snipes

Members
  • Content Count

    20
  • Joined

  • Last visited

Community Reputation

0 Neutral

About snipes

  • Rank
    Member
  1. Things seem to be running better, however three issues are still occurring(caused by whatever System Fix did): 1) Whenever I open Internet Explorer, it gives me a message saying a program has tried to change my default search engine, acknowledging this message brings up a window that asks me to set my default search engine(which IE is setting automatically as Bing.com). This happens everytime no matter how many times I set my default search engine, if I quit IE and open it again, same thing) 2)Realplayer crashes everytime I try to run it. It pops up a window saying "Fatal Application Exit. Exiting Application" and the only button is an "OK" button, after which Realplayer quits. 3)Adobe Acrobat Reader: When I try to open a PDF(either a saved one on my hard drive or an e-mail attachment), I get the following error window: "Microsoft Visual C++ Runtime Library Runtime Error! Program: C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe This application has requested the runtime to terminate it in an unusual way. Please contact the application's support team for more information." After which it closes. I updated it after completing all the scans and fixes we did, but this problem has not gone away with Acrobat Reader.
  2. New Ad-Aware log: Logfile created: 12/18/2011 14:38:26 Ad-Aware version: 9.6.0 Extended engine: 3 Extended engine version: 3.1.2770 User performing scan: User *********************** Definitions database information *********************** Lavasoft definition file: 150.654 Genotype definition file version: 2011/09/21 13:56:01 Extended engine definition file: 11269.0 ******************************** Scan results: ********************************* Scan profile name: Smart Scan (ID: smart) Objects scanned: 56121 Objects detected: 10 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 0 Folders.........: 0 LSPs............: 0 Cookies.........: 10 Browser hijacks.: 0 MRU objects.....: 0 Removed items: Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0 Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0 Description: *adbureau* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409027 Family ID: 0 Description: *partypoker* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409141 Family ID: 0 Description: *kontera* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409363 Family ID: 0 Description: *webpower* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409354 Family ID: 0 Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0 Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0 Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0 Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0 Scan and cleaning complete: Finished correctly after 235 seconds *********************************** Settings *********************************** Scan profile: ID: smart, enabled:1, value: Smart Scan ID: folderstoscan, enabled:1, value: ID: useantivirus, enabled:1, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: false ID: scanhostsfile, enabled:1, value: false ID: scanmru, enabled:1, value: false ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: false ID: onlyexecutables, enabled:1, value: true ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: true ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: true Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: N/A Scheduled scan settings: <Empty> Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:1, value: Daily 1 ID: time, enabled:1, value: Sun Dec 11 01:30:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily2, enabled:1, value: Daily 2 ID: time, enabled:1, value: Sun Dec 11 07:30:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily3, enabled:1, value: Daily 3 ID: time, enabled:1, value: Sun Dec 11 13:30:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily4, enabled:1, value: Daily 4 ID: time, enabled:1, value: Sun Dec 11 19:30:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Sun Dec 11 01:30:00 2011 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: true ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: true ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: autoentertainmentmode, enabled:1, value: true ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language Realtime protection settings: ID: realtime, enabled:1 ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ID: layers, enabled:1 ID: useantivirus, enabled:1, value: true ID: usespywareheuristics, enabled:1, value: true ID: maintainbackup, enabled:1, value: true ID: modules, enabled:1 ID: processprotection, enabled:1, value: true ID: onaccessprotection, enabled:1, value: true ID: registryprotection, enabled:1, value: true ID: networkprotection, enabled:1, value: true ****************************** System information ****************************** Computer name: XPHOMEPC Processor name: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz Processor identifier: x86 Family 6 Model 23 Stepping 10 Processor speed: ~2500MHZ Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 5898, number of processors 2, processor features: [MMX,SSE,SSE2] Physical memory available: 2079723520 bytes Physical memory total: 3216564224 bytes Virtual memory available: 1908400128 bytes Virtual memory total: 2147352576 bytes Memory load: 35% Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Windows startup mode: Running processes: PID: 600 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 676 name: C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 708 name: C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 752 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 764 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 936 name: C:\WINDOWS\system32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY PID: 956 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1024 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1128 name: C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe owner: SYSTEM domain: NT AUTHORITY PID: 1164 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1264 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1384 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1488 name: C:\WINDOWS\system32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY PID: 1560 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1660 name: C:\WINDOWS\system32\brsvc01a.exe owner: SYSTEM domain: NT AUTHORITY PID: 1728 name: C:\WINDOWS\system32\brss01a.exe owner: SYSTEM domain: NT AUTHORITY PID: 1736 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY PID: 1872 name: C:\WINDOWS\Explorer.EXE owner: User domain: XPHOMEPC PID: 1688 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1808 name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1908 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY PID: 2008 name: C:\WINDOWS\system32\Brmfrmps.exe owner: SYSTEM domain: NT AUTHORITY PID: 980 name: C:\Program Files\CyberLink\Shared Files\RichVideo.exe owner: SYSTEM domain: NT AUTHORITY PID: 432 name: C:\Program Files\Analog Devices\Core\smax4pnp.exe owner: User domain: XPHOMEPC PID: 504 name: C:\Program Files\Microsoft Security Client\msseces.exe owner: User domain: XPHOMEPC PID: 1184 name: C:\Program Files\iTunes\iTunesHelper.exe owner: User domain: XPHOMEPC PID: 1572 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1216 name: C:\Program Files\Real\RealPlayer\update\realsched.exe owner: User domain: XPHOMEPC PID: 1348 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: User domain: XPHOMEPC PID: 2100 name: C:\Program Files\Canon\CAL\CALMAIN.exe owner: SYSTEM domain: NT AUTHORITY PID: 2220 name: C:\WINDOWS\system32\ctfmon.exe owner: User domain: XPHOMEPC PID: 3204 name: C:\WINDOWS\system32\rundll32.exe owner: User domain: XPHOMEPC PID: 3220 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY PID: 3292 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY PID: 3636 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY PID: 3748 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 2564 name: C:\Documents and Settings\User\Local Settings\Application Data\vghd\bin\VirtuaGirl_Downloader.exe owner: User domain: XPHOMEPC PID: 3032 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: User domain: XPHOMEPC PID: 544 name: C:\Program Files\Skype\Phone\Skype.exe owner: User domain: XPHOMEPC PID: 588 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: User domain: XPHOMEPC PID: 2188 name: C:\WINDOWS\system32\wuauclt.exe owner: SYSTEM domain: NT AUTHORITY PID: 2152 name: C:\WINDOWS\system32\msiexec.exe owner: SYSTEM domain: NT AUTHORITY Startup items: Name: SigmatelSysTrayApp imagepath: sttray.exe Name: NeroFilterCheck imagepath: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe Name: RTHDCPL imagepath: RTHDCPL.EXE Name: IgfxTray imagepath: C:\WINDOWS\system32\igfxtray.exe Name: HotKeysCmds imagepath: C:\WINDOWS\system32\hkcmd.exe Name: Persistence imagepath: C:\WINDOWS\system32\igfxpers.exe Name: SoundMAXPnP imagepath: C:\Program Files\Analog Devices\Core\smax4pnp.exe Name: SetDefPrt imagepath: C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe Name: Adobe Reader Speed Launcher imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" Name: Adobe ARM imagepath: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Name: CanonMyPrinter imagepath: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon Name: CanonSolutionMenu imagepath: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon Name: MSC imagepath: "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey Name: AppleSyncNotifier imagepath: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe Name: APSDaemon imagepath: "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" Name: QuickTime Task imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime Name: iTunesHelper imagepath: "C:\Program Files\iTunes\iTunesHelper.exe" Name: TkBellExe imagepath: "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot Name: DWQueuedReporting imagepath: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Browseui preloader Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} Name: WPDShServiceObj imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Name: imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk imagepath: C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk imagepath: C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe Name: imagepath: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini Bootexecute items: Name: imagepath: autocheck autochk * Name: imagepath: lsdelete Running services: Name: Alerter displayname: Alerter Name: ALG displayname: Application Layer Gateway Service Name: Apple Mobile Device displayname: Apple Mobile Device Name: Ati HotKey Poller displayname: Ati HotKey Poller Name: AudioSrv displayname: Windows Audio Name: BITS displayname: Background Intelligent Transfer Service Name: Bonjour Service displayname: Bonjour Service Name: brmfrmps displayname: Brother Popup Suspend service for Resource manager Name: Brother XP spl Service displayname: BrSplService Name: CCALib8 displayname: Canon Camera Access Library 8 Name: CryptSvc displayname: CryptSvc Name: DcomLaunch displayname: DCOM Server Process Launcher Name: Dhcp displayname: DHCP Client Name: Dnscache displayname: DNS Client Name: ERSvc displayname: Error Reporting Service Name: Eventlog displayname: Event Log Name: EventSystem displayname: COM+ Event System Name: FastUserSwitchingCompatibility displayname: Fast User Switching Compatibility Name: helpsvc displayname: Help and Support Name: HidServ displayname: HID Input Service Name: iPod Service displayname: iPod Service Name: lanmanserver displayname: Server Name: lanmanworkstation displayname: Workstation Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Name: LmHosts displayname: TCP/IP NetBIOS Helper Name: MSIServer displayname: Windows Installer Name: MsMpSvc displayname: Microsoft Antimalware Service Name: Netman displayname: Network Connections Name: Nla displayname: Network Location Awareness (NLA) Name: PlugPlay displayname: Plug and Play Name: PolicyAgent displayname: IPSEC Services Name: ProtectedStorage displayname: Protected Storage Name: RasMan displayname: Remote Access Connection Manager Name: RichVideo displayname: Cyberlink RichVideo Service(CRVS) Name: RpcSs displayname: Remote Procedure Call (RPC) Name: SamSs displayname: Security Accounts Manager Name: Schedule displayname: Task Scheduler Name: seclogon displayname: Secondary Logon Name: SENS displayname: System Event Notification Name: SharedAccess displayname: Windows Firewall/Internet Connection Sharing (ICS) Name: ShellHWDetection displayname: Shell Hardware Detection Name: Spooler displayname: Print Spooler Name: srservice displayname: System Restore Service Name: SSDPSRV displayname: SSDP Discovery Service Name: stisvc displayname: Windows Image Acquisition (WIA) Name: TapiSrv displayname: Telephony Name: TermService displayname: Terminal Services Name: Themes displayname: Themes Name: TrkWks displayname: Distributed Link Tracking Client Name: W32Time displayname: Windows Time Name: WebClient displayname: WebClient Name: winmgmt displayname: Windows Management Instrumentation Name: wscsvc displayname: Security Center Name: wuauserv displayname: Automatic Updates Name: WZCSVC displayname: Wireless Zero Configuration
  3. Here is the OTL log: All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\WINDOWS\Downloaded Program Files\gp.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkM moved successfully. C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkMr moved successfully. C:\Documents and Settings\All Users\Application Data\qUSTcS5IHSLWkM moved successfully. ========== COMMANDS ========== Restore point Set: OTL Restore Point (0) [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 41620 bytes User: LocalService ->Temp folder emptied: 65536 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 12768 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: User ->Temp folder emptied: 21105 bytes ->Temporary Internet Files folder emptied: 314675317 bytes ->Java cache emptied: 776944 bytes ->FireFox cache emptied: 88434322 bytes ->Google Chrome cache emptied: 6322005 bytes ->Flash cache emptied: 281598 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2162283 bytes %systemroot%\System32 .tmp files removed: 12996113 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 32120 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 9868 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 406.00 mb OTL by OldTimer - Version 3.2.31.0 log created on 12182011_140418 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\V387PV89\collegehumor.e0088093ce21eb5095e5017e54e17d1e[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\V387PV89\dot[1].gif not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\V387PV89\i3a[1].js not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\V387PV89\logCA4HNKAC.htm not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\V387PV89\logCAYFP4L4.htm not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\V387PV89\tops[1].js not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\273938_1343406536_541783836_q[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\372088_502316609_543885776_q[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\373378_126406450745685_1772439670_s[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\393440_258244987571236_171828799546189_742742_1517764592_a[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\5621205596[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\HPIM0190[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\HPIM0370[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\HPIM0387[2].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\HPIM0389[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\log[1].htm not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\video_content;rating=pg13;ctype=video;referrer=collegehumor[1].com;video_id=6547456;tag=rap;tag=music;tag=complain;sz=728x91;tile=6;sec=video_content;ord=96627112 not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\0543b1c3a746d0a40f1ded6dee229dbc[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\0bce88c22c61979b8ad0f537d78edd78[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\1312321085-877201835[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\1312528024-9078559[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\1312832501-608995609[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\184x138-6882442[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\1985624[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\2720620378[1].html not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\273978_55202261_717339691_q[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\41009[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\cont_310_top[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\dailylinks[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\ETC121211AngelinaJolieBloodandHoneyOnline_220x130_2176087523[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\jquery.1.4.4.min[1].js not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\jquery.min[1].js not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\top1_new[1].jpg not found! Registry entries deleted on Reboot...
  4. Here is the OTL Log: OTL logfile created on: 12/17/2011 3:35:10 PM - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 20.57% Memory free 4.25 Gb Paging File | 2.16 Gb Available in Paging File | 50.96% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.76 Gb Total Space | 24.43 Gb Free Space | 5.25% Space Free | Partition Type: NTFS Drive E: | 232.88 Gb Total Space | 32.93 Gb Free Space | 14.14% Space Free | Partition Type: NTFS Drive F: | 931.51 Gb Total Space | 579.18 Gb Free Space | 62.18% Space Free | Partition Type: NTFS Computer Name: XPHOMEPC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Real\realplayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\WINDOWS\system32\quartz.dll () MOD - C:\WINDOWS\system32\qcap.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\devenum.dll () [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (AppMgmt) -- File not found SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.) SRV - (brmfrmps) -- C:\WINDOWS\System32\Brmfrmps.exe (Brother Industries, Ltd.) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (catchme) -- File not found DRV - (MpKslc0149f27) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38CBD794-487A-4CF1-8A42-0576BC047793}\MpKslc0149f27.sys (Microsoft Corporation) DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.) DRV - (e1kexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1k5132.sys (Intel Corporation) DRV - (tpm) -- C:\WINDOWS\system32\drivers\tpm.sys (Intel Corporation) DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (sfng32) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc) DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (PD0620VID) -- C:\WINDOWS\system32\drivers\P0620Vid.sys (Creative Technology Ltd.) DRV - (SMBios) Intel (R) -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.com/"]http://www.google.com/[/url] IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Secure Search" FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..keyword.URL: "[url="http://search.yahoo.com/search?fr=mcafee&p"]http://search.yahoo.com/search?fr=mcafee&p[/url]=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 50370 FF - prefs.js..network.proxy.type: 1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/23 14:49:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/10 15:01:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/10 15:01:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/10 15:01:35 | 000,000,000 | ---D | M] [2009/10/24 05:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions [2011/11/19 16:47:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eyycxugt.default\extensions [2010/01/07 15:35:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eyycxugt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/11/19 16:47:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/11/08 21:19:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011/12/10 15:01:19 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011/11/23 14:49:39 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2011/11/25 23:36:09 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [color=#E56717]========== Chrome ==========[/color] CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\ O1 HOSTS File: ([2011/11/28 06:26:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe (Brother Industories, Ltd.