060] ws2_32.dll!WSAStartup 71AB6A55 6 Bytes JMP 009D0000
.text C:\WINDOWS\system32\notepad.exe[4060] ws2_32.dll!getpeername 71AC0B68 6 Bytes JMP 009C0000
.text C:\WINDOWS\system32\notepad.exe[4060] ws2_32.dll!WSAConnect 71AC0C81 6 Bytes JMP 009E0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:568] 8A385930

---- EOF - GMER 1.0.15 ----

 

OTL logfile created on: 1/21/2010 1:07:58 PM - Run 1
OTL by OldTimer - Version 3.1.25.3 Folder = C:\Documents and Settings\Joe\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 159.97 Gb Free Space | 68.69% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 219.15 Gb Free Space | 94.10% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOMBUILD
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Joe\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files\Ad Muncher\AdMunch.exe (Murray Hurps Corp Pty Ltd)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\Program Files\Executive Software\Diskeeper\DkService.exe (Executive Software International, Inc.)
PRC - C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Joe\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Ad Muncher\AM31318.dll (Murray Hurps Corp Pty Ltd)


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
SRV - (Diskeeper) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe (Executive Software International, Inc.)
SRV - (Creative Service for CDROM Access) -- C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (afcdp) -- C:\WINDOWS\system32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\WINDOWS\system32\DRIVERS\tdrpm251.sys (Acronis)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3ED591BC-7CC7-495B-A526-B2431356EDC1}:2.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: C:\Program Files\Ad Muncher\FirefoxExtension_2.0 [2009/11/07 17:50:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/19 22:38:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/20 23:44:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: C:\Program Files\Ad Muncher\FirefoxExtension_2.0 [2009/11/07 17:50:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/07/26 15:30:22 | 00,000,000 | ---D | M]

[2010/01/19 22:38:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Mozilla\Extensions
[2010/01/19 23:05:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\kuxe1nhc.default\extensions
[2010/01/20 23:22:48 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 07:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe (Murray Hurps Corp Pty Ltd)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Joe\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Documents and Settings\Joe\Desktop\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: computerhelpforums.net ([]http in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210131402984 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mombuild
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/06 16:52:53 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 16:42:20 | 00,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{823c60b0-d91c-11de-aaab-001d7d0b3d86}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (auto_reactivate C:\bootwiz\asrm.bin) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/05/06 12:37:50 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/01/21 13:05:40 | 00,547,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe
[2010/01/21 11:46:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/21 11:45:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Desktop\ERUNT
[2010/01/21 11:13:57 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\TFC.exe
[2010/01/20 23:37:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/01/20 23:37:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/01/20 23:33:46 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/01/20 23:27:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/01/20 23:22:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/01/20 23:22:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/01/20 23:22:46 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/20 23:22:46 | 00,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/20 23:22:46 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/20 23:22:46 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/20 23:22:46 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/20 23:22:34 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2010/01/20 23:22:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\Sun
[2010/01/20 23:13:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\Malwarebytes
[2010/01/20 23:13:04 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/20 23:13:02 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/20 23:13:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/20 23:13:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/20 23:07:12 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/20 22:45:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\SUPERAntiSpyware.com
[2010/01/20 20:31:54 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Joe\PrivacIE
[2010/01/20 20:28:04 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Joe\IETldCache
[2010/01/20 20:24:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/01/20 20:22:54 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/01/20 20:22:54 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/01/19 22:38:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Local Settings\Application Data\Mozilla
[2010/01/19 22:38:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\Mozilla
[2010/01/19 22:38:05 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/01/17 22:14:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\Acronis
[2010/01/12 23:14:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\My Documents\New Folder (2)
[2010/01/12 16:48:33 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/03 17:23:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\dvdcss
[2009/12/28 15:33:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Local Settings\Application Data\ESET
[2009/12/28 15:01:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\Apple Computer
[2009/12/28 15:01:25 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2009/12/28 15:01:25 | 00,026,600 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2009/12/28 15:00:47 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/12/28 15:00:45 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/12/28 15:00:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/12/28 15:00:32 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/12/28 14:59:57 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/12/28 14:59:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/12/28 14:59:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Local Settings\Application Data\Apple
[2009/12/28 14:59:47 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/12/28 14:59:20 | 02,065,696 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2009/12/28 14:59:20 | 00,040,448 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\drivers\usbaapl.sys
[2009/12/28 14:58:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/12/28 14:58:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/12/28 14:58:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Local Settings\Application Data\Apple Computer
[2009/12/24 20:38:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\U3
[2009/11/07 17:17:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2009/08/26 02:07:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Acronis
[2009/07/31 10:24:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/05/06 19:52:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/05/06 16:52:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/05/06 16:52:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/04/10 20:41:06 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2010/01/21 13:05:55 | 00,547,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe
[2010/01/21 12:00:45 | 00,195,128 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/21 12:00:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/21 12:00:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/21 11:49:45 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\t0b551w0.exe
[2010/01/21 11:46:01 | 00,000,644 | ---- | M] () -- C:\Documents and Settings\Joe\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/01/21 11:45:51 | 00,000,470 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\NTREGOPT.lnk
[2010/01/21 11:45:51 | 00,000,451 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\ERUNT.lnk
[2010/01/21 11:18:41 | 03,932,160 | -H-- | M] () -- C:\Documents and Settings\Joe\NTUSER.DAT
[2010/01/21 11:18:41 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Joe\ntuser.ini
[2010/01/21 11:14:08 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\TFC.exe
[2010/01/20 23:57:53 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/20 23:31:39 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/20 23:31:39 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/20 23:31:39 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2010/01/20 23:22:37 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/20 23:22:37 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/20 23:22:36 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/20 23:22:36 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/20 23:22:36 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/20 23:14:48 | 00,000,484 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Joe.job
[2010/01/20 23:14:43 | 00,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Joe.job
[2010/01/20 23:13:07 | 00,000,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/20 23:07:13 | 00,001,749 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\HijackThis.lnk
[2010/01/20 20:25:21 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/20 20:19:30 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/19 22:38:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/01/19 22:38:08 | 00,001,617 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/19 21:44:10 | 00,000,510 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Console Defragmentation.job
[2010/01/17 18:48:20 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/09 19:57:45 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\Joe\My Documents\Default.rdp
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/04 20:36:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/03 17:02:03 | 00,187,386 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\iTunes Diagnostics.spx
[2010/01/03 17:02:03 | 00,002,177 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\iTunes Diagnostics.rtf
[2010/01/03 00:32:01 | 00,000,241 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\CRAIG'S LIST NJ.url
[2009/12/28 15:28:01 | 00,305,461 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\BitTorrent-6.3b.exe
[2009/12/28 15:00:17 | 00,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/12/26 13:38:18 | 00,000,241 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\CRAIG'S LIST PA..url

