Author Topic: Computer Keeps Crashing Please Help (Read 19476 times)

delmarbd · « **on:** April 02, 2011, 05:16:45 PM »

Hi,
I am running a Windows XP 32 bit computer. I have two monitors running on an ATI video card. It usually works great. In the last few days I have noticed that the fan suddenly speeds up as if a big program or something is running on it. When I click on processes there is nothing I can see running out of the ordinary. I don't play video games or anything that should have it running at 100% like that. I just use the video card for the multiple monitor feature. Today it actually started that spped up thing and I could hear it running like an engine with the pedal to the metal. It shut itself off within a few minues. I let it cool down for several hours.
It booted up ok, but within a fe minutes the mouse jumps sporadically all over the place and disappears and it also closes windows I had open. (I only open two or three windows at a time with standard sites so nothing too overtaxing)

I tried re-installing the latest driver of the ATI graphics card and re-installing the software but that wouldn't work. Not sure what to do now.

I noticed that the NYTimes page wouldn't play a video and said I needed to download Adobe Player. Then when I rebooted it would work fine, then not work again and ask me for the install. I uninstalled Adobe and re-installed it successfully. But still getting that message on the NYTimes page sometimes, not always.

I followed the instructions you requested and I am posting all of the details below.

delmarbd · « **Reply #1 on:** April 02, 2011, 05:21:09 PM »

Here is all of the info required:

1. I am running Windows XP and have service Pack 3 installed a while ago. Worked fine when I did that update.
2.As for an antivirus, I have Avast installed. I was able to run a scan a few days ago and it found nothing. The computer shuts down now before it is able to complete the scan.
3.Firewall, I'm not sure if I have a firewall other than the XP firewall. Not sure I should do this now given how overtaxed everything is. Obviously, I'd like to download it once the computer is running ok.
4. I went through the list in my add or remove feature but did not find anything on there that is malware.
5.CCleaner. I was able to download this successfully and then run it. Cleaned out the registry per the instructions.
6. SuperAntispyware. I was able to download the program but the computer keeps shutting down before completing the scan.
7.Malware Bytes..I was able to scan this and it found nothing in the quick scan. Itried runing the full scan and the computer keeps shutting down before completing. No errors were found up until the pont it shut down.
8.HiJackThis . I was able to run this as well and included the log below. I was not able to us the self help tool as it also shut the computer down before completing.
9. I have he most recent Java and Adobe installed

As an additional note, the initial part of turning the computer on works fine. The problem occurs after logging on and booting up fully. Once the computer is fully booted up can hear the computer running as if it is going at a high speed (fan?) and it doesn't stop until it soon shuts . I also cleane the inside of th computer out with can air and all of the fans and they ae all clean and seem to be working fine.

delmarbd · « **Reply #2 on:** April 02, 2011, 05:22:45 PM »

Here is the only log I was able to complete and retrieve successfully:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:21:37 PM, on 4/1/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\LogWatNT.exe
D:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\System32\NILaunch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Glenda Pagan\Local Settings\Temporary Internet Files\Content.IE5\DOI0HDFP\HijackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraMD.exe
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] D:\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] "C:\Program Files\ATI Multimedia\main\ATIDtct.EXE"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: "C:\PROGRA~1\Google\Google Desktop Search\GoogleDesktopNetwork3.dll"
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - D:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 9055 bytes

SuperDave · « **Reply #3 on:** April 03, 2011, 06:56:15 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************
What happens when you start your computer in Safe Mode?
Here's how to get into Safe Mode.

I sounds like an overheating problem. You can download SpeedFan to check the temperatures.

delmarbd · « **Reply #4 on:** April 04, 2011, 08:15:57 AM »

Yes , absolutely corrct. It only generally overheats when I have had virus or malware issues in the past. The overheating is caused by the virus overtaxng the computer.

I was able to download SuperAntiSpyware and the Malware Bytes. I am running the first one and it already found something. I'll post the logs when its is complete.

Thanks SuperDave!

delmarbd · « **Reply #5 on:** April 04, 2011, 08:29:22 AM »

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/04/2011 at 10:13 AM

Application Version : 4.50.1002

Core Rules Database Version : 6740
Trace Rules Database Version: 4552

Scan type : Quick Scan
Total Scan Time : 00:39:22

Memory items scanned : 231
Memory threats detected : 0
Registry items scanned : 1654
Registry threats detected : 0
File items scanned : 11495
File threats detected : 7

Adware.Tracking Cookie
   C:\Documents and Settings\Glenda Pagan\Cookies\glenda_pagan@invitemedia[2].txt
   C:\Documents and Settings\Glenda Pagan\Cookies\glenda_pagan@interclick[2].txt
   C:\Documents and Settings\Glenda Pagan\Cookies\[email protected][2].txt
   C:\Documents and Settings\Glenda Pagan\Cookies\glenda_pagan@media6degrees[2].txt
   C:\Documents and Settings\Glenda Pagan\Cookies\glenda_pagan@macromedia[2].txt
   C:\Documents and Settings\Glenda Pagan\Cookies\[email protected][1].txt
   C:\Documents and Settings\Glenda Pagan\Cookies\glenda_pagan@mediabrandsww[1].txt

I am running Malware Now. The blinking has stopped.

delmarbd · « **Reply #6 on:** April 04, 2011, 08:31:18 AM »

I was also able to install the OnLine Armor. Somehow the Microsoft firewall was not enough.

delmarbd · « **Reply #7 on:** April 04, 2011, 12:08:07 PM »

OK here is the final log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/4/2011 1:45:59 PM
mbam-log-2011-04-04 (13-45-59).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 208202
Time elapsed: 2 hour(s), 26 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

SuperDave · « **Reply #8 on:** April 04, 2011, 01:18:53 PM »

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*************************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

delmarbd · « **Reply #9 on:** April 04, 2011, 02:59:21 PM »

Here are the results for Checkup. Running Combo now.