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\sttray.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm () O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} [url="http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab"]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab[/url] (CDownloadCtrl Object) O16 - DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} [url="http://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB"]http://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB[/url] (CTAdjust Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [url="http://download.eset.com/special/eos/OnlineScanner.cab"]http://download.eset.com/special/eos/OnlineScanner.cab[/url] (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url] (Shockwave Flash Object) O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} [url="http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab"]http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab[/url] (CTAdjust Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url] (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7D8B73F-953C-4EA5-88F0-F60B146891A1}: DhcpNameServer = 64.71.255.198 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/02/01 12:45:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005/12/18 12:26:53 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/12/16 00:26:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2011/12/16 00:17:44 | 000,000,000 | RHSD | C] -- C:\cmdcons [2011/12/16 00:15:58 | 000,000,000 | ---D | C] -- C:\ComboFix [2011/12/16 00:07:58 | 004,340,692 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe [2011/12/14 23:50:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011/12/13 22:22:05 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\TDSSKiller.exe [2011/12/13 22:19:29 | 000,000,000 | ---D | C] -- C:\Config.Msi [2011/12/11 12:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Skypehist [2011/12/11 01:32:10 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2011/12/11 01:30:15 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2011/12/11 01:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2011/12/11 01:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft [2011/12/11 01:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2011/12/11 01:27:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe [2011/12/10 15:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2011/12/10 15:01:10 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2011/12/10 15:01:03 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2011/12/10 15:01:03 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2011/12/10 15:01:02 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2011/12/10 15:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real [2011/12/10 14:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Real [2011/12/10 14:41:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel [2011/11/28 06:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\New Folder [2011/11/28 06:16:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011/11/28 06:16:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011/11/28 06:16:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011/11/28 06:16:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011/11/28 06:16:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/11/28 06:15:36 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/11/28 06:15:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Administrative Tools [2011/11/28 06:14:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Recent [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/12/17 15:33:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011/12/17 14:50:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/12/17 14:50:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/12/17 14:41:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3848946577-2371322978-3439528459-1004.job [2011/12/16 07:22:26 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2011/12/16 01:51:05 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2011/12/16 00:17:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2011/12/15 23:48:47 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBR.dat [2011/12/15 21:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/12/14 22:33:06 | 000,000,424 | ---- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/12/14 22:28:21 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011/12/14 22:27:59 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3848946577-2371322978-3439528459-1004.job [2011/12/14 22:27:43 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/12/14 22:27:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/12/14 22:27:40 | 000,167,952 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2011/12/14 01:30:59 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2011/12/14 01:30:59 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2011/12/11 21:04:07 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011/12/11 12:46:25 | 000,142,336 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/11 01:32:10 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2011/12/11 01:32:09 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2011/12/11 01:30:18 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2011/12/10 15:01:31 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2011/12/10 15:01:10 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2011/12/10 15:01:03 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2011/12/10 15:01:03 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2011/12/10 15:01:02 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2011/12/10 14:40:35 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/12/02 21:57:02 | 000,016,958 | ---- | M] () -- C:\Documents and Settings\User\Desktop\303065_980052305768_60715446_40881510_669875230_n.jpg [2011/12/02 07:49:14 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2011/11/28 06:26:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/11/28 06:18:26 | 000,000,327 | ---- | M] () -- C:\Boot.bak [2011/11/28 06:08:22 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkM [2011/11/28 06:08:22 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkMr [2011/11/28 06:04:30 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\qUSTcS5IHSLWkM [2011/11/21 05:45:29 | 000,001,104 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2011/11/21 05:43:38 | 000,000,007 | ---- | M] () -- C:\WINDOWS\treeskp.sys [2011/11/21 05:43:38 | 000,000,007 | ---- | M] () -- C:\WINDOWS\sbacknt.bin [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/12/15 23:48:47 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBR.dat [2011/12/14 01:30:59 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011/12/14 01:30:59 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011/12/13 22:21:42 | 001,557,791 | ---- | C] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip [2011/12/11 08:17:02 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2011/12/11 01:30:24 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011/12/11 01:30:18 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2011/12/10 15:01:31 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2011/12/10 14:40:35 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/12/02 21:57:08 | 000,016,958 | ---- | C] () -- C:\Documents and Settings\User\Desktop\303065_980052305768_60715446_40881510_669875230_n.jpg [2011/11/28 06:23:44 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk [2011/11/28 06:23:44 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk [2011/11/28 06:23:44 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2011/11/28 06:23:32 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk [2011/11/28 06:23:31 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk [2011/11/28 06:23:31 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk [2011/11/28 06:23:31 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk [2011/11/28 06:23:31 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk [2011/11/28 06:23:31 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk [2011/11/28 06:23:31 | 000,001,004 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money 2006.lnk [2011/11/28 06:23:30 | 000,002,379 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk [2011/11/28 06:23:30 | 000,002,361 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk [2011/11/28 06:23:30 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2011/11/28 06:23:30 | 000,002,030 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZIP RAR ACE Password Recovery.lnk [2011/11/28 06:23:30 | 000,001,620 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/11/28 06:23:30 