========== Files Created - No Company Name ==========

[2010/01/21 11:46:01 | 00,000,644 | ---- | C] () -- C:\Documents and Settings\Joe\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/01/21 11:45:51 | 00,000,470 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\NTREGOPT.lnk
[2010/01/21 11:45:51 | 00,000,451 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\ERUNT.lnk
[2010/01/21 11:13:12 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\t0b551w0.exe
[2010/01/20 23:14:36 | 00,000,484 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Joe.job
[2010/01/20 23:14:33 | 00,000,470 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Joe.job
[2010/01/20 23:13:07 | 00,000,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/20 23:07:13 | 00,001,749 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\HijackThis.lnk
[2010/01/19 22:38:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/19 22:38:08 | 00,001,617 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/09 19:57:45 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\Joe\My Documents\Default.rdp
[2010/01/03 17:02:03 | 00,187,386 | ---- | C] () -- C:\Documents and Settings\Joe\My Documents\iTunes Diagnostics.spx
[2010/01/03 17:02:03 | 00,002,177 | ---- | C] () -- C:\Documents and Settings\Joe\My Documents\iTunes Diagnostics.rtf
[2009/12/28 15:28:00 | 00,305,461 | ---- | C] () -- C:\Documents and Settings\Joe\My Documents\BitTorrent-6.3b.exe
[2009/12/28 15:01:27 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/12/28 15:00:17 | 00,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/12/28 14:59:49 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/24 15:31:28 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/11/24 15:31:28 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/11/24 14:23:43 | 00,017,920 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/12 00:30:56 | 00,096,944 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/07/29 20:25:23 | 00,000,054 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/06/10 01:34:20 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/05/06 22:17:47 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/06 22:05:39 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/05/06 17:49:46 | 00,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2008/05/06 17:49:46 | 00,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/05/06 17:14:07 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/06 17:14:07 | 01,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/06 17:14:07 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/06 17:14:07 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/06 17:13:39 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/05/03 06:38:42 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2003/10/02 05:48:18 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

========== LOP Check ==========

[2009/08/26 18:02:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/07/26 19:53:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad Muncher
[2009/07/26 15:30:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/07/29 20:54:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/27 00:59:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/12/28 15:01:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/17 22:14:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Acronis
[2009/07/29 20:44:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Auslogics
[2009/07/29 20:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Javacool Software
[2009/09/10 18:09:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\SPORE
[2009/07/29 20:40:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\VSRevoGroup
[2010/01/19 21:44:10 | 00,000,510 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics Console Defragmentation.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Joe\Desktop\t0b551w0.exe:SummaryInformation
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84098FD3
< End of report >

 

OTL Extras logfile created on: 1/21/2010 1:07:58 PM - Run 1
OTL by OldTimer - Version 3.1.25.3 Folder = C:\Documents and Settings\Joe\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 159.97 Gb Free Space | 68.69% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 219.15 Gb Free Space | 94.10% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOMBUILD
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*isabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*isabled:VLC media player -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPOREâ„¢ Galactic Adventures
"{65D872BC-7C4B-4945-8EEA-8DBA37EB82AD}" = VistaBootPRO 3.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPOREâ„¢
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4914EF-6618-4949-A1CF-BD4917A00221}" = SYSTEM_INFO B07.0927.01
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CDF97135-7FD2-4289-96B8-DD4505267ACD}" = ESET NOD32 Antivirus
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4576E0D-2295-4B8E-B663-B68086B00EE5}" = Sonic CinePlayer DVD Pack
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E87BE7F8-3077-40C1-8592-956F649A2781}" = Diskeeper Professional Edition
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"Ad Muncher" = Ad Muncher v4.8 Build 31318
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Belarc Advisor" = Belarc Advisor 7.2
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"ERUNT_is1" = ERUNT 1.1j
"EULAlyzer_is1" = EULAlyzer 2.0
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Revo Uninstaller" = Revo Uninstaller 1.83
"SysInfo" = Creative System Information
"VLC media player" = VLC media player 1.0.3
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Youtube Music Downloader_is1" = Youtube Music Downloader V3.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/16/2010 3:07:57 PM | Computer Name = MOMBUILD | Source = Application Error | ID = 1000
Description = Faulting application sporeapp.exe, version 1.2.0.2688, faulting module
sporeapp.exe, version 1.2.0.2688, fault address 0x007da0f2.

Error - 1/16/2010 3:08:19 PM | Computer Name = MOMBUILD | Source = Application Error | ID = 1001
Description = Fault bucket 1346100411.

Error - 1/16/2010 7:41:54 PM | Computer Name = MOMBUILD | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16945, stamp 4ae6e731,
faulting module yt.dll, version 2009.7.31.1, stamp 4a72570f, debug? 0, fault address
0x00051ac5.

Error - 1/19/2010 5:18:00 PM | Computer Name = MOMBUILD | Source = Application Error | ID = 1000
Description = Faulting application sporeapp.exe, version 1.2.0.2688, faulting module
sporeapp.exe, version 1.2.0.2688, fault address 0x007da0f2.

Error - 1/19/2010 5:18:19 PM | Computer Name = MOMBUILD | Source = Application Error | ID = 1001
Description = Fault bucket 1346100411.

Error - 1/21/2010 12:50:10 PM | Computer Name = MOMBUILD | Source = Application Hang | ID = 1002
Description = Hanging application t0b551w0.exe, version 1.0.15.15281, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/21/2010 12:50:47 PM | Computer Name = MOMBUILD | Source = Application Hang | ID = 1001
Description = Fault bucket 1670563651.