Results of screen317's Security Check version 0.99.10
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
Online Armor 5.0
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Adobe Flash Player 10.1.102.64
Adobe Reader X (10.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Tall Emu Online Armor OAcat.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
Alwil Software Avast5 setup avast.setup
``````````End of Log````````````

delmarbd · « **Reply #10 on:** April 04, 2011, 04:02:09 PM »

Below is the combo log. That went surprisingly well. No shut offs.

ComboFix 11-04-04.01 - Glenda Pagan 04/04/2011 17:13:22.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1280.691 [GMT -4:00]
Running from: D:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\BackUp
c:\windows\BackUp\S\50729000.DAT
c:\windows\Install.txt
c:\windows\java.exe
c:\windows\patch.exe
c:\windows\winhelp.ini
D:\install.exe
D:\Uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-04 to 2011-04-04 )))))))))))))))))))))))))))))))
.
.
2011-04-04 20:52 . 2011-04-04 20:53   7168   ----a-w-   c:\windows\system32\drivers\utqynzg0.sys
2011-04-04 19:35 . 2011-04-04 19:35   --------   d-----w-   c:\windows\LastGood
2011-04-04 19:35 . 2009-10-22 17:54   37392   ----a-w-   c:\windows\system32\drivers\16799702.sys
2011-04-04 19:35 . 2009-10-10 03:31   315408   ----a-w-   c:\windows\system32\drivers\1679970.sys
2011-04-04 19:35 . 2009-09-25 21:59   128016   ----a-w-   c:\windows\system32\drivers\16799701.sys
2011-04-04 03:07 . 2011-04-04 03:07   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-03 18:48 . 2008-02-04 05:10   237776   ----a-w-   c:\windows\system32\tpuninst.exe
2011-04-03 05:47 . 2011-04-03 17:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
2011-04-03 05:47 . 2011-04-03 05:47   --------   d-----w-   c:\documents and settings\Glenda Pagan\Application Data\OnlineArmor
2011-04-03 05:46 . 2011-03-30 23:32   39048   ----a-w-   c:\windows\system32\drivers\oahlp32.sys
2011-04-03 05:46 . 2011-03-30 23:32   29464   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2011-04-03 05:46 . 2011-03-30 23:32   25192   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2011-04-03 05:46 . 2011-03-30 23:32   205992   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2011-04-03 02:26 . 2011-04-03 02:26   --------   d-----w-   c:\documents and settings\Glenda Pagan\Application Data\SUPERAntiSpyware.com
2011-04-03 01:14 . 2011-04-03 01:14   --------   d-----w-   c:\documents and settings\Glenda Pagan\Application Data\ErrorExpert
2011-04-03 00:25 . 2011-04-03 00:25   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2011-04-01 21:57 . 2011-04-01 21:57   --------   d-----w-   c:\program files\AMD APP
2011-03-21 23:56 . 2011-03-21 23:56   59904   ----a-w-   c:\windows\system32\OVDecode.dll
2011-03-21 23:55 . 2011-03-21 23:55   12385792   ----a-w-   c:\windows\system32\amdocl.dll
2011-03-13 18:40 . 2010-10-11 14:59   45568   -c----w-   c:\windows\system32\dllcache\wab.exe
2011-03-13 18:36 . 2011-03-13 18:36   --------   d-----w-   c:\program files\Common Files\Java
2011-03-13 18:31 . 2011-03-13 18:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2011-03-11 20:14 . 2011-02-23 14:56   371544   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 15:04 . 2010-10-15 23:28   40648   ----a-w-   c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-03-22 00:18   190016   ----a-w-   c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2010-03-22 00:19   301528   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-03-22 00:19   49240   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-03-22 00:19   102232   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2010-03-22 00:19   96344   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2010-03-22 00:19   25432   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2010-03-22 00:19   30680   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2010-03-22 00:19   19544   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2011-02-09 13:53 . 2002-12-19 15:32   270848   ------w-   c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2002-12-19 15:32   186880   ------w-   c:\windows\system32\encdec.dll
2011-02-03 01:40 . 2010-11-24 21:04   472808   -c--a-w-   c:\windows\system32\deployJava1.dll
2011-02-02 23:19 . 2009-02-22 14:59   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2002-12-19 15:32   2067456   ----a-w-   c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2002-12-19 15:32   677888   ------w-   c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2002-12-19 15:33   439296   ------w-   c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2002-04-24 18:30   290048   ----a-w-   c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04   122512   ----a-w-   c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="d:\desktop messenger\8876480\Program\BackWeb-8876480.exe" [2005-07-03 20480]
"ATI Launchpad"="c:\program files\ATI Multimedia\main\LaunchPd.exe" [2006-04-06 102400]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2006-04-06 57344]
"SUPERAntiSpyware"="D:\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-02 37888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2002-04-04 1417216]
"Net-It Launcher"="c:\windows\System32\NILaunch.exe" [1998-02-05 24576]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-11 339968]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-11-08 684032]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-16 270336]
"HydraVisionViewport"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraMD.exe" [2003-09-16 364544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\documents and settings\Glenda Pagan\Start Menu\Programs\Startup\
Kapersky setup_9.0.0.722_04.04.2011_22-38.lnk - d:\documents and settings\Glenda Pagan\Desktop\Virus Removal Tool\Kapersky setup_9.0.0.722_04.04.2011_22-38\startup.exe [2011-4-4 72208]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-5-26 598016]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "d:\online armor\oaevent.dll" [2011-03-30 354720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   -c--a-w-   D:\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Alarm Manager.LNK]
backup=c:\windows\pss\Alarm Manager.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MozyHome Status.lnk]
backup=c:\windows\pss\MozyHome Status.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk]
backup=c:\windows\pss\VAIO Action Setup (Server).lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Glenda Pagan^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABSplus Backup Setup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Messaging
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Synchronization
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBundleOuterDL
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdControl
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Share-to-Web Namespace Daemon"=c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"LTSMMSG"=LTSMMSG.exe
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\ScottradeELITE\\Scottrader.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"443:TCP"= 443:TCP:ScottradeElite
"443:UDP"= 443:UDP:ScottradeElite
"27895:TCP"= 27895:TCP:Gnutella
"27895:UDP"= 27895:UDP:Gnutella
.
R0 16799702;16799702 Boot Guard Driver;c:\windows\system32\drivers\16799702.sys [4/4/2011 3:35 PM 37392]
R1 16799701;16799701;c:\windows\system32\drivers\16799701.sys [4/4/2011 3:35 PM 128016]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/11/2011 4:14 PM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/21/2010 8:19 PM 301528]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [4/3/2011 1:46 AM 205992]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [4/3/2011 1:46 AM 25192]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [4/3/2011 1:46 AM 29464]
R1 SASDIFSV;SASDIFSV;D:\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;D:\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/21/2010 8:19 PM 19544]
R2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [6/8/2000 2:15 PM 50176]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [4/25/2002 6:13 PM 34712]
R2 OAcat;Online Armor Helper Service;d:\online armor\oacat.exe [4/3/2011 1:46 AM 381512]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [7/24/2003 10:09 PM 9292]
R3 LHidPPKE;Logitech SetPoint HID Function Driver;c:\windows\system32\drivers\LHidPPKE.Sys [5/26/2010 2:36 PM 22497]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [4/24/2002 2:30 PM 267136]
S1 Kapersky setup_9.0.0.722_04.04.2011_22-38drv;Kapersky setup_9.0.0.722_04.04.2011_22-38drv;c:\windows\system32\drivers\1679970.sys [4/4/2011 3:35 PM 315408]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [4/3/2011 1:46 AM 39048]
S3 ICDUSB;Sony IC Recorder;c:\windows\system32\drivers\ICDUSB.sys [4/16/2003 2:55 PM 26409]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [4/24/2002 2:31 PM 807917]
S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [4/24/2002 2:31 PM 594668]
S3 SvcOnlineArmor;Online Armor;d:\online armor\oasrv.exe [4/3/2011 1:46 AM 4325960]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]
S4 CWShredder Service;CWShredder Service;c:\docume~1\GLENDA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\89U3SLMN\cwshredder[1].exe service --> c:\docume~1\GLENDA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\89U3SLMN\cwshredder[1].exe service [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 16799701
*NewlyCreated* - 16799702
*NewlyCreated* - UTQYNZG0
*Deregistered* - MBAMSwissArmy
*Deregistered* - utqynzg0
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-04 c:\windows\Tasks\User_Feed_Synchronization-{5B5D6917-909B-4733-9654-DF5E30BA0BE5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nytimes.com/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~1\bin\resources\WebMenuImg.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &4 - c:\windows\web\AOpenClient.htm
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E6AE90A4-1B01-47F0-AA78-E6B122E145E9} - (no file)
WebBrowser-{4E538A3C-326F-4F7C-B95A-A97C1C2E3978} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-SiS7012 - c:\program files\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012
AddRemove-{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} - d:\\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-04 17:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
"ImagePath"="c:\docume~1\GLENDA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\89U3SLMN\cwshredder
[1].exe service"
.
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CWShredder Service]
"ImagePath"="c:\docume~1\GLENDA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\89U3SLMN\cwshredder
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(464)
D:\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'Explorer.EXE'(2900)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\progra~1\WINZIP\WZSHLSTB.DLL
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\ATI Multimedia\mlibrary\MLShell.dll
c:\program files\ATI Multimedia\atisserv.dll
c:\program files\ATI Multimedia\mlibrary\mlenu.rsc
D:\SASCTXMN.DLL
c:\program files\Common Files\Adobe\Shell\PSICON.DLL
.
Completion time: 2011-04-04 17:34:15
ComboFix-quarantined-files.txt 2011-04-04 21:34
.
Pre-Run: 1,996,402,688 bytes free
Post-Run: 2,050,887,680 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - F203D813EDDB49E11163F495B1915DB4

SuperDave · « **Reply #11 on:** April 04, 2011, 07:47:46 PM »

ComboFix is running from the wrong location. Please uninstall/delete it, download a new one and save it to your desktop and run a new scan.

P2P - I see you have P2P software installed on your machine (LimeWire). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

delmarbd · « **Reply #12 on:** April 04, 2011, 08:57:03 PM »