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2011/11/28 06:23:30 | 000,001,083 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Command & Conquer 3 Kane's Wrath.lnk [2011/11/28 06:23:30 | 000,000,981 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2011/11/28 06:23:30 | 000,000,975 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Command & Conquer 3 Tiberium Wars.lnk [2011/11/28 06:23:30 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk [2011/11/28 06:23:30 | 000,000,815 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/11/28 06:23:30 | 000,000,800 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2011/11/28 06:23:30 | 000,000,079 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2011/11/28 06:23:29 | 000,002,010 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative WebCam Center.lnk [2011/11/28 06:23:29 | 000,001,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative Product Registration.lnk [2011/11/28 06:23:29 | 000,001,967 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP560 series On-screen Manual.lnk [2011/11/28 06:23:29 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2011/11/28 06:23:29 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Medal of Honor Pacific Assault(tm).lnk [2011/11/28 06:23:29 | 000,001,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Command & Conquer™ Red Alert™ 3.lnk [2011/11/28 06:23:29 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 3.0.lnk [2011/11/28 06:23:29 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk [2011/11/28 06:23:29 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2011/11/28 06:23:29 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Works.lnk [2011/11/28 06:23:29 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP560 series User Registration.LNK [2011/11/28 06:23:29 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk [2011/11/28 06:23:29 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon My Printer.lnk [2011/11/28 06:23:29 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk [2011/11/28 06:23:29 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2011/11/28 06:23:29 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Medal of Honor Allied Assault.lnk [2011/11/28 06:23:29 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2011/11/28 06:23:29 | 000,001,496 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GetRight.lnk [2011/11/28 06:23:29 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk [2011/11/28 06:23:29 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk [2011/11/28 06:23:29 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Download Manager.lnk [2011/11/28 06:18:26 | 000,000,327 | ---- | C] () -- C:\Boot.bak [2011/11/28 06:18:22 | 000,260,272 | RHS- | C] () -- C:\cmldr [2011/11/28 06:16:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/11/28 06:16:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/11/28 06:16:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/11/28 06:16:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/11/28 06:16:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/11/28 06:08:22 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkMr [2011/11/28 06:08:21 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkM [2011/11/28 06:04:09 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qUSTcS5IHSLWkM [2011/08/01 15:47:27 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2011/08/01 15:47:27 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini [2010/09/15 03:44:49 | 000,000,007 | ---- | C] () -- C:\WINDOWS\treeskp.sys [2010/09/15 03:44:49 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin [2010/02/09 04:19:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\UniFISH.exe [2009/12/18 04:47:54 | 000,000,898 | ---- | C] () -- C:\WINDOWS\ARPR.INI [2009/11/18 18:04:18 | 000,000,078 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009/10/29 04:27:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini [2009/10/27 04:40:53 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2009/10/27 04:40:28 | 000,000,419 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2009/10/27 04:40:28 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2009/10/27 04:40:28 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2009/10/27 04:40:28 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009/10/27 04:40:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat [2009/10/27 04:40:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2009/10/24 05:29:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/10/23 17:18:36 | 000,071,760 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009/10/20 01:44:58 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/10/20 01:44:58 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/10/20 01:42:45 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009/10/20 01:03:42 | 000,142,336 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/19 18:57:27 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\User\Application Data\wklnhst.dat [2009/10/19 14:41:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2009/10/19 14:41:16 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2009/10/19 14:41:15 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2009/10/08 23:57:57 | 000,417,344 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin [2009/10/08 23:57:56 | 000,982,192 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin [2009/10/08 23:54:54 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2009/04/03 14:09:26 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll [2009/02/18 12:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe [2009/02/03 15:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe [2006/02/01 15:04:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/02/01 14:29:45 | 000,000,526 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006/02/01 14:28:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/02/01 14:15:41 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe [2006/02/01 13:25:05 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2006/02/01 13:22:44 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2006/02/01 13:22:39 | 000,188,348 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2006/02/01 12:48:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006/02/01 12:42:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006/02/01 04:32:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006/02/01 04:29:29 | 000,332,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/04 07:00:00 | 000,444,794 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/04 07:00:00 | 000,072,544 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [color=#E56717]========== LOP Check ==========[/color] [2011/01/04 17:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2011/08/01 15:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV [2011/03/16 21:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan [2010/08/07 14:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/10/19 16:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2011/03/16 21:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon [2011/01/04 17:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon Easy-WebPrint EX [2009/11/25 18:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Command & Conquer 3 Kane's Wrath [2009/11/04 20:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Command & Conquer 3 Tiberium Wars [2011/01/28 04:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GetRight [2010/04/17 03:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Red Alert 3 [2010/04/04 13:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Red Alert 3 Demo [2009/11/05 00:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Template [2010/09/15 03:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\vghd [2009/12/19 07:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ZIP RAR ACE Password Recovery [2011/12/14 22:28:21 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2011/12/14 22:33:06 | 000,000,424 | ---- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2011/01/25 09:20:52 | 000,021,504 | ---- | M] ()(C:\Documents and Settings\User\My Documents\???? ??????.doc) -- C:\Documents and Settings\User\My Documents\День ангела.doc [2011/01/19 14:57:07 | 000,025,600 | ---- | M] ()(C:\Documents and Settings\User\My Documents\??.doc) -- C:\Documents and Settings\User\My Documents\мы.doc [2011/01/15 18:12:54 | 000,021,504 | ---- | C] ()(C:\Documents and Settings\User\My Documents\???? ??????.doc) -- C:\Documents and Settings\User\My Documents\День ангела.doc [2010/12/28 23:23:49 | 000,025,600 | ---- | C] ()(C:\Documents and Settings\User\My Documents\??.doc) -- C:\Documents and Settings\User\My Documents\мы.doc [2010/07/12 12:22:55 | 000,022,528 | ---- | M] ()(C:\Documents and Settings\User\My Documents\??????????? ????.doc) -- C:\Documents and Settings\User\My Documents\могократная виза.doc [2010/07/09 19:41:26 | 000,022,528 | ---- | C] ()(C:\Documents and Settings\User\My Documents\??????????? ????.doc) -- C:\Documents and Settings\User\My Documents\могократная виза.doc < End of report >