Error - 1/21/2010 12:53:24 PM | Computer Name = MOMBUILD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16945, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/21/2010 12:53:38 PM | Computer Name = MOMBUILD | Source = Application Hang | ID = 1001
Description = Fault bucket 1564914690.

[ System Events ]
Error - 1/21/2010 12:18:17 PM | Computer Name = MOMBUILD | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 1/21/2010 12:18:17 PM | Computer Name = MOMBUILD | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/21/2010 12:18:17 PM | Computer Name = MOMBUILD | Source = Service Control Manager | ID = 7034
Description = The Creative Service for CDROM Access service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/21/2010 12:18:17 PM | Computer Name = MOMBUILD | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/21/2010 12:18:17 PM | Computer Name = MOMBUILD | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/21/2010 12:18:17 PM | Computer Name = MOMBUILD | Source = Service Control Manager | ID = 7034
Description = The User Profile Hive Cleanup service terminated unexpectedly. It
has done this 1 time(s).

Error - 1/21/2010 12:18:17 PM | Computer Name = MOMBUILD | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 1/21/2010 12:18:17 PM | Computer Name = MOMBUILD | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 1/21/2010 12:18:17 PM | Computer Name = MOMBUILD | Source = Service Control Manager | ID = 7031
Description = The Diskeeper service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 1/21/2010 12:57:51 PM | Computer Name = MOMBUILD | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.


< End of report >

 

Hello, bad88monte
Welcome to the ComputerHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



Please take note of some guidelines for this fix:

• Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
• If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
• Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
• Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
• Please set your system to show all files.
  Click Start, open My Computer, select the Tools menu and click Folder Options.
  Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
  Uncheck: Hide file extensions for known file types
  Uncheck the Hide protected operating system files (recommended) option.
  Click Yes to confirm.

Please run your system in normal mode if possible.


Download Combofix from any of the links below but rename it to <schrauber> before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.

• When finished, it will produce a report for you.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

​

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

​

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

Thank you, Tom. I was unable to download ComboFix from either link, (page cannot be displayed) so, I downloaded it from bleepingcomputer. I hope that was alright to do that.