Thanks Super Dave. This P2P is disconnected and no longer in use. In any case, I have been disconnected for over a year. Still, I will work to get any files I may still need off of there and delete the rest of the files and program.

Here is the combo which Isaved on my desktop and ran from there. Hope I did it right this time.

Thanks for all of your help.

ComboFix 11-04-04.01 - Glenda Pagan 04/04/2011 22:17:16.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1280.728 [GMT -4:00]
Running from: c:\documents and settings\Glenda Pagan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-05 to 2011-04-05 )))))))))))))))))))))))))))))))
.
.
2011-04-05 02:14 . 2011-04-05 02:15   --------   dc----r-   C:\32788R22FWJFW
2011-04-04 20:52 . 2011-04-04 20:53   7168   ----a-w-   c:\windows\system32\drivers\utqynzg0.sys
2011-04-04 19:35 . 2011-04-04 19:35   --------   d-----w-   c:\windows\LastGood
2011-04-04 19:35 . 2009-10-22 17:54   37392   ----a-w-   c:\windows\system32\drivers\16799702.sys
2011-04-04 19:35 . 2009-10-10 03:31   315408   ----a-w-   c:\windows\system32\drivers\1679970.sys
2011-04-04 19:35 . 2009-09-25 21:59   128016   ----a-w-   c:\windows\system32\drivers\16799701.sys
2011-04-04 03:07 . 2011-04-04 03:07   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-03 18:48 . 2008-02-04 05:10   237776   ----a-w-   c:\windows\system32\tpuninst.exe
2011-04-03 05:47 . 2011-04-03 17:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
2011-04-03 05:47 . 2011-04-03 05:47   --------   d-----w-   c:\documents and settings\Glenda Pagan\Application Data\OnlineArmor
2011-04-03 05:46 . 2011-03-30 23:32   39048   ----a-w-   c:\windows\system32\drivers\oahlp32.sys
2011-04-03 05:46 . 2011-03-30 23:32   29464   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2011-04-03 05:46 . 2011-03-30 23:32   25192   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2011-04-03 05:46 . 2011-03-30 23:32   205992   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2011-04-03 02:26 . 2011-04-03 02:26   --------   d-----w-   c:\documents and settings\Glenda Pagan\Application Data\SUPERAntiSpyware.com
2011-04-03 01:14 . 2011-04-03 01:14   --------   d-----w-   c:\documents and settings\Glenda Pagan\Application Data\ErrorExpert
2011-04-03 00:25 . 2011-04-03 00:25   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2011-04-01 21:57 . 2011-04-01 21:57   --------   d-----w-   c:\program files\AMD APP
2011-03-21 23:56 . 2011-03-21 23:56   59904   ----a-w-   c:\windows\system32\OVDecode.dll
2011-03-21 23:55 . 2011-03-21 23:55   12385792   ----a-w-   c:\windows\system32\amdocl.dll
2011-03-13 18:40 . 2010-10-11 14:59   45568   -c----w-   c:\windows\system32\dllcache\wab.exe
2011-03-13 18:36 . 2011-03-13 18:36   --------   d-----w-   c:\program files\Common Files\Java
2011-03-13 18:31 . 2011-03-13 18:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2011-03-11 20:14 . 2011-02-23 14:56   371544   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 15:04 . 2010-10-15 23:28   40648   ----a-w-   c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-03-22 00:18   190016   ----a-w-   c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2010-03-22 00:19   301528   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-03-22 00:19   49240   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-03-22 00:19   102232   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2010-03-22 00:19   96344   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2010-03-22 00:19   25432   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2010-03-22 00:19   30680   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2010-03-22 00:19   19544   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2011-02-09 13:53 . 2002-12-19 15:32   270848   ------w-   c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2002-12-19 15:32   186880   ------w-   c:\windows\system32\encdec.dll
2011-02-03 01:40 . 2010-11-24 21:04   472808   -c--a-w-   c:\windows\system32\deployJava1.dll
2011-02-02 23:19 . 2009-02-22 14:59   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2002-12-19 15:32   2067456   ----a-w-   c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2002-12-19 15:32   677888   ------w-   c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2002-12-19 15:33   439296   ------w-   c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2002-04-24 18:30   290048   ----a-w-   c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04   122512   ----a-w-   c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="d:\desktop messenger\8876480\Program\BackWeb-8876480.exe" [2005-07-03 20480]
"ATI Launchpad"="c:\program files\ATI Multimedia\main\LaunchPd.exe" [2006-04-06 102400]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2006-04-06 57344]
"SUPERAntiSpyware"="D:\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-02 37888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2002-04-04 1417216]
"Net-It Launcher"="c:\windows\System32\NILaunch.exe" [1998-02-05 24576]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-11 339968]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-11-08 684032]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-16 270336]
"HydraVisionViewport"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraMD.exe" [2003-09-16 364544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\documents and settings\Glenda Pagan\Start Menu\Programs\Startup\
Kapersky setup_9.0.0.722_04.04.2011_22-38.lnk - d:\documents and settings\Glenda Pagan\Desktop\Virus Removal Tool\Kapersky setup_9.0.0.722_04.04.2011_22-38\startup.exe [2011-4-4 72208]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-5-26 598016]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "d:\online armor\oaevent.dll" [2011-03-30 354720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   -c--a-w-   D:\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Alarm Manager.LNK]
backup=c:\windows\pss\Alarm Manager.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MozyHome Status.lnk]
backup=c:\windows\pss\MozyHome Status.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk]
backup=c:\windows\pss\VAIO Action Setup (Server).lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Glenda Pagan^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Share-to-Web Namespace Daemon"=c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"LTSMMSG"=LTSMMSG.exe
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\ScottradeELITE\\Scottrader.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"443:TCP"= 443:TCP:ScottradeElite
"443:UDP"= 443:UDP:ScottradeElite
"27895:TCP"= 27895:TCP:Gnutella
"27895:UDP"= 27895:UDP:Gnutella
.
R0 16799702;16799702 Boot Guard Driver;c:\windows\system32\drivers\16799702.sys [4/4/2011 3:35 PM 37392]
R1 16799701;16799701;c:\windows\system32\drivers\16799701.sys [4/4/2011 3:35 PM 128016]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/11/2011 4:14 PM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/21/2010 8:19 PM 301528]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [4/3/2011 1:46 AM 205992]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [4/3/2011 1:46 AM 25192]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [4/3/2011 1:46 AM 29464]
R1 SASDIFSV;SASDIFSV;D:\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;D:\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/21/2010 8:19 PM 19544]
R2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [6/8/2000 2:15 PM 50176]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [4/25/2002 6:13 PM 34712]
R2 OAcat;Online Armor Helper Service;d:\online armor\oacat.exe [4/3/2011 1:46 AM 381512]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [7/24/2003 10:09 PM 9292]
R3 LHidPPKE;Logitech SetPoint HID Function Driver;c:\windows\system32\drivers\LHidPPKE.Sys [5/26/2010 2:36 PM 22497]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [4/24/2002 2:30 PM 267136]
S1 Kapersky setup_9.0.0.722_04.04.2011_22-38drv;Kapersky setup_9.0.0.722_04.04.2011_22-38drv;c:\windows\system32\drivers\1679970.sys [4/4/2011 3:35 PM 315408]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [4/3/2011 1:46 AM 39048]
S3 ICDUSB;Sony IC Recorder;c:\windows\system32\drivers\ICDUSB.sys [4/16/2003 2:55 PM 26409]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [4/24/2002 2:31 PM 807917]
S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [4/24/2002 2:31 PM 594668]
S3 SvcOnlineArmor;Online Armor;d:\online armor\oasrv.exe [4/3/2011 1:46 AM 4325960]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]
S4 CWShredder Service;CWShredder Service;c:\docume~1\GLENDA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\89U3SLMN\cwshredder[1].exe service --> c:\docume~1\GLENDA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\89U3SLMN\cwshredder[1].exe service [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 16799701
*NewlyCreated* - 16799702
*NewlyCreated* - UTQYNZG0
*Deregistered* - MBAMSwissArmy
*Deregistered* - utqynzg0
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-04 c:\windows\Tasks\User_Feed_Synchronization-{5B5D6917-909B-4733-9654-DF5E30BA0BE5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nytimes.com/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~1\bin\resources\WebMenuImg.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &4 - c:\windows\web\AOpenClient.htm
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-04 22:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
"ImagePath"="c:\docume~1\GLENDA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\89U3SLMN\cwshredder
[1].exe service"
.
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CWShredder Service]
"ImagePath"="c:\docume~1\GLENDA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\89U3SLMN\cwshredder
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(464)
D:\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'Explorer.EXE'(2900)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\progra~1\WINZIP\WZSHLSTB.DLL
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\ATI Multimedia\mlibrary\MLShell.dll
c:\program files\ATI Multimedia\atisserv.dll
c:\program files\ATI Multimedia\mlibrary\mlenu.rsc
D:\SASCTXMN.DLL
c:\program files\Common Files\Adobe\Shell\PSICON.DLL
D:\SASSEH.DLL
.
Completion time: 2011-04-04 22:34:24
ComboFix-quarantined-files.txt 2011-04-05 02:34
ComboFix2.txt 2011-04-04 21:34
.
Pre-Run: 2,064,621,568 bytes free
Post-Run: 2,100,011,008 bytes free
.
- - End Of File - - 497E696D82D8A8C804A965777CF426F3

delmarbd · « **Reply #13 on:** April 04, 2011, 10:05:24 PM »

Dave, I tried installing a different mouse to see if that had anything to do with my proble. Surprisingly everything is working fine now. No jumping around of the mouse anymore. I think perhaps my mouse driver is corrupt? Should I move on to the hardware area to see if I can get help there for fixing my old mouse driver? I prefer it much more as it is low profile and much better for my carpal tunnel so I would prefer to fix it if possible.

Do you think I should keep going to see if I have any virus/malware/hijack issues. Anything odd about the above log of the Combo I ran?
Thanks so much again for your help.

SuperDave · « **Reply #14 on:** April 05, 2011, 01:03:54 PM »

Quote

Dave, I tried installing a different mouse to see if that had anything to do with my proble. Surprisingly everything is working fine now. No jumping around of the mouse anymore. I think perhaps my mouse driver is corrupt? Should I move on to the hardware area to see if I can get help there for fixing my old mouse driver? I prefer it much more as it is low profile and much better for my carpal tunnel so I would prefer to fix it if possible.

It may be a problem with the driver or the mouse itself.

Quote

Do you think I should keep going to see if I have any virus/malware/hijack issues. Anything odd about the above log of the Combo I ran?

There are some suspicious files I would like to have scanned. If they check out ok, we can run a few other scans. I thought your initial problem was the fans running so fast?