  5. Here is the Combofix log: ComboFix 11-12-15.02 - User 12/16/2011 0:20.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3068.2185 [GMT -5:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 ))))))))))))))))))))))))))))))) . . 2011-12-16 03:34 . 2011-12-16 03:34 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24A297BD-8662-4651-AAF2-6E28B893F6BF}\MpKsl80616ebd.sys 2011-12-16 03:34 . 2011-12-16 03:34 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24A297BD-8662-4651-AAF2-6E28B893F6BF}\offreg.dll 2011-12-16 03:34 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24A297BD-8662-4651-AAF2-6E28B893F6BF}\mpengine.dll 2011-12-15 04:50 . 2011-12-15 04:50 -------- d-----w- c:\program files\ESET 2011-12-11 13:17 . 2011-12-11 06:32 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-12-11 06:32 . 2011-12-11 06:32 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-12-11 06:30 . 2011-12-02 12:49 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-12-11 06:30 . 2011-12-11 06:30 -------- d-----w- c:\program files\Lavasoft 2011-12-11 06:30 . 2011-12-11 06:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2011-12-10 20:01 . 2011-12-10 20:01 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll 2011-12-10 20:01 . 2011-12-10 20:01 -------- d-----w- c:\program files\Common Files\xing shared 2011-12-10 20:01 . 2011-12-10 20:01 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll 2011-12-10 20:01 . 2011-12-10 20:01 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll 2011-12-10 19:43 . 2011-12-10 19:43 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Real 2011-12-10 19:41 . 2011-12-11 06:20 -------- d-----w- c:\windows\SxsCaPendDel . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 20:00 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-11-21 10:47 . 2010-10-17 09:56 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-10-10 14:22 . 2006-02-01 17:42 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2004-10-01 20:00 . 2006-02-01 19:15 40960 ----a-w- c:\program files\Uninstall_CDS.exe . . ((((((((((((((((((((((((((((( [email="[email protected]_11.26.23"][email protected]_11.26.23[/email] ))))))))))))))))))))))))))))))))))))))))) . + 2011-12-11 06:30 . 2011-12-02 12:49 64512 c:\windows\system32\DRVSTORE\lbd_69523D0F7F903BDB477CD80CFD35086362532B23\Lbd.sys + 2011-12-10 20:01 . 2011-12-10 20:01 18944 c:\windows\Installer\5481c.msi + 2011-12-10 20:00 . 2011-12-10 20:00 92672 c:\windows\Installer\5480f.msi + 2011-12-10 19:45 . 2011-12-10 19:45 22016 c:\windows\Installer\5478f.msi + 2011-12-10 20:01 . 2011-12-10 20:01 5632 c:\windows\system32\pndx5032.dll - 2010-12-21 10:06 . 2010-12-21 10:06 5632 c:\windows\system32\pndx5032.dll + 2011-12-10 20:01 . 2011-12-10 20:01 6656 c:\windows\system32\pndx5016.dll - 2010-12-21 10:06 . 2010-12-21 10:06 6656 c:\windows\system32\pndx5016.dll + 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll + 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2009-07-12 03:11 . 2009-07-12 03:11 624448 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcr90.dll + 2009-07-12 03:11 . 2009-07-12 03:11 853312 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcp90.dll + 2009-07-12 03:14 . 2009-07-12 03:14 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcm90.dll + 2009-07-12 03:11 . 2009-07-12 03:11 176456 c:\windows\WinSxS\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_673f7fa2\atl90.dll + 2011-12-10 20:01 . 2011-12-10 20:01 198832 c:\windows\system32\rmoc3260.dll - 2010-12-21 10:06 . 2010-12-21 10:06 272896 c:\windows\system32\pncrt.dll + 2011-12-10 20:01 . 2011-12-10 20:01 272896 c:\windows\system32\pncrt.dll + 2011-12-11 06:30 . 2011-12-11 06:30 7265280 c:\windows\Installer\73b09.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "Steam"="c:\program files\Steam\Steam.exe" [2011-08-08 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="sttray.exe" [2007-01-18 303104] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664] "RTHDCPL"="RTHDCPL.EXE" [2008-01-16 16384512] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-14 1040384] "SetDefPrt"="c:\program files\Brother\Brmfl04b\BrStDvPt.exe" [2010-08-19 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-10 296056] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [N/A] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2009-10-27 815104] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2008-01-16 01:10 69632 ------r- c:\windows\Alcmtr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2008-01-16 01:10 16384512 ------r- c:\windows\RTHDCPL.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "igndlm.exe"=c:\program files\Download Manager\DLM.exe /windowsstart /startifwork "ctfmon.exe"=c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" "PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC "PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName "MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 "ControlCenter2.0"=c:\program files\Brother\ControlCenter2\brctrcen.exe /autorun . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"= "c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/11/2011 1:30 AM 64512] R1 MpKsl80616ebd;MpKsl80616ebd;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24A297BD-8662-4651-AAF2-6E28B893F6BF}\MpKsl80616ebd.sys [12/15/2011 10:34 PM 29904] R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [10/20/2009 2:31 AM 149600] S1 MpKslcb048975;MpKslcb048975;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\MpKslcb048975.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\MpKslcb048975.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/27/2011 4:31 PM 136176] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2011 7:49 AM 2152152] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [12/15/2010 10:23 PM 94880] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/27/2011 4:31 PM 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232] S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 7:00 AM 14336] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASWMBR *NewlyCreated* - MPKSL80616EBD *Deregistered* - aswMBR . Contents of the 'Scheduled Tasks' folder . 2011-12-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-02 06:32] . 2011-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2011-12-16 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-13 04:52] . 2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-27 21:31] . 2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-27 21:31] . 2011-12-15 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39] . 2011-12-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3848946577-2371322978-3439528459-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14] . 2011-12-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3848946577-2371322978-3439528459-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm TCP: DhcpNameServer = 64.71.255.198 FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\eyycxugt.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 50370 FF - prefs.js: network.proxy.type - 1 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_06\bin\jusched.exe AddRemove-RealPlayer 15.0 - c:\program files\Real\RealPlayer\Update\r1puninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2011-12-16 00:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3848946577-2371322978-3439528459-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:69,49,e2,b9,30,c2,df,fa,bb,0d,6f,eb,43,56,fd,70,fa,d1,16,ac,cb,1c,a3, b0,f4,56,0c,93,c2,57,17,ef,3e,9f,cc,ab,5f,b8,27,57,b5,66,ee,f6,71,57,2b,fa,\ "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d . [HKEY_USERS\S-1-5-21-3848946577-2371322978-3439528459-1004\Software\SecuROM\License information*] "datasecu"=hex:ef,0b,23,59,e1,bc,4f,af,8f,16,99,14,b0,5d,93,23,08,2a,fa,1c,29, 13,af,20,b7,e3,b2,a6,35,57,84,d3,f4,6f,5b,32,c1,dd,cc,5d,a8,25,6c,03,05,7b,\ "rkeysecu"=hex:8a,08,2b,5b,b4,d9,0a,0c,f7,53,19,a6,13,7f,4f,13 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(720) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(5328) c:\windows\system32\WININET.dll c:\progra~1\mcafee\SITEAD~1\saHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-12-16 00:26:53 ComboFix-quarantined-files.txt 2011-12-16 05:26 ComboFix2.txt 2011-12-13 21:37 . Pre-Run: 26,376,257,536 bytes free Post-Run: 27,262,976,000 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 6E9C1644842621024FC9C60028587118
  6. Here is the aswMBR log: aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-12-15 23:38:17 ----------------------------- 23:38:17.437 OS Version: Windows 5.1.2600 Service Pack 3 23:38:17.437 Number of processors: 2 586 0x170A 23:38:17.437 ComputerName: XPHOMEPC UserName: User 23:38:18.421 Initialize success 23:39:13.515 AVAST engine defs: 11121502 23:39:24.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-10 23:39:24.515 Disk 0 Vendor: WDC_WD5000AAKS-00V1A0 05.01D05 Size: 476940MB BusType: 3 23:39:24.515 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-1d 23:39:24.531 Disk 1 Vendor: WDC_WD2500JS-41MVB1 10.02E01 Size: 238475MB BusType: 3 23:39:24.640 Disk 2 \Device\Harddisk2\DR4 -> \Device\Sbp2\WD&My Book&0&0090a97a_62d92c23_Instance00 23:39:24.656 Disk 2 Vendor: WD______ 1028 Size: 953869MB BusType: 4 23:39:26.734 Disk 0 MBR read successfully 23:39:26.750 Disk 0 MBR scan 23:39:26.765 Disk 0 Windows XP default MBR code 23:39:26.781 Disk 0 scanning sectors +976768065 23:39:26.875 Disk 0 scanning C:\WINDOWS\system32\drivers 23:39:42.843 Service scanning 23:39:43.281 Service MpKsl80616ebd C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24A297BD-8662-4651-AAF2-6E28B893F6BF}\MpKsl80616ebd.sys **LOCKED** 32 23:39:44.437 Modules scanning 23:39:48.437 Disk 0 trace - called modules: 23:39:48.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 23:39:48.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af44ab8] 23:39:48.531 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-10[0x8af41d98] 23:39:49.687 AVAST engine scan C:\WINDOWS 23:40:11.218 AVAST engine scan C:\WINDOWS\system32 23:42:36.328 AVAST engine scan C:\WINDOWS\system32\drivers 23:42:59.890 AVAST engine scan C:\Documents and Settings\User 23:48:47.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat" 23:48:47.140 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"