ComboFix 10-01-21.01 - Joe 01/21/2010 17:32:34.2.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.2959 [GMT -5:00]
Running from: c:\documents and settings\Joe\Desktop\schrauber.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-21 21:57 . 2010-01-21 21:59 -------- d-----w- c:\windows\LastGood
2010-01-21 04:38 . 2010-01-21 04:38 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-01-21 04:37 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Joe\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-21 04:37 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-21 04:37 . 2010-01-21 04:37 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-21 04:37 . 2010-01-21 04:37 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-01-21 04:37 . 2010-01-21 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-21 04:27 . 2010-01-21 04:27 -------- d-----w- c:\windows\Sun
2010-01-21 04:13 . 2010-01-21 04:13 -------- d-----w- c:\documents and settings\Joe\Application Data\Malwarebytes
2010-01-21 04:13 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-21 04:13 . 2010-01-21 04:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-21 04:13 . 2010-01-21 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-21 04:13 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-21 04:07 . 2010-01-21 04:07 -------- d-----w- c:\program files\Trend Micro
2010-01-21 03:46 . 2010-01-21 03:46 52224 ----a-w- c:\documents and settings\Joe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-21 03:46 . 2010-01-21 03:46 117760 ----a-w- c:\documents and settings\Joe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-21 03:45 . 2010-01-21 03:45 -------- d-----w- c:\documents and settings\Joe\Application Data\SUPERAntiSpyware.com
2010-01-21 01:31 . 2010-01-21 01:31 -------- d-sh--w- c:\documents and settings\Joe\PrivacIE
2010-01-21 01:28 . 2010-01-21 01:28 -------- d-sh--w- c:\documents and settings\Joe\IETldCache
2010-01-21 01:24 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-21 01:24 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-21 01:24 . 2010-01-21 03:38 -------- d-----w- c:\windows\ie8updates
2010-01-21 01:24 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-21 01:22 . 2010-01-05 10:00 78336 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2010-01-21 01:22 . 2010-01-05 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-20 03:38 . 2010-01-20 03:38 0 ----a-w- c:\windows\nsreg.dat
2010-01-20 03:38 . 2010-01-20 03:38 -------- d-----w- c:\documents and settings\Joe\Local Settings\Application Data\Mozilla
2010-01-12 21:48 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-03 22:23 . 2010-01-03 22:23 -------- d-----w- c:\documents and settings\Joe\Application Data\dvdcss
2010-01-02 20:15 . 2010-01-02 20:16 -------- d-----w- c:\documents and settings\Brandon\Local Settings\Application Data\Roblox
2010-01-02 20:15 . 2010-01-02 20:15 -------- d-----w- c:\documents and settings\Brandon\Local Settings\Application Data\RobloxDownloads
2010-01-02 20:15 . 2010-01-02 20:15 -------- d-----w- c:\documents and settings\Brandon\Local Settings\Application Data\RobloxVersions
2010-01-01 16:59 . 2010-01-01 16:59 -------- d-----w- c:\documents and settings\Maureen\Local Settings\Application Data\Adobe
2010-01-01 16:51 . 2010-01-01 16:51 -------- d-----w- c:\documents and settings\Maureen\Local Settings\Application Data\Apple Computer
2009-12-30 19:04 . 2009-12-30 19:04 31952 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-30 18:46 . 2009-12-30 19:05 -------- d-----w- c:\documents and settings\Mike\Application Data\Apple Computer
2009-12-29 02:33 . 2009-12-29 02:33 -------- d-----w- c:\documents and settings\Brandon\Local Settings\Application Data\Apple Computer
2009-12-29 00:27 . 2009-12-29 00:27 -------- d-----w- c:\documents and settings\Joey\Local Settings\Application Data\Apple Computer
2009-12-28 20:33 . 2009-12-28 20:33 -------- d-----w- c:\documents and settings\Joe\Local Settings\Application Data\ESET
2009-12-28 20:01 . 2009-12-28 20:43 -------- d-----w- c:\documents and settings\Joe\Application Data\Apple Computer
2009-12-28 19:58 . 2009-12-28 20:00 -------- d-----w- c:\program files\Common Files\Apple
2009-12-28 19:58 . 2009-12-28 20:52 -------- d-----w- c:\documents and settings\Joe\Local Settings\Application Data\Apple Computer
2009-12-28 19:54 . 2009-12-30 19:24 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Apple Computer
2009-12-25 01:38 . 2009-12-25 01:41 -------- d-----w- c:\documents and settings\Joe\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 20:27 . 2010-01-21 20:27 0 ----a-w- c:\documents and settings\Joe\Application Data\wklnhst.dat
2010-01-21 04:39 . 2008-05-06 22:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-21 04:22 . 2010-01-21 04:22 61440 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-424f014c-n\decora-sse.dll
2010-01-21 04:22 . 2010-01-21 04:22 503808 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-424f014c-n\msvcp71.dll
2010-01-21 04:22 . 2010-01-21 04:22 499712 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-424f014c-n\jmc.dll
2010-01-21 04:22 . 2010-01-21 04:22 348160 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-424f014c-n\msvcr71.dll
2010-01-21 04:22 . 2010-01-21 04:22 12800 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-424f014c-n\decora-d3d.dll
2010-01-21 04:22 . 2010-01-21 04:22 -------- d-----w- c:\program files\Common Files\Java
2010-01-21 04:22 . 2010-01-21 04:22 315392 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5e66dbb5-n\jogl.dll
2010-01-21 04:22 . 2010-01-21 04:22 20480 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5e66dbb5-n\jogl_awt.dll
2010-01-21 04:22 . 2010-01-21 04:22 20480 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-6f4a07f3-n\gluegen-rt.dll
2010-01-21 04:22 . 2010-01-21 04:22 114688 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5e66dbb5-n\jogl_cg.dll
2010-01-21 04:22 . 2010-01-21 04:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-21 04:22 . 2010-01-21 04:22 -------- d-----w- c:\program files\Java
2010-01-21 01:13 . 2009-07-26 18:44 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 14:31 . 2008-05-07 02:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-17 23:52 . 2009-11-24 19:29 -------- d-----w- c:\documents and settings\Joe\Application Data\vlc
2010-01-07 02:12 . 2009-12-28 20:00 -------- d-----w- c:\program files\iTunes
2010-01-03 22:08 . 2009-12-28 20:00 -------- d-----w- c:\program files\iPod
2010-01-01 09:00 . 2009-08-12 05:30 96944 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-28 20:01 . 2009-12-28 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-28 20:01 . 2009-12-28 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-28 20:00 . 2009-12-28 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-28 20:00 . 2009-12-28 20:00 -------- d-----w- c:\program files\Bonjour
2009-12-28 20:00 . 2009-12-28 19:59 -------- d-----w- c:\program files\QuickTime
2009-12-28 19:59 . 2009-12-28 19:59 -------- d-----w- c:\program files\Apple Software Update
2009-12-21 22:58 . 2009-12-19 15:25 52224 ----a-w- c:\documents and settings\Maureen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-06 01:52 . 2009-12-06 01:52 15840168 ----a-w- c:\documents and settings\Brandon\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller1x0\airinstaller1x0.exe
2009-11-28 17:15 . 2009-11-28 17:15 -------- d-----w- c:\program files\AB-Tools.com
2009-11-27 12:20 . 2008-05-06 22:07 177152 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2009-11-27 01:28 . 2009-11-27 01:28 -------- d-----r- c:\documents and settings\Joe\Application Data\Brother
2009-11-26 17:36 . 2009-11-26 17:36 -------- d-----w- c:\documents and settings\Joey\Application Data\Yahoo!
2009-11-24 19:28 . 2009-11-24 19:28 -------- d-----w- c:\program files\VideoLAN
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-12 22:07 . 2009-11-12 22:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-08 17:24 . 2009-11-08 17:24 1825704 ----a-w- c:\windows\system32\auto_reactivate.exe
2009-11-08 00:02 . 2009-11-08 00:02 31952 ----a-w- c:\documents and settings\Maureen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-07 23:58 . 2009-11-07 23:58 159168 ----a-w- c:\windows\system32\drivers\afcdp.sys
2009-11-07 23:58 . 2009-11-07 23:58 902432 ----a-w- c:\windows\system32\drivers\tdrpm251.sys
2009-11-07 23:58 . 2009-08-26 06:24 570016 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-11-07 23:58 . 2009-08-26 06:23 157248 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-11-07 22:41 . 2009-09-13 21:35 117760 ----a-w- c:\documents and settings\Maureen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-29 07:46 . 2004-08-04 12:00 832512 ------w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-19 2002160]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"Ad Muncher"="c:\program files\Ad Muncher\AdMunch.exe" [2009-11-07 862208]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5048488]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357384]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13684736]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-12-27 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-11-07 22:41 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate c:\bootwiz\asrm.bin

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-09-12 21:31 357384 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-03-28 04:03 13684736 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-03-28 04:03 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-03-28 04:03 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-27 02:48 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [11/7/2009 6:58 PM 902432]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 1:23 PM 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 1:24 PM 93336]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 3:03 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 3:03 PM 74480]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [11/7/2009 6:58 PM 2326920]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 1:23 PM 727720]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/20/2010 11:13 PM 236368]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [11/7/2009 6:58 PM 159168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/20/2010 11:13 PM 19160]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 3:51 PM 4096]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - BANTEXT
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder

2010-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-20 c:\windows\Tasks\Auslogics Console Defragmentation.job
- c:\program files\Auslogics\AusLogics Disk Defrag\cdefrag.exe [2009-07-30 22:13]

2010-01-21 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Joe.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-21 21:07]

2010-01-21 c:\windows\Tasks\Malwarebytes' Scheduled Update for Joe.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-21 21:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y16348F&id=menu_ie_frame
IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y16348F&id=menu_ie_image
IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y16348F&id=menu_ie_link
IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y16348F&id=menu_ie_exclude
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y16348F&id=menu_ie_report
Trusted Zone: computerhelpforums.net
FF - ProfilePath - c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\kuxe1nhc.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-ERUNT_is1 - c:\documents and settings\Joe\Desktop\ERUNT\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 17:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1993962763-1960408961-839522115-1006\Software\SecuROM\License information*]
"datasecu"=hex:55,a5,13,92,e5,e0,b6,01,78,8e,26,1a,8b,df,3f,77,4e,32,61,27,c3,
a6,38,7d,5f,91,71,b7,63,f8,b0,a1,25,31,ec,1c,23,13,20,97,bf,ba,e4,fe,8f,10,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(960)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\documents and settings\Joe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Joe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