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

c:\windows\system32\drivers\utqynzg0.sys
c:\windows\system32\drivers\16799702.sys
c:\windows\system32\drivers\1679970.sys
c:\windows\system32\drivers\16799701.sys

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

delmarbd · « **Reply #15 on:** April 05, 2011, 03:27:48 PM »

Yes, I had the mouse going crazy issue and the computer fans running on overdrive. I guess I had two issues!

You are oh so right...again. Definitely have trojans

Here is the first scan link:

http://virusscan.jotti.org/en/scanresult/559abf5ef1b9c7ca2cffa292f6fc409a2cbcd816/
0d0f06eada61c22e251aeb6278ed279454934dd 3

delmarbd · « **Reply #16 on:** April 05, 2011, 03:30:30 PM »

Second scan results :

http://virusscan.jotti.org/en/scanresult/57a1ce995858351bf3454d1f1f11ef6c43231b18/
b83f1339d12a6ef3f1628d38bcaae073e402b30 1

delmarbd · « **Reply #17 on:** April 05, 2011, 03:32:12 PM »

Third scan results:

c:\windows\system32\drivers\1679970.sys

delmarbd · « **Reply #18 on:** April 05, 2011, 03:33:37 PM »

Fourth and last scan result on the list:

c:\windows\system32\drivers\16799701.sys

delmarbd · « **Reply #19 on:** April 05, 2011, 09:04:52 PM »

Please disregard the above two. Let's try these last wo again:

Third Scan:

http://virusscan.jotti.org/en/scanresult/dd6604d600c3393641c50ab05b9c300035b64b84/
8ae388311c615f2cae410a9b3ab93f0546cdf19 b

delmarbd · « **Reply #20 on:** April 05, 2011, 09:06:27 PM »

Fourth Scan:

http://virusscan.jotti.org/en/scanresult/8df809b39794869d1734be205c76e302856c31
ff/6bbe2e1c8b2425e4ddd2c0247e57689592b252b5

SuperDave · « **Reply #21 on:** April 06, 2011, 04:03:00 PM »

Download OTL to your desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* When the window appears, underneath Output at the top change it to Minimal Output.
* Check the boxes beside LOP Check and Purity Check.
* Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy and pate the contents of these files, one at a time, into your next reply.

Note: You may need two or more posts to fit them all in.

delmarbd · « **Reply #22 on:** April 06, 2011, 06:34:38 PM »

OTL logfile created on: 4/6/2011 7:44:48 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Glenda Pagan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.99 Gb Total Space | 1.55 Gb Free Space | 9.71% Space Free | Partition Type: NTFS
Drive D: | 39.91 Gb Total Space | 12.95 Gb Free Space | 32.44% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: GLENDA | User Name: Glenda Pagan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Glenda Pagan\desktop\OTL.exe (OldTimer Tools)
PRC - D:\Online Armor\oacat.exe (Emsi Software GmbH)
PRC - D:\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - D:\ScottradeELITE\ScottradeELITEClientUpdater.exe (Scottrade Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ATI Multimedia\main\atidtct.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio)
PRC - C:\WINDOWS\LogWatNT.exe ()
PRC - C:\WINDOWS\system32\NILaunch.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Glenda Pagan\desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (CWShredder Service) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (SvcOnlineArmor) -- D:\Online Armor\oasrv.exe (Emsi Software GmbH)
SRV - (OAcat) -- D:\Online Armor\OAcat.exe (Emsi Software GmbH)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (Pml Driver HPH11) -- C:\WINDOWS\system32\hphipm11.exe (HP)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (LogWatch) -- C:\WINDOWS\LogWatNT.exe ()

========== Driver Services (SafeList) ==========

DRV - (utqynzg0) -- C:\WINDOWS\system32\drivers\utqynzg0.sys ()
DRV - (oahlpXX) -- C:\WINDOWS\system32\drivers\oahlp32.sys ()
DRV - (OAnet) -- C:\WINDOWS\system32\drivers\OAnet.sys (Emsisoft)
DRV - (OAmon) -- C:\WINDOWS\system32\drivers\OAmon.sys (Emsisoft)
DRV - (OADevice) -- C:\WINDOWS\system32\drivers\OADriver.sys ()
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SASKUTIL) -- D:\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- D:\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (16799702) -- C:\WINDOWS\system32\DRIVERS\16799702.sys (Kaspersky Lab)
DRV - (Kapersky setup_9.0.0.722_04.04.2011_22-38drv) -- C:\WINDOWS\system32\drivers\1679970.sys (Kaspersky Lab)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (16799701) -- C:\WINDOWS\system32\drivers\16799701.sys (Kaspersky Lab)
DRV - (Dot4Usb HPH11) -- C:\WINDOWS\system32\drivers\hphius11.sys (HP)
DRV - (Dot4Print HPH11) -- C:\WINDOWS\system32\drivers\hphipr11.sys (HP)
DRV - (Dot4 HPH11) -- C:\WINDOWS\system32\drivers\hphid411.sys (HP)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (SiS7012) Service for AC'97 Sample Driver (WDM) -- C:\WINDOWS\system32\drivers\sis7012.sys (Silicon Integrated Systems Corporation)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation)
DRV - (vserial) -- C:\WINDOWS\system32\drivers\vserial.sys (ELTIMA Software)
DRV - (vsbus) -- C:\WINDOWS\system32\drivers\vsb.sys (ELTIMA Software)
DRV - (LHidPPKE) -- C:\WINDOWS\system32\drivers\LHidPPKE.Sys (Logitech, Inc.)
DRV - (pwd_2K) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (Udfreadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
DRV - (SMBE) Sony MPEG2 Encoder Board (WDM) -- C:\WINDOWS\system32\drivers\Smbe.sys (Sony Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (LucentSoftModem) -- C:\WINDOWS\system32\drivers\LTSM.sys (Lucent Technologies)
DRV - (portD) -- C:\WINDOWS\system32\drivers\portd2k.sys (Windows (R) 2000 DDK provider)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys ()
DRV - (SONYWBMS) Sony Memory Stick controller(WB) -- C:\WINDOWS\system32\drivers\SonyWBMS.sys (Sony Corporation)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation)
DRV - (ICDUSB) -- C:\WINDOWS\system32\drivers\ICDUSB.sys (Sony Corporation)
DRV - (SbcpHid) -- C:\WINDOWS\system32\drivers\SbcpHid.sys ()
DRV - (mrtRate) -- C:\WINDOWS\System32\drivers\MrtRate.sys (Marimba, Inc.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.com/results.asp?cfg=SMCSP&FORM=SPBA&v=1&cp=1252&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;*.local

========== FireFox ==========

[2010/01/15 00:14:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Glenda Pagan\Application Data\Mozilla\Extensions
[2009/02/22 11:08:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Glenda Pagan\Application Data\Mozilla\Extensions\[email protected]
[2010/04/14 17:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Glenda Pagan\Application Data\Mozilla\Firefox\Profiles\a6mot6iz.default\extensions
[2010/04/14 17:47:40 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Documents and Settings\Glenda Pagan\Application Data\Mozilla\Firefox\Profiles\a6mot6iz.default\extensions\DefaultManager@Microsoft

O1 HOSTS File: ([2011/04/04 17:26:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {4E538A3C-326F-4F7C-B95A-A97C1C2E3978} - No CLSID value found.
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraMD.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe ()
O4 - HKLM..\Run: [NvCplDaemon] File not found
O4 - HKLM..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe (Support.com, Inc.)
O4 - HKCU..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE (ATI Technologies Inc.)
O4 - HKCU..\Run: [ATI Launchpad] C:\Program Files\ATI Multimedia\main\LaunchPd.exe (ATI Technologies Inc.)
O4 - HKCU..\Run: [LDM] D:\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)
O4 - HKCU..\Run: [SUPERAntiSpyware] D:\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Glenda Pagan\Start Menu\Programs\Startup\Kapersky setup_9.0.0.722_04.04.2011_22-38.lnk = D:\Documents and Settings\Glenda Pagan\Desktop\Virus Removal Tool\Kapersky setup_9.0.0.722_04.04.2011_22-38\startup.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\Web\AOpenClient.htm ()
O8 - Extra context menu item: Open Client to monitor &4 - C:\WINDOWS\Web\AOpenClient.htm ()
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab (Reg Error: Value error.)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab (Reg Error: Value error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Value error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Value error.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37607.6467824074 (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.2 167.206.254.1 192.168.1.1
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - D:\SASWINLO.DLL - D:\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - D:\Online Armor\oaevent.dll (Emsi Software GmbH)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 10:58:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.CAM -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/06 19:42:11 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Glenda Pagan\Desktop\OTL.exe
[2011/04/04 23:06:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/04 22:14:12 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/04/04 17:11:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/04 17:06:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/04 17:06:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/04 17:06:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/04 17:06:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/04 17:06:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/04 17:05:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/04 15:35:20 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\1679970.sys
[2011/04/04 15:35:20 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\16799701.sys
[2011/04/04 15:35:20 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\16799702.sys
[2011/04/03 23:07:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/03 14:48:05 | 000,237,776 | ---- | C] (Tech-Pro Limited) -- C:\WINDOWS\System32\tpuninst.exe
[2011/04/03 01:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenda Pagan\Application Data\OnlineArmor
[2011/04/03 01:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2011/04/03 01:46:29 | 000,029,464 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2011/04/03 01:46:29 | 000,025,192 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2011/04/03 01:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Online Armor
[2011/04/02 22:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenda Pagan\Application Data\SUPERAntiSpyware.com
[2011/04/02 22:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/02 21:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenda Pagan\Application Data\ErrorExpert
[2011/04/02 20:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/04/02 17:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 3
[2011/04/01 23:12:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Glenda Pagan\Recent
[2011/04/01 17:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011/03/21 19:55:46 | 012,385,792 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\amdocl.dll
[2011/03/13 14:40:11 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/03/13 14:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/13 14:35:33 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/13 14:35:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/13 14:35:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/13 14:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/03/11 16:14:05 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2005/02/26 14:18:33 | 000,131,072 | R--- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2004/12/25 12:22:17 | 000,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL
[2002/12/11 16:55:44 | 000,078,336 | ---- | C] ( ) -- C:\WINDOWS\pysoft_uninstaller.exe

========== Files - Modified Within 30 Days ==========

[2011/04/06 19:42:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Glenda Pagan\Desktop\OTL.exe
[2011/04/06 12:09:24 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5B5D6917-909B-4733-9654-DF5E30BA0BE5}.job