  7. I read the post on Unhide.exe and I ran the program, it says it worked. I was unable to get to the aswMBR page, the link you gave did not work. Here is the log.txt from ESET: [email="[email protected]"][email protected][/email] as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=6a0dec90dd51bc45889abeb8b3c9d34d # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-12-15 07:13:26 # local_time=2011-12-15 02:13:26 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=5891 16776533 42 87 0 19856031 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=369234 # found=2 # cleaned=0 # scan_time=8446 C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eyycxugt.default\prefs.js Win32/Agent.RQD.Gen trojan (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eyycxugt.default\prefs.js.BAK
  8. 1. I uninstalled J2SE. 2. I had to manually unhide folders and restore my start menu and desktop icons. 3. I didn't have an "Advanced" option under LAN settings, but I did uncheck the box for "Use a proxy server..." 4. Here is the TDSSKiller log: 22:22:19.0972 8424 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31 22:22:20.0206 8424 ============================================================ 22:22:20.0206 8424 Current date / time: 2011/12/13 22:22:20.0206 22:22:20.0206 8424 SystemInfo: 22:22:20.0206 8424 22:22:20.0206 8424 OS Version: 5.1.2600 ServicePack: 3.0 22:22:20.0206 8424 Product type: Workstation 22:22:20.0206 8424 ComputerName: XPHOMEPC 22:22:20.0206 8424 UserName: User 22:22:20.0206 8424 Windows directory: C:\WINDOWS 22:22:20.0206 8424 System windows directory: C:\WINDOWS 22:22:20.0206 8424 Processor architecture: Intel x86 22:22:20.0206 8424 Number of processors: 2 22:22:20.0206 8424 Page size: 0x1000 22:22:20.0206 8424 Boot type: Normal boot 22:22:20.0206 8424 ============================================================ 22:22:22.0347 8424 Initialize success 22:22:48.0644 4172 ============================================================ 22:22:48.0644 4172 Scan started 22:22:48.0644 4172 Mode: Manual; 22:22:48.0644 4172 ============================================================ 22:22:49.0769 4172 Abiosdsk - ok 22:22:49.0784 4172 abp480n5 - ok 22:22:49.0847 4172 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 22:22:49.0847 4172 ACPI - ok 22:22:49.0863 4172 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 22:22:49.0863 4172 ACPIEC - ok 22:22:49.0909 4172 ADIHdAudAddService (ca8e9f1e8c74b99f90a7f6c7df3c2572) C:\WINDOWS\system32\drivers\ADIHdAud.sys 22:22:49.0909 4172 ADIHdAudAddService - ok 22:22:49.0925 4172 adpu160m - ok 22:22:49.0972 4172 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys 22:22:49.0972 4172 AEAudio - ok 22:22:49.0988 4172 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 22:22:49.0988 4172 aec - ok 22:22:50.0019 4172 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 22:22:50.0019 4172 AFD - ok 22:22:50.0019 4172 Aha154x - ok 22:22:50.0034 4172 aic78u2 - ok 22:22:50.0034 4172 aic78xx - ok 22:22:50.0050 4172 AliIde - ok 22:22:50.0050 4172 amsint - ok 22:22:50.0113 4172 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 22:22:50.0113 4172 Arp1394 - ok 22:22:50.0128 4172 asc - ok 22:22:50.0128 4172 asc3350p - ok 22:22:50.0128 4172 asc3550 - ok 22:22:50.0175 4172 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 22:22:50.0175 4172 AsyncMac - ok 22:22:50.0191 4172 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 22:22:50.0191 4172 atapi - ok 22:22:50.0191 4172 Atdisk - ok 22:22:50.0284 4172 ati2mtag (8e54c76db5d88bf8b4e82b37e1322671) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 22:22:50.0347 4172 ati2mtag - ok 22:22:50.0347 4172 AtiHdmiService (1e82f05cff41316bcaa513909d99a004) C:\WINDOWS\system32\drivers\AtiHdmi.sys 22:22:50.0363 4172 AtiHdmiService - ok 22:22:50.0378 4172 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 22:22:50.0378 4172 Atmarpc - ok 22:22:50.0425 4172 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 22:22:50.0425 4172 audstub - ok 22:22:50.0456 4172 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 22:22:50.0456 4172 Beep - ok 22:22:50.0503 4172 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys 22:22:50.0503 4172 BrScnUsb - ok 22:22:50.0519 4172 BrSerIf (26051d886f3333cb41857d6f52248de1) C:\WINDOWS\system32\Drivers\BrSerIf.sys 22:22:50.0519 4172 BrSerIf - ok 22:22:50.0519 4172 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys 22:22:50.0519 4172 BrUsbSer - ok 22:22:50.0644 4172 catchme - ok 22:22:50.0675 4172 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 22:22:50.0675 4172 cbidf2k - ok 22:22:50.0722 4172 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 22:22:50.0722 4172 CCDECODE - ok 22:22:50.0738 4172 cd20xrnt - ok 22:22:50.0769 4172 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 22:22:50.0769 4172 Cdaudio - ok 22:22:50.0784 4172 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 22:22:50.0784 4172 Cdfs - ok 22:22:50.0800 4172 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 22:22:50.0800 4172 Cdrom - ok 22:22:50.0800 4172 Changer - ok 22:22:50.0816 4172 CmdIde - ok 22:22:50.0831 4172 Cpqarray - ok 22:22:50.0831 4172 dac2w2k - ok 22:22:50.0847 4172 dac960nt - ok 22:22:50.0863 4172 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 22:22:50.0863 4172 Disk - ok 22:22:50.0894 4172 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 22:22:50.0909 4172 dmboot - ok 22:22:50.0925 4172 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 22:22:50.0925 4172 dmio - ok 22:22:50.0956 4172 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 22:22:50.0956 4172 dmload - ok 22:22:50.0988 4172 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 22:22:50.0988 4172 DMusic - ok 22:22:50.0988 4172 dpti2o - ok 22:22:51.0003 4172 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 22:22:51.0003 4172 drmkaud - ok 22:22:51.0034 4172 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\WINDOWS\system32\DRIVERS\e100b325.sys 22:22:51.0034 4172 E100B - ok 22:22:51.0081 4172 e1kexpress (90700eb149c8ee9fd8f61821e7d4b8fe) C:\WINDOWS\system32\DRIVERS\e1k5132.sys 22:22:51.0081 4172 e1kexpress - ok 22:22:51.0097 4172 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 22:22:51.0097 4172 Fastfat - ok 22:22:51.0128 4172 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 22:22:51.0128 4172 Fdc - ok 22:22:51.0144 4172 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 22:22:51.0144 4172 Fips - ok 22:22:51.0159 4172 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 22:22:51.0159 4172 Flpydisk - ok 22:22:51.0175 4172 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 22:22:51.0191 4172 FltMgr - ok 22:22:51.0191 4172 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 22:22:51.0191 4172 Fs_Rec - ok 22:22:51.0206 4172 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 22:22:51.0206 4172 Ftdisk - ok 22:22:51.0222 4172 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 22:22:51.0222 4172 GEARAspiWDM - ok 22:22:51.0222 4172 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 22:22:51.0222 4172 Gpc - ok 22:22:51.0238 4172 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 22:22:51.0238 4172 HDAudBus - ok 22:22:51.0253 4172 HECI (e4a123ad734a3731d29ebd3a01b3e535) C:\WINDOWS\system32\DRIVERS\HECI.sys 22:22:51.0253 4172 HECI - ok 22:22:51.0269 4172 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 22:22:51.0269 4172 hidusb - ok 22:22:51.0284 4172 hpn - ok 22:22:51.0316 4172 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 22:22:51.0316 4172 HTTP - ok 22:22:51.0331 4172 i2omgmt - ok 22:22:51.0331 4172 i2omp - ok 22:22:51.0347 4172 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 22:22:51.0347 4172 i8042prt - ok 22:22:51.0472 4172 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 22:22:51.0566 4172 ialm - ok 22:22:51.0581 4172 igfx - ok 22:22:51.0581 4172 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 22:22:51.0597 4172 Imapi - ok 22:22:51.0597 4172 ini910u - ok 22:22:51.0691 4172 IntcAzAudAddService (b1a809e7fe19becd5aca61f0e7088c8c) C:\WINDOWS\system32\drivers\RtkHDAud.sys 22:22:51.0753 4172 IntcAzAudAddService - ok 22:22:51.0753 4172 IntelIde - ok 22:22:51.0800 4172 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 22:22:51.0800 4172 intelppm - ok 22:22:51.0816 4172 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 22:22:51.0816 4172 Ip6Fw - ok 22:22:51.0847 4172 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 22:22:51.0847 4172 IpFilterDriver - ok 22:22:51.0863 4172 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 22:22:51.0863 4172 IpInIp - ok 22:22:51.0894 4172 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 22:22:51.0894 4172 IpNat - ok 22:22:51.0925 4172 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 22:22:51.0925 4172 IPSec - ok 22:22:51.0941 4172 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 22:22:51.0941 4172 IRENUM - ok 22:22:51.0988 4172 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 22:22:51.0988 4172 isapnp - ok 22:22:52.0003 4172 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 22:22:52.0003 4172 Kbdclass - ok 22:22:52.0050 4172 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 22:22:52.0050 4172 kbdhid - ok 22:22:52.0066 4172 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 22:22:52.0066 4172 kmixer - ok 22:22:52.0097 4172 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 22:22:52.0097 4172 KSecDD - ok 22:22:52.0144 4172 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys 22:22:52.0144 4172 Lbd - ok 22:22:52.0144 4172 lbrtfdc - ok 22:22:52.0222 4172 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 22:22:52.0222 4172 mnmdd - ok 22:22:52.0253 4172 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 22:22:52.0253 4172 Modem - ok 22:22:52.0253 4172 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 22:22:52.0253 4172 Mouclass - ok 22:22:52.0300 4172 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 22:22:52.0300 4172 mouhid - ok 22:22:52.0316 4172 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 22:22:52.0316 4172 MountMgr - ok 22:22:52.0363 4172 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 22:22:52.0363 4172 MpFilter - ok 22:22:52.0472 