- - - - - - - > 'explorer.exe'(2012)
c:\windows\system32\WININET.dll
c:\program files\Ad Muncher\AM31318.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-21 17:35:13
ComboFix-quarantined-files.txt 2010-01-21 22:35
ComboFix2.txt 2010-01-21 22:24

Pre-Run: 171,827,195,904 bytes free
Post-Run: 171,817,394,176 bytes free

- - End Of File - - 8DCCA530A1AACA4FA66D62B67CB60510

 

This was the second run of Combofix, please post back with the following logfile:

C:\Qoobox\Combofix2.txt

 

Is this one what you mean Tom? I had a problem with one of the things and it had to do with hidden files or something. I had to rerun the scan because the first one i ran was not done , my bad according to your instructions. I had to call my mom in law aqnd ask her to show me what to do. I am scheduled to work today so it may be awhile before I can continue with this. I'm hoping to be done work late afternoon. Is that ok? The mother in law told me she won't keep track of it for me because it's my mess and i have to clean it up. Thanks for working with me, I know I messed up trying to get free music and i'm discovering that nothing is really ever free it sure has a hefty price.


ComboFix 10-01-21.01 - Joe 01/21/2010 17:19:50.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.3009 [GMT -5:00]
Running from: c:\documents and settings\Joe\Desktop\schrauber.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1262766257-1166551956-1385648660-1001
c:\$recycle.bin\S-1-5-21-1389856103-3170270496-1815725931-1000
c:\$recycle.bin\S-1-5-21-2493622543-1626451148-4179923261-1000
c:\program files\Internet Explorer\SET14E.tmp
c:\windows\EventSystem.log
c:\windows\system32\Data