[2011/04/06 09:12:43 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/05 17:00:55 | 000,000,565 | ---- | M] () -- C:\hpfr5550.xml
[2011/04/05 11:17:38 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011/04/05 00:16:09 | 000,002,644 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/04 17:26:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/04 17:11:48 | 000,000,327 | -HS- | M] () -- C:\boot.ini
[2011/04/04 16:53:16 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utqynzg0.sys
[2011/04/04 15:37:46 | 000,001,921 | ---- | M] () -- C:\Documents and Settings\Glenda Pagan\Start Menu\Programs\Startup\Kapersky setup_9.0.0.722_04.04.2011_22-38.lnk
[2011/04/03 14:15:14 | 000,000,186 | ---- | M] () -- C:\Documents and Settings\Glenda Pagan\Desktop\FreeStockCharts.com - Web's Best Streaming Realtime Stock Charts - Free.url
[2011/04/03 01:47:16 | 000,427,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/03 01:47:16 | 000,065,674 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/01 23:31:12 | 000,000,026 | ---- | M] () -- C:\WINDOWS\ATICIM.MIF
[2011/04/01 00:31:16 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/30 19:32:42 | 000,039,048 | ---- | M] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2011/03/30 19:32:20 | 000,029,464 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2011/03/30 19:32:20 | 000,025,192 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2011/03/30 19:32:18 | 000,205,992 | ---- | M] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2011/03/21 19:56:22 | 000,059,904 | ---- | M] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/03/21 19:55:46 | 012,385,792 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\amdocl.dll
[2011/03/18 09:09:33 | 000,000,141 | ---- | M] () -- C:\Documents and Settings\Glenda Pagan\Desktop\No Day Trading Margin Calls- Proprietary Trading.url
[2011/03/13 15:32:57 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\Glenda Pagan\Desktop\Whole Roasted Chicken with Pear, Shallots, and Thyme.url
[2011/03/12 22:20:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/11 16:17:22 | 000,002,639 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/10 10:30:00 | 000,030,088 | ---- | M] () -- C:\Documents and Settings\Glenda Pagan\Desktop\StockFetcher.lwp
[2011/03/09 12:21:22 | 000,000,580 | ---- | M] () -- C:\Documents and Settings\Glenda Pagan\Desktop\ScottradeELITE.lnk

========== Files Created - No Company Name ==========

[2011/04/04 17:11:48 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/04 17:11:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/04 17:06:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/04 17:06:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/04 17:06:38 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/04 17:06:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/04 17:06:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/04 16:52:49 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utqynzg0.sys
[2011/04/04 15:37:46 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\Glenda Pagan\Start Menu\Programs\Startup\Kapersky setup_9.0.0.722_04.04.2011_22-38.lnk
[2011/04/03 01:46:29 | 000,205,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2011/04/03 01:46:29 | 000,039,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2011/04/02 20:36:24 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/03/21 19:56:22 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/03/18 09:09:33 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Glenda Pagan\Desktop\No Day Trading Margin Calls- Proprietary Trading.url
[2011/03/09 12:17:27 | 000,000,580 | ---- | C] () -- C:\Documents and Settings\Glenda Pagan\Desktop\ScottradeELITE.lnk
[2011/02/14 18:40:17 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2011/02/14 18:39:48 | 000,004,760 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2010/11/18 21:57:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/11/18 20:54:59 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/11/18 20:54:53 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/03/14 15:02:32 | 000,002,644 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/07 13:14:46 | 000,038,756 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/02/01 23:23:51 | 000,000,019 | ---- | C] () -- C:\WINDOWS\rrver.ini
[2007/12/11 17:44:33 | 000,000,043 | ---- | C] () -- C:\WINDOWS\WALLSTRT.INI
[2007/02/03 13:15:15 | 000,001,365 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/25 15:20:21 | 000,000,151 | ---- | C] () -- C:\WINDOWS\CONV311.SYS
[2006/02/18 00:18:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asym.ini
[2006/01/21 19:30:52 | 000,006,645 | ---- | C] () -- C:\WINDOWS\WinSig.Ini
[2006/01/21 19:30:52 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Reader.Ini
[2006/01/21 19:27:56 | 000,002,962 | ---- | C] () -- C:\WINDOWS\WinRos.Ini
[2006/01/15 17:49:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/09/06 16:11:23 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/07/29 20:01:51 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2005/07/29 14:48:05 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
[2005/07/29 14:47:51 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/07/03 14:46:47 | 000,081,920 | ---- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
[2005/07/03 09:33:42 | 000,000,080 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2005/06/10 16:59:16 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/02/26 14:49:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2005/02/26 14:18:42 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2004/12/25 12:22:17 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL
[2004/11/15 20:09:51 | 000,000,045 | ---- | C] () -- C:\WINDOWS\BCFFINP.ini
[2004/10/28 18:26:42 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/10/24 19:47:05 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/30 16:30:28 | 000,001,464 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/05/27 16:36:16 | 000,026,362 | ---- | C] () -- C:\Documents and Settings\Glenda Pagan\Application Data\Comma Separated Values (Windows).ADR
[2004/03/09 12:12:06 | 000,028,775 | ---- | C] () -- C:\WINDOWS\javaw.exe
[2004/03/04 12:06:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2004/01/28 12:42:06 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2004/01/28 12:42:06 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2004/01/28 12:42:06 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003/10/18 14:36:22 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2003/10/16 20:46:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QXCONVRT.INI
[2003/10/14 16:07:26 | 000,000,422 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2003/07/28 10:44:21 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2003/07/25 00:16:36 | 000,001,901 | ---- | C] () -- C:\WINDOWS\panose.bin
[2003/07/24 23:38:21 | 000,000,235 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2003/07/24 23:37:16 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2003/07/24 23:37:16 | 000,042,483 | ---- | C] () -- C:\WINDOWS\ICCCODES.DAT
[2003/07/24 23:37:15 | 000,027,648 | ---- | C] () -- C:\WINDOWS\PFPICK.DLL
[2003/07/24 23:36:59 | 000,000,110 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2003/07/24 22:55:43 | 000,001,344 | ---- | C] () -- C:\WINDOWS\System32\odbcinst.ini
[2003/07/24 22:44:35 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2003/07/07 23:21:20 | 000,000,027 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2003/06/16 14:15:55 | 000,140,503 | ---- | C] () -- C:\WINDOWS\msview.ini
[2003/06/08 14:08:27 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2003/06/05 15:39:20 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2003/06/05 13:59:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2003/06/05 13:59:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2003/04/10 20:14:13 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/04/02 01:23:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/03/21 11:49:01 | 000,000,212 | ---- | C] () -- C:\WINDOWS\states.ini
[2003/03/21 11:49:01 | 000,000,069 | ---- | C] () -- C:\WINDOWS\zip_var.ini
[2003/03/21 11:49:01 | 000,000,034 | ---- | C] () -- C:\WINDOWS\phone_var.ini
[2003/03/21 11:49:00 | 000,051,942 | ---- | C] () -- C:\WINDOWS\name_gender.ini
[2003/03/21 11:49:00 | 000,000,037 | ---- | C] () -- C:\WINDOWS\name_var.ini
[2003/03/21 11:49:00 | 000,000,011 | ---- | C] () -- C:\WINDOWS\city_var.ini
[2003/03/21 11:48:59 | 000,000,058 | ---- | C] () -- C:\WINDOWS\birth_var.ini
[2003/03/21 11:48:59 | 000,000,016 | ---- | C] () -- C:\WINDOWS\addr_var.ini
[2003/01/29 00:32:42 | 000,000,332 | ---- | C] () -- C:\WINDOWS\VTruck2.ini
[2003/01/08 14:47:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2002/12/19 11:31:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/12/11 18:24:40 | 000,000,308 | ---- | C] () -- C:\WINDOWS\VTruck1.ini
[2002/11/22 15:50:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2002/10/30 23:28:36 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2002/10/23 12:46:55 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2002/09/04 14:52:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Net-It Now! SE.INI
[2002/09/04 14:51:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\NILaunch.exe
[2002/09/04 14:51:49 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\NIUninstall.exe
[2002/09/04 14:51:20 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Approach.ini
[2002/09/03 11:02:39 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\Tngremov.exe
[2002/09/03 10:49:07 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2002/09/03 10:49:07 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2002/09/03 10:48:09 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Glenda Pagan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/04/26 05:06:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/04/25 18:13:18 | 000,000,932 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/04/25 18:13:18 | 000,000,921 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/04/25 18:13:17 | 000,007,406 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2002/04/25 18:09:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/04/25 18:09:10 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2002/04/25 18:08:09 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\Asfv2.dll
[2002/04/25 17:48:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2002/04/25 17:48:04 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2002/04/24 20:36:03 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\srvkp.sys
[2002/04/24 20:35:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2002/04/24 20:35:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2002/04/24 20:35:18 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2002/04/24 20:35:18 | 000,086,275 | ---- | C] () -- C:\WINDOWS\System32\waitwnd.exe
[2002/04/24 14:47:28 | 000,001,342 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/04/24 14:42:49 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2002/04/24 14:39:34 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/04/24 14:32:17 | 000,311,912 | ---- | C] () -- C:\WINDOWS\Q320174.exe
[2002/04/24 14:32:14 | 002,931,304 | ---- | C] () -- C:\WINDOWS\Q317277.exe
[2002/04/24 14:32:13 | 000,621,672 | ---- | C] () -- C:\WINDOWS\Q316134.exe
[2002/04/24 14:32:11 | 000,487,016 | ---- | C] () -- C:\WINDOWS\Q315403.EXE
[2002/04/24 14:32:10 | 000,599,144 | ---- | C] () -- C:\WINDOWS\Q315000.EXE
[2002/04/24 14:32:10 | 000,234,088 | ---- | C] () -- C:\WINDOWS\Q314147.exe
[2002/04/24 14:32:09 | 000,605,288 | ---- | C] () -- C:\WINDOWS\Q312368.EXE
[2002/04/24 14:32:09 | 000,329,320 | ---- | C] () -- C:\WINDOWS\Q312131.exe
[2002/04/24 14:32:08 | 000,290,920 | ---- | C] () -- C:\WINDOWS\Q311889.EXE