4172 MpKsl02585e95 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1894C3C0-CB99-4CBF-857A-D5FA9B8250C6}\MpKsl02585e95.sys 22:22:52.0472 4172 MpKsl02585e95 - ok 22:22:52.0488 4172 MpKslcb048975 - ok 22:22:52.0488 4172 mraid35x - ok 22:22:52.0503 4172 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 22:22:52.0503 4172 MRxDAV - ok 22:22:52.0550 4172 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 22:22:52.0550 4172 MRxSmb - ok 22:22:52.0566 4172 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 22:22:52.0566 4172 Msfs - ok 22:22:52.0581 4172 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 22:22:52.0581 4172 MSKSSRV - ok 22:22:52.0597 4172 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 22:22:52.0597 4172 MSPCLOCK - ok 22:22:52.0597 4172 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 22:22:52.0613 4172 MSPQM - ok 22:22:52.0628 4172 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 22:22:52.0628 4172 mssmbios - ok 22:22:52.0675 4172 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 22:22:52.0675 4172 MSTEE - ok 22:22:52.0706 4172 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 22:22:52.0706 4172 Mup - ok 22:22:52.0753 4172 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 22:22:52.0753 4172 NABTSFEC - ok 22:22:52.0769 4172 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 22:22:52.0769 4172 NDIS - ok 22:22:52.0784 4172 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 22:22:52.0784 4172 NdisIP - ok 22:22:52.0800 4172 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 22:22:52.0800 4172 NdisTapi - ok 22:22:52.0816 4172 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 22:22:52.0816 4172 Ndisuio - ok 22:22:52.0847 4172 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 22:22:52.0847 4172 NdisWan - ok 22:22:52.0878 4172 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 22:22:52.0878 4172 NDProxy - ok 22:22:52.0878 4172 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 22:22:52.0878 4172 NetBIOS - ok 22:22:52.0925 4172 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 22:22:52.0925 4172 NetBT - ok 22:22:52.0956 4172 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 22:22:52.0956 4172 NIC1394 - ok 22:22:52.0972 4172 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 22:22:52.0972 4172 Npfs - ok 22:22:52.0988 4172 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 22:22:52.0988 4172 Ntfs - ok 22:22:53.0050 4172 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 22:22:53.0050 4172 Null - ok 22:22:53.0097 4172 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 22:22:53.0097 4172 NwlnkFlt - ok 22:22:53.0097 4172 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 22:22:53.0097 4172 NwlnkFwd - ok 22:22:53.0175 4172 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 22:22:53.0175 4172 ohci1394 - ok 22:22:53.0206 4172 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 22:22:53.0206 4172 Parport - ok 22:22:53.0206 4172 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 22:22:53.0206 4172 PartMgr - ok 22:22:53.0238 4172 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 22:22:53.0238 4172 ParVdm - ok 22:22:53.0269 4172 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 22:22:53.0284 4172 PCI - ok 22:22:53.0284 4172 PCIDump - ok 22:22:53.0300 4172 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 22:22:53.0300 4172 PCIIde - ok 22:22:53.0363 4172 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 22:22:53.0363 4172 Pcmcia - ok 22:22:53.0394 4172 PD0620VID (4431f2fa27f56f4bc654b0af5810cc91) C:\WINDOWS\system32\DRIVERS\P0620Vid.sys 22:22:53.0409 4172 PD0620VID - ok 22:22:53.0409 4172 PDCOMP - ok 22:22:53.0409 4172 PDFRAME - ok 22:22:53.0425 4172 PDRELI - ok 22:22:53.0425 4172 PDRFRAME - ok 22:22:53.0441 4172 perc2 - ok 22:22:53.0441 4172 perc2hib - ok 22:22:53.0472 4172 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 22:22:53.0472 4172 PptpMiniport - ok 22:22:53.0472 4172 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 22:22:53.0488 4172 PSched - ok 22:22:53.0519 4172 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 22:22:53.0519 4172 Ptilink - ok 22:22:53.0534 4172 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 22:22:53.0534 4172 PxHelp20 - ok 22:22:53.0550 4172 ql1080 - ok 22:22:53.0550 4172 Ql10wnt - ok 22:22:53.0566 4172 ql12160 - ok 22:22:53.0581 4172 ql1240 - ok 22:22:53.0581 4172 ql1280 - ok 22:22:53.0613 4172 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 22:22:53.0613 4172 RasAcd - ok 22:22:53.0628 4172 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 22:22:53.0628 4172 Rasl2tp - ok 22:22:53.0628 4172 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 22:22:53.0628 4172 RasPppoe - ok 22:22:53.0644 4172 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 22:22:53.0644 4172 Raspti - ok 22:22:53.0675 4172 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 22:22:53.0675 4172 Rdbss - ok 22:22:53.0691 4172 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 22:22:53.0691 4172 RDPCDD - ok 22:22:53.0738 4172 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 22:22:53.0738 4172 RDPWD - ok 22:22:53.0738 4172 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 22:22:53.0738 4172 redbook - ok 22:22:53.0784 4172 RTL8023xp (760647db46457673f21b0c0b1ec78d02) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 22:22:53.0784 4172 RTL8023xp - ok 22:22:53.0816 4172 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 22:22:53.0816 4172 rtl8139 - ok 22:22:53.0847 4172 RTLE8023xp (cb9310a5a910648d359c99a857e22a54) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 22:22:53.0847 4172 RTLE8023xp - ok 22:22:53.0863 4172 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys 22:22:53.0863 4172 sbp2port - ok 22:22:53.0909 4172 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 22:22:53.0909 4172 Secdrv - ok 22:22:53.0972 4172 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys 22:22:53.0972 4172 SenFiltService - ok 22:22:53.0972 4172 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 22:22:53.0988 4172 serenum - ok 22:22:53.0988 4172 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 22:22:53.0988 4172 Serial - ok 22:22:54.0003 4172 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 22:22:54.0003 4172 Sfloppy - ok 22:22:54.0050 4172 sfng32 (5fe18fff6fbcf218290042009eab023d) C:\WINDOWS\system32\drivers\sfng32.sys 22:22:54.0050 4172 sfng32 - ok 22:22:54.0066 4172 Simbad - ok 22:22:54.0097 4172 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 22:22:54.0097 4172 SLIP - ok 22:22:54.0128 4172 SMBios (d72a21424ca66c7a745bd995eca6a710) C:\WINDOWS\system32\DRIVERS\SMBios.sys 22:22:54.0128 4172 SMBios - ok 22:22:54.0144 4172 Sparrow - ok 22:22:54.0144 4172 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 22:22:54.0144 4172 splitter - ok 22:22:54.0175 4172 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 22:22:54.0175 4172 sr - ok 22:22:54.0206 4172 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 22:22:54.0206 4172 Srv - ok 22:22:54.0269 4172 STHDA (237ccbfc82b4c98435461972597f29d5) C:\WINDOWS\system32\drivers\sthda.sys 22:22:54.0284 4172 STHDA - ok 22:22:54.0316 4172 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 22:22:54.0316 4172 streamip - ok 22:22:54.0347 4172 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 22:22:54.0347 4172 swenum - ok 22:22:54.0347 4172 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 22:22:54.0347 4172 swmidi - ok 22:22:54.0363 4172 symc810 - ok 22:22:54.0363 4172 symc8xx - ok 22:22:54.0378 4172 sym_hi - ok 22:22:54.0378 4172 sym_u3 - ok 22:22:54.0409 4172 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 22:22:54.0409 4172 sysaudio - ok 22:22:54.0456 4172 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 22:22:54.0456 4172 Tcpip - ok 22:22:54.0472 4172 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 22:22:54.0472 4172 TDPIPE - ok 22:22:54.0503 4172 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 22:22:54.0503 4172 TDTCP - ok 22:22:54.0503 4172 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 22:22:54.0519 4172 TermDD - ok 22:22:54.0519 4172 TosIde - ok 22:22:54.0566 4172 tpm (298572a7e0d5a63a90e134bb34ccaceb) C:\WINDOWS\system32\DRIVERS\tpm.sys 22:22:54.0566 4172 tpm - ok 22:22:54.0597 4172 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 22:22:54.0597 4172 Udfs - ok 22:22:54.0597 4172 ultra - ok 22:22:54.0659 4172 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 22:22:54.0659 4172 Update - ok 22:22:54.0706 4172 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 22:22:54.0706 4172 USBAAPL - ok 22:22:54.0753 4172 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 22:22:54.0753 4172 usbaudio - ok 22:22:54.0800 4172 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 22:22:54.0816 4172 usbccgp - ok 22:22:54.0847 4172 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 22:22:54.0847 4172 usbehci - ok 22:22:54.0847 4172 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 22:22:54.0847 4172 usbhub - ok 22:22:54.0878 4172 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 22:22:54.0878 4172 usbohci - ok 22:22:54.0894 4172 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 22:22:54.0894 4172 usbprint - ok 22:22:54.0909 4172 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 22:22:54.0909 4172 usbscan - ok 22:22:54.0925 4172 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:22:54.0925 4172 USBSTOR - ok 22:22:54.0925 4172 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 22:22:54.0925 4172 usbuhci - ok 22:22:54.0941 4172 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 22:22:54.0941 4172 VgaSave - ok 22:22:54.0941 4172 ViaIde - ok 22:22:54.0972 4172 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 22:22:54.0988 4172 VolSnap - ok 22:22:54.0988 4172 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 22:22:54.0988 