.
((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-21 04:38 . 2010-01-21 04:38 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-01-21 04:37 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Joe\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-21 04:37 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-21 04:37 . 2010-01-21 04:37 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-21 04:37 . 2010-01-21 04:37 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-01-21 04:37 . 2010-01-21 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-21 04:27 . 2010-01-21 04:27 -------- d-----w- c:\windows\Sun
2010-01-21 04:13 . 2010-01-21 04:13 -------- d-----w- c:\documents and settings\Joe\Application Data\Malwarebytes
2010-01-21 04:13 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-21 04:13 . 2010-01-21 04:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-21 04:13 . 2010-01-21 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-21 04:13 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-21 04:07 . 2010-01-21 04:07 -------- d-----w- c:\program files\Trend Micro
2010-01-21 03:46 . 2010-01-21 03:46 52224 ----a-w- c:\documents and settings\Joe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-21 03:46 . 2010-01-21 03:46 117760 ----a-w- c:\documents and settings\Joe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-21 03:45 . 2010-01-21 03:45 -------- d-----w- c:\documents and settings\Joe\Application Data\SUPERAntiSpyware.com
2010-01-21 01:31 . 2010-01-21 01:31 -------- d-sh--w- c:\documents and settings\Joe\PrivacIE
2010-01-21 01:28 . 2010-01-21 01:28 -------- d-sh--w- c:\documents and settings\Joe\IETldCache
2010-01-21 01:24 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-21 01:24 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-21 01:24 . 2010-01-21 03:38 -------- d-----w- c:\windows\ie8updates
2010-01-21 01:24 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-21 01:22 . 2010-01-05 10:00 78336 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2010-01-21 01:22 . 2010-01-05 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-20 03:38 . 2010-01-20 03:38 0 ----a-w- c:\windows\nsreg.dat
2010-01-20 03:38 . 2010-01-20 03:38 -------- d-----w- c:\documents and settings\Joe\Local Settings\Application Data\Mozilla
2010-01-12 21:48 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-03 22:23 . 2010-01-03 22:23 -------- d-----w- c:\documents and settings\Joe\Application Data\dvdcss
2010-01-02 20:15 . 2010-01-02 20:16 -------- d-----w- c:\documents and settings\Brandon\Local Settings\Application Data\Roblox
2010-01-02 20:15 . 2010-01-02 20:15 -------- d-----w- c:\documents and settings\Brandon\Local Settings\Application Data\RobloxDownloads
2010-01-02 20:15 . 2010-01-02 20:15 -------- d-----w- c:\documents and settings\Brandon\Local Settings\Application Data\RobloxVersions
2010-01-01 16:59 . 2010-01-01 16:59 -------- d-----w- c:\documents and settings\Maureen\Local Settings\Application Data\Adobe
2010-01-01 16:51 . 2010-01-01 16:51 -------- d-----w- c:\documents and settings\Maureen\Local Settings\Application Data\Apple Computer
2009-12-30 19:04 . 2009-12-30 19:04 31952 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-30 18:46 . 2009-12-30 19:05 -------- d-----w- c:\documents and settings\Mike\Application Data\Apple Computer
2009-12-29 02:33 . 2009-12-29 02:33 -------- d-----w- c:\documents and settings\Brandon\Local Settings\Application Data\Apple Computer
2009-12-29 00:27 . 2009-12-29 00:27 -------- d-----w- c:\documents and settings\Joey\Local Settings\Application Data\Apple Computer
2009-12-28 20:33 . 2009-12-28 20:33 -------- d-----w- c:\documents and settings\Joe\Local Settings\Application Data\ESET
2009-12-28 20:01 . 2009-12-28 20:43 -------- d-----w- c:\documents and settings\Joe\Application Data\Apple Computer
2009-12-28 19:58 . 2009-12-28 20:00 -------- d-----w- c:\program files\Common Files\Apple
2009-12-28 19:58 . 2009-12-28 20:52 -------- d-----w- c:\documents and settings\Joe\Local Settings\Application Data\Apple Computer
2009-12-28 19:54 . 2009-12-30 19:24 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Apple Computer
2009-12-25 01:38 . 2009-12-25 01:41 -------- d-----w- c:\documents and settings\Joe\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 20:27 . 2010-01-21 20:27 0 ----a-w- c:\documents and settings\Joe\Application Data\wklnhst.dat
2010-01-21 04:39 . 2008-05-06 22:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-21 04:22 . 2010-01-21 04:22 61440 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-424f014c-n\decora-sse.dll
2010-01-21 04:22 . 2010-01-21 04:22 503808 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-424f014c-n\msvcp71.dll
2010-01-21 04:22 . 2010-01-21 04:22 499712 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-424f014c-n\jmc.dll
2010-01-21 04:22 . 2010-01-21 04:22 348160 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-424f014c-n\msvcr71.dll
2010-01-21 04:22 . 2010-01-21 04:22 12800 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-424f014c-n\decora-d3d.dll
2010-01-21 04:22 . 2010-01-21 04:22 -------- d-----w- c:\program files\Common Files\Java
2010-01-21 04:22 . 2010-01-21 04:22 315392 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5e66dbb5-n\jogl.dll
2010-01-21 04:22 . 2010-01-21 04:22 20480 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5e66dbb5-n\jogl_awt.dll
2010-01-21 04:22 . 2010-01-21 04:22 20480 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-6f4a07f3-n\gluegen-rt.dll
2010-01-21 04:22 . 2010-01-21 04:22 114688 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5e66dbb5-n\jogl_cg.dll
2010-01-21 04:22 . 2010-01-21 04:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-21 04:22 . 2010-01-21 04:22 -------- d-----w- c:\program files\Java
2010-01-21 01:13 . 2009-07-26 18:44 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 14:31 . 2008-05-07 02:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-17 23:52 . 2009-11-24 19:29 -------- d-----w- c:\documents and settings\Joe\Application Data\vlc
2010-01-07 02:12 . 2009-12-28 20:00 -------- d-----w- c:\program files\iTunes
2010-01-03 22:08 . 2009-12-28 20:00 -------- d-----w- c:\program files\iPod
2010-01-01 09:00 . 2009-08-12 05:30 96944 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-28 20:01 . 2009-12-28 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-28 20:01 . 2009-12-28 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-28 20:00 . 2009-12-28 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-28 20:00 . 2009-12-28 20:00 -------- d-----w- c:\program files\Bonjour
2009-12-28 20:00 . 2009-12-28 19:59 -------- d-----w- c:\program files\QuickTime
2009-12-28 19:59 . 2009-12-28 19:59 -------- d-----w- c:\program files\Apple Software Update
2009-12-21 22:58 . 2009-12-19 15:25 52224 ----a-w- c:\documents and settings\Maureen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-06 01:52 . 2009-12-06 01:52 15840168 ----a-w- c:\documents and settings\Brandon\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller1x0\airinstaller1x0.exe
2009-11-28 17:15 . 2009-11-28 17:15 -------- d-----w- c:\program files\AB-Tools.com
2009-11-27 12:20 . 2008-05-06 22:07 177152 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2009-11-27 01:28 . 2009-11-27 01:28 -------- d-----r- c:\documents and settings\Joe\Application Data\Brother
2009-11-26 17:36 . 2009-11-26 17:36 -------- d-----w- c:\documents and settings\Joey\Application Data\Yahoo!
2009-11-24 19:28 . 2009-11-24 19:28 -------- d-----w- c:\program files\VideoLAN
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-12 22:07 . 2009-11-12 22:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-08 17:24 . 2009-11-08 17:24 1825704 ----a-w- c:\windows\system32\auto_reactivate.exe
2009-11-08 00:02 . 2009-11-08 00:02 31952 ----a-w- c:\documents and settings\Maureen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-07 23:58 . 2009-11-07 23:58 159168 ----a-w- c:\windows\system32\drivers\afcdp.sys
2009-11-07 23:58 . 2009-11-07 23:58 902432 ----a-w- c:\windows\system32\drivers\tdrpm251.sys
2009-11-07 23:58 . 2009-08-26 06:24 570016 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-11-07 23:58 . 2009-08-26 06:23 157248 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-11-07 22:41 . 2009-09-13 21:35 117760 ----a-w- c:\documents and settings\Maureen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-29 07:46 . 2004-08-04 12:00 832512 ------w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-19 2002160]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"Ad Muncher"="c:\program files\Ad Muncher\AdMunch.exe" [2009-11-07 862208]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5048488]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357384]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13684736]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-12-27 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-11-07 22:41 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate c:\bootwiz\asrm.bin

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-09-12 21:31 357384 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-03-28 04:03 13684736 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-03-28 04:03 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-03-28 04:03 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-27 02:48 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [11/7/2009 6:58 PM 902432]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 1:23 PM 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 1:24 PM 93336]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 3:03 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 3:03 PM 74480]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [11/7/2009 6:58 PM 2326920]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 1:23 PM 727720]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/20/2010 11:13 PM 236368]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [11/7/2009 6:58 PM 159168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/20/2010 11:13 PM 19160]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 3:51 PM 4096]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - BANTEXT
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder

2010-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-20 c:\windows\Tasks\Auslogics Console Defragmentation.job
- c:\program files\Auslogics\AusLogics Disk Defrag\cdefrag.exe [2009-07-30 22:13]

2010-01-21 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Joe.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-21 21:07]

2010-01-21 c:\windows\Tasks\Malwarebytes' Scheduled Update for Joe.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-21 21:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y16348F&id=menu_ie_frame
IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y16348F&id=menu_ie_image
IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y16348F&id=menu_ie_link
IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y16348F&id=menu_ie_exclude
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=6Y16348F&id=menu_ie_report
Trusted Zone: computerhelpforums.net
FF - ProfilePath - c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\kuxe1nhc.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 17:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1993962763-1960408961-839522115-1006\Software\SecuROM\License information*]
"datasecu"=hex:55,a5,13,92,e5,e0,b6,01,78,8e,26,1a,8b,df,3f,77,4e,32,61,27,c3,
a6,38,7d,5f,91,71,b7,63,f8,b0,a1,25,31,ec,1c,23,13,20,97,bf,ba,e4,fe,8f,10,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(960)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\documents and settings\Joe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Joe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
.
Completion time: 2010-01-21 17:24:04
ComboFix-quarantined-files.txt 2010-01-21 22:23

Pre-Run: 171,820,019,712 bytes free
Post-Run: 171,817,299,968 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" oexecute=optin /fastdetect

- - End Of File - - 697981EFEA0418C32B8146EBC6FEF15E

 

Yes

Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile, also please post back with a fresh OTL logfile.