[2002/04/24 14:32:06 | 002,039,400 | ---- | C] () -- C:\WINDOWS\Q309521.exe
[2002/04/24 14:32:06 | 000,474,728 | ---- | C] () -- C:\WINDOWS\Q308677.EXE
[2002/04/24 14:32:06 | 000,162,920 | ---- | C] () -- C:\WINDOWS\Q309056.exe
[2002/04/24 14:32:05 | 000,359,016 | ---- | C] () -- C:\WINDOWS\Q308402.EXE
[2002/04/24 14:32:05 | 000,188,520 | ---- | C] () -- C:\WINDOWS\Q307274.exe
[2002/04/24 14:32:05 | 000,159,336 | ---- | C] () -- C:\WINDOWS\Q307271.exe
[2002/04/24 14:32:04 | 000,240,232 | ---- | C] () -- C:\WINDOWS\Q306583.exe
[2002/04/24 14:30:54 | 000,000,672 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/04/24 14:30:37 | 000,427,254 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/04/24 14:30:37 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/04/24 14:30:37 | 000,065,674 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/04/24 14:30:37 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/04/24 14:30:36 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/04/24 14:30:36 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/04/24 14:30:35 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/04/24 14:30:34 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/04/24 14:30:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/04/24 14:30:30 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/04/24 07:36:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/04/24 07:35:21 | 000,189,792 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/08/23 15:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2000/06/08 14:15:24 | 000,050,176 | ---- | C] () -- C:\WINDOWS\LogWatNT.exe
[2000/04/25 14:58:08 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wrkgadm.exe
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/03/10 21:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1999/01/22 12:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/03/18 21:23:00 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\nsqlc32.dll
[1998/01/13 21:23:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[1997/11/14 21:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1997/05/13 21:23:00 | 000,000,153 | ---- | C] () -- C:\WINDOWS\acroread.ini
[1996/11/17 01:37:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1994/07/25 21:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/07 21:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini

========== LOP Check ==========

[2010/03/21 20:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/11/23 13:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/22 18:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2010/06/21 16:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSignal
[2010/11/18 19:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/04/03 13:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2010/11/18 23:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/09/19 15:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\performance
[2011/04/03 14:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RocketReader
[2009/09/30 19:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/07/28 13:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/12 00:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/06/10 11:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/13 17:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/23 16:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/23 11:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenda Pagan\Application Data\AVG9
[2011/04/02 20:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenda Pagan\Application Data\BitTorrent
[2010/11/25 21:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenda Pagan\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/08/11 13:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenda Pagan\Application Data\com.codeode
[2010/06/21 17:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenda Pagan\Application Data\counters
[2010/11/18 21:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenda Pagan\Application Data\driveridentifier
[2011/04/02 21:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenda Pagan\Application Data\ErrorExpert
[2010/06/21 17:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenda Pagan\Application Data\eSignal
[2010/10/27 18:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenda Pagan\Application Data\GlarySoft
[2002/04/25 18:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenda Pagan\Application Data\InterTrust
[2011/04/02 20:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenda Pagan\Application Data\IObit
[2011/04/03 01:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenda Pagan\Application Data\OnlineArmor
[2003/07/15 16:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenda Pagan\Application Data\Publish Providers
[2010/10/27 18:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenda Pagan\Application Data\Reasonable Software House Ltd
[2003/07/15 16:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenda Pagan\Application Data\SBF
[2010/05/26 12:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenda Pagan\Application Data\Uniblue
[2005/07/21 19:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenda Pagan\Application Data\X10 Commander
[2011/04/06 12:09:24 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5B5D6917-909B-4733-9654-DF5E30BA0BE5}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\All Users\Documents\.TemporaryItems:AFP_AfpInfo
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 12 bytes -> C:\Documents and Settings\Glenda Pagan\My Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:723BF4A6
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

delmarbd · « **Reply #23 on:** April 06, 2011, 06:37:51 PM »

OTL Extras logfile created on: 4/6/2011 7:44:48 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Glenda Pagan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.99 Gb Total Space | 1.55 Gb Free Space | 9.71% Space Free | Partition Type: NTFS
Drive D: | 39.91 Gb Total Space | 12.95 Gb Free Space | 32.44% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: GLENDA | User Name: Glenda Pagan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"443:TCP" = 443:TCP:*:Enabled:ScottradeElite
"443:UDP" = 443:UDP:*:Enabled:ScottradeElite
"27895:TCP" = 27895:TCP:*:Enabled:Gnutella
"27895:UDP" = 27895:UDP:*:Enabled:Gnutella

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = D:\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files\support.com\client\bin\tgcmd.exe" = C:\Program Files\support.com\client\bin\tgcmd.exe:*:Enabled:tgcmd Module -- (Support.com, Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"D:\Program Files\LimeWire\LimeWire.exe" = D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"D:\ScottradeELITE\Scottrader.exe" = D:\ScottradeELITE\Scottrader.exe:*:Enabled:ScottradeELITE -- (Scottrade)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D396571-7BBD-44CE-ABB3-518BF86B72F7}" = HP Photo and Imaging 2.0 - Photosmart Printer Series
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1EE377F9-1FBC-440E-82EB-7B8A1EDDEE52}" = SonicStage CD-R Writing Module
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21CF3E6E-1659-433E-B6CE-165D793560DA}" = VAIO Grid Wallpaper
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29F61465-428A-11D4-B646-00C04F790F76}" = DVgate
"{2B9FBAE1-5016-4F14-B452-E6874A3C1284}" = VAIO Clock Screen Saver
"{2DE42DB8-ADE5-BAB6-7533-2322AC478B82}" = ATI Catalyst Install Manager
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library
"{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}" = VAIO Action Setup
"{3CBA0E30-6F54-47EF-910E-1D4D450AFE45}" = ATI Multimedia Center
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{48BE827A-2D06-4804-90C3-4F2F8460F9D4}" = Support Actions Win2K,WinXP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6F4C00-E935-11D3-A98A-0080986030D9}" = Smart Capture
"{6060E6A1-5342-4D2B-8F66-B6D6E20BBD03}" = VAIO Help & Support
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony DV Shared Library
"{6DF804A8-2CC2-4D22-A958-4534F6EC3C76}" = VAIO Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7443EC4E-DCEB-4B10-8888-CBFB5E7108D9}" = Experience VAIO
"{802EF464-4992-42B3-8434-45151AD3C933}" = VAIO Serenus Wallpaper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8851E12C-0EF9-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Platinum
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = WIDCOMM Bluetooth Software
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{ACEC9C3E-0100-4EBE-B298-35A2145828A0}" = VAIO Brezza Wallpaper
"{AD3B1DDF-52AD-405E-B931-7ACF76937E5F}" = ImageStation
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BB26C41F-E97B-438F-AE7D-E0246ED009E2}" = eSignal
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5EC81D0-3DED-435D-A46E-E3F60F7DC8AD}" = Palm Desktop
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}" = VAIO System Information
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{E2069DE3-5924-4766-A385-CDA273885A31}" = DigitalPrint 1.1
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{E535DC62-56D6-11D5-8AE3-00105A7276CD}" = SonicStage 1.2.00
"{E84D2015-4FEB-40CC-A2DD-1A6B8BAC2429}" = OpenMG Secure Module 3.0.03
"{EDE28287-D32C-415E-9C97-2BF9F9260150}" = ATI Decoder
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"eSignal" = eSignal 10.6
"ie8" = Windows Internet Explorer 8
"InstallShield_{3CBA0E30-6F54-47EF-910E-1D4D450AFE45}" = ATI Multimedia Center 9.14
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"InstallShield_{EDE28287-D32C-415E-9C97-2BF9F9260150}" = ATI Decoder
"LimeWire" = LimeWire 5.4.6
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"Lucent Technologies Soft Modem" = Lucent Technologies Soft Modem AMR
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Motion JPEG Software Decoder" = Motion JPEG Software Decoder
"NVIDIA Drivers" = NVIDIA Drivers
"OnlineArmor_is1" = Online Armor 5.0
"QuickTime32" = QuickTime for Windows (32-bit)
"RealPlayer 6.0" = RealPlayer
"SiS Compatible VGA V2.07f.01" = SiS Compatible VGA V2.07f.01
"SmartSuite V99.0" = Lotus SmartSuite Release 9.5
"Sony Digital Voice Editor" = Sony Digital Voice Editor
"VAIO Support" = VAIO Support
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/5/2011 11:18:13 AM | Computer Name = GLENDA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5296984

Error - 4/5/2011 11:18:29 AM | Computer Name = GLENDA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/5/2011 11:18:29 AM | Computer Name = GLENDA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5313265

Error - 4/5/2011 11:18:29 AM | Computer Name = GLENDA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5313265

Error - 4/5/2011 11:18:46 AM | Computer Name = GLENDA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/5/2011 11:18:46 AM | Computer Name = GLENDA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5330750

Error - 4/5/2011 11:18:46 AM | Computer Name = GLENDA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5330750

Error - 4/5/2011 11:19:04 AM | Computer Name = GLENDA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/5/2011 11:19:04 AM | Computer Name = GLENDA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5348281

Error - 4/5/2011 11:19:04 AM | Computer Name = GLENDA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5348281

[ System Events ]
Error - 4/4/2011 5:43:17 AM | Computer Name = GLENDA | Source = mrtRate | ID = 262187
Description =

Error - 4/4/2011 7:43:32 AM | Computer Name = GLENDA | Source = mrtRate | ID = 262187
Description =

Error - 4/4/2011 10:53:40 AM | Computer Name = GLENDA | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 4/4/2011 11:24:07 PM | Computer Name = GLENDA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 4/5/2011 9:28:31 AM | Computer Name = GLENDA | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 4/5/2011 9:30:50 AM | Computer Name = GLENDA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 4/5/2011 9:30:50 AM | Computer Name = GLENDA | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 4/5/2011 9:49:56 AM | Computer Name = GLENDA | Source = mrtRate | ID = 262187