 

This is a good spot to jump in and remind all of our members who may be reading this that there are some forums that will not even entertain the idea of helping where P2P programs appear in the logs and are not removed. We do not take that position and are more liberal in the sense that we will help you disinfect. HOWEVER, our Malware Removal Specialists give of their time freely to help our members. They undergo rigorous training and it is often a painstaking process.

We do reserve the right to deny help to anyone who keeps coming back with the same problem or at least problems stemming from the same P2P cause.

None of that applies here but it needed saying.

Carry on, sorry for the interruption.

 

To beeceebee and malware staff: Thank you for not just the help but for making an exception tro the rule. I will not be a repeater and thats a promise.

Here are the logs you requested Tom. Thanks for you patience.
Joe

Malwarebytes' Anti-Malware 1.44
Database version: 3617
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/22/2010 5:13:07 PM
mbam-log-2010-01-22 (17-13-07).txt

Scan type: Quick Scan
Objects scanned: 150968
Time elapsed: 3 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL logfile created on: 1/22/2010 5:40:07 PM - Run 2
OTL by OldTimer - Version 3.1.25.4 Folder = C:\Documents and Settings\Joe\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 156.39 Gb Free Space | 67.16% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 218.80 Gb Free Space | 93.95% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOMBUILD
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Joe\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files\Ad Muncher\AdMunch.exe (Murray Hurps Corp Pty Ltd)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\Program Files\Executive Software\Diskeeper\DkService.exe (Executive Software International, Inc.)
PRC - C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Joe\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Ad Muncher\AM31318.dll (Murray Hurps Corp Pty Ltd)


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
SRV - (Diskeeper) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe (Executive Software International, Inc.)
SRV - (Creative Service for CDROM Access) -- C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (afcdp) -- C:\WINDOWS\system32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\WINDOWS\system32\DRIVERS\tdrpm251.sys (Acronis)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3ED591BC-7CC7-495B-A526-B2431356EDC1}:2.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: C:\Program Files\Ad Muncher\FirefoxExtension_2.0 [2009/11/07 17:50:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/19 22:38:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/20 23:44:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: C:\Program Files\Ad Muncher\FirefoxExtension_2.0 [2009/11/07 17:50:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/07/26 15:30:22 | 00,000,000 | ---D | M]

[2010/01/19 22:38:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Mozilla\Extensions
[2010/01/19 23:05:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\kuxe1nhc.default\extensions
[2010/01/20 23:22:48 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 07:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Javaâ„¢ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe (Murray Hurps Corp Pty Ltd)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: computerhelpforums.net ([]http in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...wlscbase370.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1210131402984 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15035/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mombuild
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/06 16:52:53 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 16:42:20 | 00,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (auto_reactivate C:\bootwiz\asrm.bin) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/05/06 12:37:50 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/01/22 17:21:49 | 00,547,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe
[2010/01/21 22:33:39 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/01/21 20:08:19 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/21 17:32:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Desktop\Malware Removal
[2010/01/21 17:16:53 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/21 17:15:50 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/21 17:15:50 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/21 17:15:50 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/21 17:15:50 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/21 17:15:14 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/21 11:46:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/20 23:37:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/01/20 23:37:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/01/20 23:33:46 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/01/20 23:27:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/01/20 23:22:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/01/20 23:22:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/01/20 23:22:46 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/20 23:22:46 | 00,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/20 23:22:46 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/20 23:22:46 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/20 23:22:46 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/20 23:22:34 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2010/01/20 23:22:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\Sun
[2010/01/20 23:13:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\Malwarebytes
[2010/01/20 23:13:04 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/20 23:13:02 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/20 23:13:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/20 23:13:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/20 23:07:12 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/20 22:45:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\SUPERAntiSpyware.com
[2010/01/20 20:31:54 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Joe\PrivacIE
[2010/01/20 20:28:04 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Joe\IETldCache
[2010/01/20 20:24:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/01/20 20:22:54 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/01/20 20:22:54 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/01/19 22:38:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Local Settings\Application Data\Mozilla
[2010/01/19 22:38:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\Mozilla
[2010/01/19 22:38:05 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/01/17 22:14:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\Acronis
[2010/01/12 16:48:33 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/03 17:23:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\dvdcss
[2009/12/28 15:33:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Local Settings\Application Data\ESET
[2009/12/28 15:01:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\Apple Computer
[2009/12/28 15:01:25 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2009/12/28 15:01:25 | 00,026,600 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2009/12/28 15:00:47 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/12/28 15:00:45 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/12/28 15:00:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/12/28 15:00:32 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/12/28 14:59:57 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/12/28 14:59:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/12/28 14:59:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Local Settings\Application Data\Apple
[2009/12/28 14:59:47 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/12/28 14:59:20 | 02,065,696 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2009/12/28 14:59:20 | 00,040,448 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\drivers\usbaapl.sys
[2009/12/28 14:58:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/12/28 14:58:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/12/28 14:58:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Local Settings\Application Data\Apple Computer
[2009/12/24 20:38:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\U3
[2009/11/07 17:17:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2009/08/26 02:07:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Acronis
[2009/07/31 10:24:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/05/06 19:52:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/05/06 16:52:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/05/06 16:52:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/04/10 20:41:06 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2010/01/22 17:22:05 | 00,547,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe
[2010/01/22 16:59:56 | 00,195,128 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/22 16:58:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/22 16:58:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/22 09:53:16 | 03,932,160 | -H-- | M] () -- C:\Documents and Settings\Joe\NTUSER.DAT
[2010/01/22 09:53:16 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Joe\ntuser.ini
[2010/01/22 09:53:06 | 04,310,580 | -H-- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\IconCache.db
[2010/01/21 22:28:28 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/21 21:44:31 | 00,000,510 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Console Defragmentation.job
[2010/01/21 20:04:31 | 00,000,484 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Joe.job
[2010/01/21 19:59:14 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/21 18:00:07 | 00,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Joe.job
[2010/01/21 17:34:03 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/21 17:16:57 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/21 16:00:22 | 00,001,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2010/01/21 15:41:33 | 00,018,944 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/21 15:27:36 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\wklnhst.dat
[2010/01/20 23:31:39 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/20 23:31:39 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2010/01/20 23:22:37 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/20 23:22:37 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/20 23:22:36 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/20 23:22:36 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/20 23:22:36 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/20 23:13:07 | 00,000,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/20 23:07:13 | 00,001,749 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\HijackThis.lnk
[2010/01/20 22:38:36 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/19 22:38:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/01/19 22:38:08 | 00,001,617 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/09 19:57:45 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\Joe\My Documents\Default.rdp
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/05 05:00:29 | 00,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/01/05 05:00:28 | 01,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/01/05 05:00:28 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/01/05 05:00:28 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/01/05 05:00:28 | 00,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2010/01/05 05:00:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2010/01/05 05:00:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010/01/05 05:00:28 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/01/05 05:00:28 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2010/01/05 05:00:28 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010/01/05 05:00:27 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/01/05 05:00:27 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2010/01/05 05:00:27 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2010/01/05 05:00:26 | 03,599,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/01/05 05:00:25 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/01/05 05:00:25 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/01/05 05:00:24 | 01,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/01/05 05:00:24 | 01,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/01/05 05:00:24 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/01/05 05:00:24 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/01/05 05:00:24 | 00,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/01/05 05:00:24 | 00,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/01/05 05:00:24 | 00,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/01/05 05:00:24 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2010/01/05 05:00:24 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2010/01/05 05:00:24 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/01/05 05:00:24 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/01/05 05:00:23 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/01/05 05:00:21 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/01/05 05:00:21 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/01/05 05:00:21 | 00,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2010/01/05 05:00:21 | 00,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/01/05 05:00:21 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2010/01/05 05:00:21 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2010/01/05 05:00:21 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2010/01/05 05:00:21 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010/01/05 05:00:21 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2010/01/05 05:00:21 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2010/01/05 05:00:21 | 00,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2010/01/05 05:00:21 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/01/05 05:00:21 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/01/05 05:00:21 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/01/05 05:00:20 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2010/01/05 05:00:20 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010/01/05 05:00:20 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010/01/05 05:00:20 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll
[2010/01/05 05:00:20 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2010/01/05 05:00:20 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2010/01/04 20:36:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/03 17:02:03 | 00,187,386 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\iTunes Diagnostics.spx
[2010/01/03 17:02:03 | 00,002,177 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\iTunes Diagnostics.rtf
[2010/01/03 00:32:01 | 00,000,241 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\CRAIG'S LIST NJ.url
[2009/12/31 10:33:27 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2009/12/31 10:33:06 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2009/12/31 10:33:06 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2009/12/31 10:33:06 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2009/12/28 15:00:17 | 00,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/12/26 13:38:18 | 00,000,241 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\CRAIG'S LIST PA..url