Description =

Error - 4/5/2011 11:21:18 AM | Computer Name = GLENDA | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 4/6/2011 9:13:00 AM | Computer Name = GLENDA | Source = ati2mtag | ID = 43015
Description = I2c return failed

< End of report >

SuperDave · « **Reply #24 on:** April 07, 2011, 01:25:08 PM »

The OTL log shows that you only have 1.55 Gb of free space which is just over 9% free space. Windows require at least 15% or 2.5 Gb in order to function properly. I suspect this may be the cause of all the crashes. You will need to find some way of getting more free space. You can do this by uninstalling any programs you don't use, off-loading movies, pictures, files and music to DVD's or to your D drive. I don't want to run anymore scans for fear of making your computer more unstable. Please let me know when you have done this.

P2P - I see you have P2P software installed on your machine (LimeWire). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
*********************************************
Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

C:\WINDOWS\system32\drivers\utqynzg0.sys
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

delmarbd · « **Reply #25 on:** April 07, 2011, 05:36:35 PM »

Thank you SuperDave,

I successfully deleted a bunch of photos to clear up about 18% space.

I tried scanning that file and it cannot find it. Says it does not exist. I looked directly in the folder following the name... system32 then driver file and among the long list and sure enough it was not there.

Hmmm??? Any ideas?

delmarbd · « **Reply #26 on:** April 07, 2011, 05:57:24 PM »

Ah.. I found it. The computer shut down during my .jpg search and I had to let it cool down and restart it. At the restart SuperAntiSpyware, which we installed earlier in this process, ran a scan. It quarantined the file along with some cookies. It is in the Quarantine Item list and gives me the option to restore these items.

Should I do that and run the file on Jotti ? I am a bit afraid because I think your suspicion of this being a bad file is correct (again) because SuperAntiSpyware has it listed as a Trojan.

Thanks so much again for all of your help. I want you to know how much I appreciate the time you invest to help me and so many other people.

SuperDave · « **Reply #27 on:** April 08, 2011, 12:01:58 PM »

I was looking over the Jotti's scans and those files that were scanned were not the same as the ones I had listed. Are you sure you copied and pasted the same files I listed in Reply # 14 ?

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

delmarbd · « **Reply #28 on:** April 08, 2011, 02:24:57 PM »

I see what you mean. Hmm. I was not able to copy and paste to Jotti. My keynoard is enabled for shrtcuts but for some reason Control V and Control C have never worked. I did a search for the file and di it that way. Now it cannot find those files it syas. The only one I can see is the last one sitting in the quarantine folder on SuperAntiSpyware. Not sure what to do. I've tried so many ways and it just won't work.

Here is the scan from the Google Site SysProt:
SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAddBootEntry
Address: 9FD089CA
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwAllocateVirtualMemory
Address: 9FD5DA68
Driver Base: 9FD54000
Driver End: 9FD9C000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwAssignProcessToJobObject
Address: 9FE0F928
Driver Base: 9FE0C000
Driver End: 9FE3D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwClose
Address: 9FD28AF5
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwConnectPort
Address: 9FE0E64C
Driver Base: 9FE0C000
Driver End: 9FE3D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreateEvent
Address: 9FD0AEAC
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateEventPair
Address: 9FD0AF04
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateFile
Address: 9FE15314
Driver Base: 9FE0C000
Driver End: 9FE3D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreateIoCompletion
Address: 9FD0B01A
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateKey
Address: 9FD284A9
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateMutant
Address: 9FD0AE02
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreatePort
Address: 9FE0E46A
Driver Base: 9FE0C000
Driver End: 9FE3D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreateProcess
Address: 9FE0FEE8
Driver Base: 9FE0C000
Driver End: 9FE3D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreateProcessEx
Address: 9FE0C978
Driver Base: 9FE0C000
Driver End: 9FE3D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreateSection
Address: 9FD0AF54
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateSemaphore
Address: 9FD0AE56
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateThread
Address: 9FE0D634
Driver Base: 9FE0C000
Driver End: 9FE3D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreateTimer
Address: 9FD0AFC8
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDebugActiveProcess
Address: 9FE0DD22
Driver Base: 9FE0C000
Driver End: 9FE3D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwDeleteBootEntry
Address: 9FD089EE
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteKey
Address: 9FD291BB
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteValueKey
Address: 9FD29471
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDuplicateObject
Address: 9FD0B29E
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwEnumerateKey
Address: 9FD29026
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwEnumerateValueKey
Address: 9FD28E91
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwFreeVirtualMemory
Address: 9FD5DB18
Driver Base: 9FD54000
Driver End: 9FD9C000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwLoadDriver
Address: 9FD087B8
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwModifyBootEntry
Address: 9FD08A12
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwNotifyChangeKey
Address: 9FD0B412
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwNotifyChangeMultipleKeys
Address: 9FD094AA
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenEvent
Address: 9FD0AEDC
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenEventPair
Address: 9FD0AF2C
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenFile
Address: 9FE15692
Driver Base: 9FE0C000
Driver End: 9FE3D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwOpenIoCompletion
Address: 9FD0B044
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenKey
Address: 9FD28805
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenMutant
Address: 9FD0AE2E
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenProcess
Address: 9FD0B0D6
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenSection
Address: 9FD0AF94
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenSemaphore
Address: 9FD0AE84
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenThread
Address: 9FD0B1BA
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenTimer
Address: 9FD0AFF2
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwProtectVirtualMemory
Address: 9FD5DBB0
Driver Base: 9FD54000
Driver End: 9FD9C000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwQueryKey
Address: 9FD28D0C
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwQueryObject
Address: 9FD09370
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwQueryValueKey
Address: 9FD28B5E
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwQueueApcThread
Address: 9FE0FA44
Driver Base: 9FE0C000
Driver End: 9FE3D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwRenameKey
Address: 9FD65E26
Driver Base: 9FD54000
Driver End: 9FD9C000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwRequestPort
Address: 9FE0ECB0
Driver Base: 9FE0C000
Driver End: 9FE3D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwRequestWaitReplyPort
Address: 9FE0F018
Driver Base: 9FE0C000
Driver End: 9FE3D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwRestoreKey
Address: 9FD27B1C
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwResumeThread
Address: 9FE0E0CE
Driver Base: 9FE0C000
Driver End: 9FE3D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwSecureConnectPort
Address: 9FE0E86E
Driver Base: 9FE0C000
Driver End: 9FE3D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwSetBootEntryOrder
Address: 9FD08A36
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetBootOptions
Address: 9FD08A5A
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetContextThread
Address: 9FE0DBCC
Driver Base: 9FE0C000
Driver End: 9FE3D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwSetSystemInformation
Address: 9FD08812
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetSystemPowerState
Address: 9FD0894E
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetValueKey
Address: 9FD292C2
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwShutdownSystem
Address: 9FD0892A
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSuspendProcess
Address: 9FE0E1FE
Driver Base: 9FE0C000
Driver End: 9FE3D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwSuspendThread
Address: 9FE0DF7A
Driver Base: 9FE0C000
Driver End: 9FE3D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwSystemDebugControl
Address: 9FD08972
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwTerminateProcess
Address: 9FE98620
Driver Base: 9FE8E000
Driver End: 9FEB0000
Driver Name: \??\D:\SASKUTIL.SYS

Function Name: ZwTerminateThread
Address: 9FE0DA66
Driver Base: 9FE0C000
Driver End: 9FE3D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwUnloadDriver
Address: 9FE0F518
Driver Base: 9FE0C000
Driver End: 9FE3D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwVdmControl
Address: 9FD08A7E
Driver Base: 9FCF6000
Driver End: 9FD54000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwWriteVirtualMemory
Address: 9FE0F804
Driver Base: 9FE0C000
Driver End: 9FE3D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ObMakeTemporaryObject
At Address: 805A038B
Jump To: 9FD6E29E
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObInsertObject
At Address: 805650BA
Jump To: 9FD6FD38
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

SuperDave · « **Reply #29 on:** April 08, 2011, 07:38:13 PM »

Please run another scan with ComboFix and post the log.

delmarbd · « **Reply #30 on:** April 08, 2011, 11:20:22 PM »

Hi SuperDave,
Computer running much faster and smoother now since deleting those all those old picture files that were hogging up all the memory. No shut downs either today and used it for work today with several windows running abd streaming data with an application.

Here is the new Combo log:

ComboFix 11-04-08.02 - Glenda Pagan 04/09/2011 0:49.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1280.676 [GMT -4:00]
Running from: c:\documents and settings\Glenda Pagan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Glenda Pagan\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-03-09 to 2011-04-09 )))))))))))))))))))))))))))))))
.
.
2011-04-09 04:41 . 2011-04-09 04:45   --------   dc----r-   C:\32788R22FWJFW
2011-04-04 03:07 . 2011-04-04 03:07   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-03 18:48 . 2008-02-04 05:10   237776   ----a-w-   c:\windows\system32\tpuninst.exe
2011-04-03 05:47 . 2011-04-03 17:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
2011-04-03 05:47 . 2011-04-03 05:47   --------   d-----w-   c:\documents and settings\Glenda Pagan\Application Data\OnlineArmor
2011-04-03 05:46 . 2011-03-30 23:32   39048   ----a-w-   c:\windows\system32\drivers\oahlp32.sys
2011-04-03 05:46 . 2011-03-30 23:32   29464   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2011-04-03 05:46 . 2011-03-30 23:32   25192   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2011-04-03 05:46 . 2011-03-30 23:32   205992   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2011-04-03 02:26 . 2011-04-03 02:26   --------   d-----w-   c:\documents and settings\Glenda Pagan\Application Data\SUPERAntiSpyware.com
2011-04-03 01:14 . 2011-04-03 01:14   --------   d-----w-   c:\documents and settings\Glenda Pagan\Application Data\ErrorExpert
2011-04-03 00:25 . 2011-04-03 00:25   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2011-04-01 21:57 . 2011-04-01 21:57   --------   d-----w-   c:\program files\AMD APP
2011-03-21 23:56 . 2011-03-21 23:56   59904   ----a-w-   c:\windows\system32\OVDecode.dll
2011-03-21 23:55 . 2011-03-21 23:55   12385792   ----a-w-   c:\windows\system32\amdocl.dll
2011-03-13 18:40 . 2010-10-11 14:59   45568   -c----w-   c:\windows\system32\dllcache\wab.exe
2011-03-13 18:36 . 2011-03-13 18:36   --------   d-----w-   c:\program files\Common Files\Java
2011-03-13 18:31 . 2011-03-13 18:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2011-03-11 20:14 . 2011-02-23 14:56   371544   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 15:04 . 2010-10-15 23:28   40648   ----a-w-   c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-03-22 00:18   190016   ----a-w-   c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2010-03-22 00:19   301528   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-03-22 00:19   49240   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-03-22 00:19   102232   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2010-03-22 00:19   96344   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2010-03-22 00:19   25432   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2010-03-22 00:19   30680   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2010-03-22 00:19   19544   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2011-02-09 13:53 . 2002-12-19 15:32   270848   ------w-   c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2002-12-19 15:32   186880   ------w-   c:\windows\system32\encdec.dll
2011-02-03 01:40 . 2010-11-24 21:04   472808   -c--a-w-   c:\windows\system32\deployJava1.dll
2011-02-02 23:19 . 2009-02-22 14:59   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2002-12-19 15:32   2067456   ----a-w-   c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2002-12-19 15:32   677888   ------w-   c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2002-12-19 15:33   439296   ------w-   c:\windows\system32\shimgvw.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-04_21.28.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-08 13:01 . 2011-04-08 13:01   16384 c:\windows\Temp\Perflib_Perfdata_7c4.dat
+ 2011-04-05 15:17 . 2004-11-05 20:35   13104 c:\windows\system32\ReinstallBackups\0018\DriverFiles\L8042Kbd.sys
+ 2011-04-05 15:17 . 2008-04-13 19:39   24576 c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\kbdclass.sys
+ 2011-04-05 15:17 . 2004-08-04 06:14   52736 c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\i8042prt.sys
- 2010-05-26 18:36 . 2004-08-04 06:14   52736 c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\i8042prt.sys
- 2001-08-17 13:47 . 2008-04-13 19:39   23040 c:\windows\system32\drivers\mouclass.sys
+ 2001-08-17 13:47 . 2004-08-04 05:58   23040 c:\windows\system32\drivers\mouclass.sys
+ 2001-08-17 13:47 . 2008-04-13 18:39   24576 c:\windows\system32\drivers\kbdclass.sys
- 2001-08-17 13:47 . 2008-04-13 19:39   24576 c:\windows\system32\drivers\kbdclass.sys
- 2001-08-17 13:47 . 2008-04-13 19:39   23040 c:\windows\system32\dllcache\mouclass.sys
+ 2001-08-17 13:47 . 2004-08-04 05:58   23040 c:\windows\system32\dllcache\mouclass.sys
- 2001-08-17 13:47 . 2008-04-13 19:39   24576 c:\windows\system32\dllcache\kbdclass.sys
+ 2001-08-17 13:47 . 2008-04-13 18:39   24576 c:\windows\system32\dllcache\kbdclass.sys
+ 2002-12-19 15:33 . 2008-04-14 00:12   7168 c:\windows\system32\dllcache\sensapi.dll
+ 2010-03-14 19:02 . 2011-04-08 20:26   2644 c:\windows\system32\d3d9caps.dat
- 2010-03-14 19:02 . 2011-04-03 05:36   2644 c:\windows\system32\d3d9caps.dat
+ 2002-04-24 18:30 . 2001-08-18 12:00   163328 c:\windows\system32\dllcache\oleacc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04   122512   ----a-w-   c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="d:\desktop messenger\8876480\Program\BackWeb-8876480.exe" [2005-07-03 20480]
"ATI Launchpad"="c:\program files\ATI Multimedia\main\LaunchPd.exe" [2006-04-06 102400]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2006-04-06 57344]
"SUPERAntiSpyware"="D:\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-02 37888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2002-04-04 1417216]
"Net-It Launcher"="c:\windows\System32\NILaunch.exe" [1998-02-05 24576]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-11 339968]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-11-08 684032]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-16 270336]
"HydraVisionViewport"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraMD.exe" [2003-09-16 364544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "d:\online armor\oaevent.dll" [2011-03-30 354720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   -c--a-w-   D:\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Alarm Manager.LNK]
backup=c:\windows\pss\Alarm Manager.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MozyHome Status.lnk]
backup=c:\windows\pss\MozyHome Status.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk]
backup=c:\windows\pss\VAIO Action Setup (Server).lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Glenda Pagan^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Share-to-Web Namespace Daemon"=c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"LTSMMSG"=LTSMMSG.exe
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\ScottradeELITE\\Scottrader.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"443:TCP"= 443:TCP:ScottradeElite
"443:UDP"= 443:UDP:ScottradeElite
"27895:TCP"= 27895:TCP:Gnutella
"27895:UDP"= 27895:UDP:Gnutella
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/11/2011 4:14 PM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/21/2010 8:19 PM 301528]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [4/3/2011 1:46 AM 205992]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [4/3/2011 1:46 AM 39048]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [4/3/2011 1:46 AM 25192]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [4/3/2011 1:46 AM 29464]
R1 SASDIFSV;SASDIFSV;D:\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;D:\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/21/2010 8:19 PM 19544]
R2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [6/8/2000 2:15 PM 50176]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [4/25/2002 6:13 PM 34712]
R2 OAcat;Online Armor Helper Service;d:\online armor\oacat.exe [4/3/2011 1:46 AM 381512]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [7/24/2003 10:09 PM 9292]
R3 LHidPPKE;Logitech SetPoint HID Function Driver;c:\windows\system32\drivers\LHidPPKE.Sys [5/26/2010 2:36 PM 22497]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [4/24/2002 2:30 PM 267136]
S3 ICDUSB;Sony IC Recorder;c:\windows\system32\drivers\ICDUSB.sys [4/16/2003 2:55 PM 26409]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [4/24/2002 2:31 PM 807917]
S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [4/24/2002 2:31 PM 594668]
S3 SvcOnlineArmor;Online Armor;d:\online armor\oasrv.exe [4/3/2011 1:46 AM 4325960]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]
S4 CWShredder Service;CWShredder Service;c:\docume~1\GLENDA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\89U3SLMN\cwshredder[1].exe service --> c:\docume~1\GLENDA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\89U3SLMN\cwshredder[1].exe service [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-09 c:\windows\Tasks\User_Feed_Synchronization-{5B5D6917-909B-4733-9654-DF5E30BA0BE5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nytimes.com/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~1\bin\resources\WebMenuImg.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &4 - c:\windows\web\AOpenClient.htm
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-09 01:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
"ImagePath"="c:\docume~1\GLENDA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\89U3SLMN\cwshredder
[1].exe service"
.
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CWShredder Service]
"ImagePath"="c:\docume~1\GLENDA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\89U3SLMN\cwshredder
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(468)
D:\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'Explorer.EXE'(2684)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
D:\SASSEH.DLL
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\progra~1\WINZIP\WZSHLSTB.DLL
D:\SASCTXMN.DLL
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\ATI Multimedia\mlibrary\MLShell.dll
c:\program files\ATI Multimedia\atisserv.dll
c:\program files\ATI Multimedia\mlibrary\mlenu.rsc
c:\windows\system32\btncopy.dll
c:\windows\system32\jscript.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\Microsoft.NET\Framework\v2.0.50727\Fusion.dll
c:\windows\System32\inetres.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
.
Completion time: 2011-04-09 01:08:39
ComboFix-quarantined-files.txt 2011-04-09 05:08
ComboFix2.txt 2011-04-04 21:34
.
Pre-Run: 3,015,954,432 bytes free
Post-Run: 3,050,127,360 bytes free
.
- - End Of File - - 784B92D8EEB167CA42875F2D5502548A

SuperDave · « **Reply #31 on:** April 09, 2011, 12:26:03 PM »

P2P - I see you have P2P software installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program (LimeWire), it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
**************************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

delmarbd · « **Reply #32 on:** April 09, 2011, 04:45:05 PM »

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=552b1b6b7c27394faa21791673faea1d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-09 09:47:35
# local_time=2011-04-09 05:47:35 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=770 16774141 100 100 1469628 237740808 0 0
# compatibility_mode=6401 16777214 66 100 0 763334 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=97586
# found=0
# cleaned=0
# scan_time=8005

SuperDave · « **Reply #33 on:** April 09, 2011, 05:29:43 PM »

That looks good. Are you still having problems with the computer?

delmarbd · « **Reply #34 on:** April 09, 2011, 07:00:36 PM »

Terrific. It is running great. Thank you so much!! Should I delete that quarantined file in SuperAntiSpyware?

SuperDave · « **Reply #35 on:** April 10, 2011, 11:41:46 AM »

Quote

Should I delete that quarantined file in SuperAntiSpyware?

Yes. Let's do some cleanup.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

****************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
****************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
******************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

delmarbd · « **Reply #36 on:** April 11, 2011, 02:42:14 PM »

Thank you SuperDave. My computer is running better than it has in a long, long time.

SuperDave · « **Reply #37 on:** April 12, 2011, 12:31:50 PM »

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Computer Hope Forum

News:

Author Topic: Computer Keeps Crashing Please Help (Read 19476 times)

delmarbd

delmarbd

delmarbd

SuperDave

delmarbd

delmarbd

delmarbd

delmarbd

SuperDave

delmarbd

delmarbd

SuperDave

delmarbd

delmarbd

SuperDave

delmarbd

delmarbd

delmarbd

delmarbd

delmarbd

delmarbd

SuperDave

delmarbd

delmarbd

SuperDave

delmarbd

delmarbd

SuperDave

delmarbd

SuperDave

delmarbd

SuperDave

delmarbd

SuperDave

delmarbd

SuperDave

delmarbd

SuperDave