========== Files Created - No Company Name ==========

[2010/01/21 17:16:57 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/21 17:16:54 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/21 17:15:50 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/21 17:15:50 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/21 17:15:50 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/21 17:15:50 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/21 17:15:50 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/21 16:00:22 | 00,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2010/01/21 15:27:36 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Joe\Application Data\wklnhst.dat
[2010/01/20 23:14:36 | 00,000,484 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Joe.job
[2010/01/20 23:14:33 | 00,000,470 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Joe.job
[2010/01/20 23:13:07 | 00,000,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/20 23:07:13 | 00,001,749 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\HijackThis.lnk
[2010/01/19 22:38:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/19 22:38:08 | 00,001,617 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/09 19:57:45 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\Joe\My Documents\Default.rdp
[2010/01/03 17:02:03 | 00,187,386 | ---- | C] () -- C:\Documents and Settings\Joe\My Documents\iTunes Diagnostics.spx
[2010/01/03 17:02:03 | 00,002,177 | ---- | C] () -- C:\Documents and Settings\Joe\My Documents\iTunes Diagnostics.rtf
[2009/12/28 15:01:27 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/12/28 15:00:17 | 00,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/12/28 14:59:49 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/24 15:31:28 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/11/24 15:31:28 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/11/24 14:23:43 | 00,018,944 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/12 00:30:56 | 00,096,944 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/07/29 20:25:23 | 00,000,054 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/06/10 01:34:20 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/05/06 22:17:47 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/06 22:05:39 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/05/06 17:49:46 | 00,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2008/05/06 17:49:46 | 00,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/05/06 17:14:07 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/06 17:14:07 | 01,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/06 17:14:07 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/06 17:14:07 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/06 17:13:39 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/05/03 06:38:42 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2003/10/02 05:48:18 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

========== LOP Check ==========

[2009/08/26 18:02:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/07/26 19:53:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad Muncher
[2009/07/26 15:30:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/07/29 20:54:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/27 00:59:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/12/28 15:01:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/17 22:14:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Acronis
[2009/07/29 20:44:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Auslogics
[2009/07/29 20:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Javacool Software
[2009/09/10 18:09:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\SPORE
[2009/07/29 20:40:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\VSRevoGroup
[2010/01/21 21:44:31 | 00,000,510 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics Console Defragmentation.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84098FD3
< End of report >

 

Hi,


Please run a BitDefender Online Scan

• Click I Agree to agree to the EULA.
• Allow the ActiveX control to install when prompted.
• Click Click here to scan to begin the scan.
• Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
• When the scan is finished, click on Click here to export the scan results.
• Save the report to your desktop so you can post it in your next reply.

 

Thanks for letting me know Cindy

 

View attachment bitd 1.bmp View attachment bitd2.bmp

Tom, I can't get the scanner to run. I went thru each of the troubleshooter steps including restarting the computer in safe mode but no dice. I took two screen shots of as far as I am able to go with the scanner. Nothing happens beyond that. Is there some other scanner you would suggest or am i doing anything wrong? Thanks, Joe

 

Hi there,

Just update the installed ESET av program and run a full scan. Also please let me see a fresh OTL logfile so we can cleanup our work .

 

You're welcome