4172 Wanarp - ok 22:22:55.0003 4172 WDICA - ok 22:22:55.0019 4172 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 22:22:55.0019 4172 wdmaud - ok 22:22:55.0081 4172 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 22:22:55.0097 4172 WSTCODEC - ok 22:22:55.0128 4172 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 22:22:55.0128 4172 WudfPf - ok 22:22:55.0144 4172 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 22:22:55.0144 4172 WudfRd - ok 22:22:55.0175 4172 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 22:22:55.0316 4172 \Device\Harddisk0\DR0 - ok 22:22:55.0331 4172 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 22:22:55.0425 4172 \Device\Harddisk1\DR1 - ok 22:22:55.0441 4172 MBR (0x1B8) (988d3c46cbd13ec7f482b833c55264c8) \Device\Harddisk2\DR4 22:22:55.0441 4172 \Device\Harddisk2\DR4 - ok 22:22:55.0441 4172 Boot (0x1200) (2637e8f6c67c73585319b8ad5670a570) \Device\Harddisk0\DR0\Partition0 22:22:55.0441 4172 \Device\Harddisk0\DR0\Partition0 - ok 22:22:55.0456 4172 Boot (0x1200) (5c42d30e85a53c110fe77534a9c2114c) \Device\Harddisk1\DR1\Partition0 22:22:55.0456 4172 \Device\Harddisk1\DR1\Partition0 - ok 22:22:55.0456 4172 Boot (0x1200) (fc07604c553408059dcc42fcf2250cbc) \Device\Harddisk2\DR4\Partition0 22:22:55.0456 4172 \Device\Harddisk2\DR4\Partition0 - ok 22:22:55.0456 4172 ============================================================ 22:22:55.0456 4172 Scan finished 22:22:55.0456 4172 ============================================================ 22:22:55.0472 8840 Detected object count: 0 22:22:55.0472 8840 Actual detected object count: 0
  9. The Combofix log: ComboFix 11-11-28.02 - User 11/28/2011 6:21.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3068.2327 [GMT -5:00] Running from: c:\paul\Stuff\From Sites\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\fMwpcjPgnBH.exe c:\documents and settings\All Users\Application Data\qUSTcS5IHSLWkM.exe c:\documents and settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk c:\documents and settings\User\Desktop\System Fix.lnk c:\documents and settings\User\Start Menu\Programs\System Fix c:\documents and settings\User\Start Menu\Programs\System Fix\System Fix.lnk c:\documents and settings\User\Start Menu\Programs\System Fix\Uninstall System Fix.lnk c:\program files\Shared c:\program files\Shared\lib.sig . . ((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 ))))))))))))))))))))))))))))))) . . 2011-11-28 11:04 . 2011-11-28 11:04 28752 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\MpKsl71ec75e4.sys 2011-11-28 11:01 . 2011-11-28 11:01 28752 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\MpKslcb048975.sys 2011-11-28 10:50 . 2011-11-28 10:50 28752 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\MpKsl11b2d597.sys 2011-11-28 10:49 . 2011-11-28 11:03 56200 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\offreg.dll 2011-11-28 10:49 . 2011-10-07 03:48 6668624 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-10 14:22 . 2006-02-01 17:42 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-07 03:48 . 2010-10-17 09:56 6668624 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll 2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\system32\dnssdX.dll 2004-10-01 20:00 . 2006-02-01 19:15 40960 ----a-w- c:\program files\Uninstall_CDS.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "Steam"="c:\program files\Steam\Steam.exe" [2011-08-08 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="sttray.exe" [2007-01-18 303104] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664] "RTHDCPL"="RTHDCPL.EXE" [2008-01-16 16384512] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-14 1040384] "SetDefPrt"="c:\program files\Brother\Brmfl04b\BrStDvPt.exe" [2010-08-19 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-21 274608] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2009-10-27 815104] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2008-01-16 01:10 69632 ------r- c:\windows\Alcmtr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2008-01-16 01:10 16384512 ------r- c:\windows\RTHDCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2005-11-10 18:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "igndlm.exe"=c:\program files\Download Manager\DLM.exe /windowsstart /startifwork "ctfmon.exe"=c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" "PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC "PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName "MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 "ControlCenter2.0"=c:\program files\Brother\ControlCenter2\brctrcen.exe /autorun . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"= "c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R1 MpKsl11b2d597;MpKsl11b2d597;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\MpKsl11b2d597.sys [11/28/2011 5:50 AM 28752] R1 MpKsl71ec75e4;MpKsl71ec75e4;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\MpKsl71ec75e4.sys [11/28/2011 6:04 AM 28752] R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [10/20/2009 2:31 AM 149600] S1 MpKslcb048975;MpKslcb048975;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\MpKslcb048975.sys [11/28/2011 6:01 AM 28752] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/27/2011 4:31 PM 136176] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [12/15/2010 10:23 PM 94880] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/27/2011 4:31 PM 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232] S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 7:00 AM 14336] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL71EC75E4 . Contents of the 'Scheduled Tasks' folder . 2011-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2011-11-28 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-13 04:52] . 2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-27 21:31] . 2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-27 21:31] . 2011-11-28 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39] . 2011-11-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3848946577-2371322978-3439528459-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33] . 2011-11-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3848946577-2371322978-3439528459-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm TCP: DhcpNameServer = 64.71.255.198 FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\eyycxugt.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 50370 FF - prefs.js: network.proxy.type - 1 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - . HKLM-Run-fMwpcjPgnBH.exe - c:\documents and settings\All Users\Application Data\fMwpcjPgnBH.exe MSConfigStartUp-Microsoft Location Finder - c:\program files\Microsoft Location Finder\LocationFinder.exe MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe MSConfigStartUp-RemoteControl - c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe AddRemove-vghd - c:\documents and settings\User\Start Menu\Programs\VirtuaGirl\uninstall.lnk . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2011-11-28 06:26 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . c:\docume~1\User\LOCALS~1\Temp\catchme.dll 53248 bytes executable . scan completed successfully hidden files: 1 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3848946577-2371322978-3439528459-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:69,49,e2,b9,30,c2,df,fa,bb,0d,6f,eb,43,56,fd,70,fa,d1,16,ac,cb,1c,a3, b0,f4,56,0c,93,c2,57,17,ef,3e,9f,cc,ab,5f,b8,27,57,b5,66,ee,f6,71,57,2b,fa,\ "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d . [HKEY_USERS\S-1-5-21-3848946577-2371322978-3439528459-1004\Software\SecuROM\License information*] "datasecu"=hex:ef,0b,23,59,e1,bc,4f,af,8f,16,99,14,b0,5d,93,23,08,2a,fa,1c,29, 13,af,20,b7,e3,b2,a6,35,57,84,d3,f4,6f,5b,32,c1,dd,cc,5d,a8,25,6c,03,05,7b,\ "rkeysecu"=hex:8a,08,2b,5b,b4,d9,0a,0c,f7,53,19,a6,13,7f,4f,13 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(696) c:\windows\system32\Ati2evxx.dll c:\windows\system32\COMRes.dll . Completion time: 2011-11-28 06:28:46 ComboFix-quarantined-files.txt 2011-11-28 11:28 . Pre-Run: 22,214,918,144 bytes free Post-Run: 30,022,045,696 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 6CED48A75995DE7B9DFE7DB14DB9FC21
  10. The Extras.txt log: OTL Extras logfile created on: 12/13/2011 3:53:54 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 71.16% Memory free 4.25 Gb Paging File | 3.65 Gb Available in Paging File | 85.94% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.76 Gb Total Space | 25.16 Gb Free Space | 5.40% Space Free | Partition Type: NTFS Drive E: | 232.88 Gb Total Space | 32.93 Gb Free Space | 14.14% Space Free | Partition Type: NTFS Drive F: | 931.51 Gb Total Space | 579.18 Gb Free Space | 62.18% Space Free | Partition Type: NTFS Computer Name: XPHOMEPC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe" = C:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm) -- (Electronic Arts Inc.) "C:\Program Files\EA GAMES\MOHAA\MOHAA.exe" = C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault -- (Electronic Arts Inc.) "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{0BA9CAC3-5131-4E59-B2AB-B765E876AAA2}" = Brother MFL-Pro Suite "{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault "{107254A0-0ADF-11D4-9397-00D0B7020B38}" = "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3 "{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm) "{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image Standard 2006 Editor "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image Standard 2006 Library "{6A604678-4B8E-4E76-B50E-EC25E42B09E5}" = ZIP RAR ACE Password Recovery "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{77C84C38-E592-4A33-AB99-FA524120452F}" = Ad-Aware "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{998F2DE0-3128-43B7-9A1C-D85A339659A9}" = oRipa MSN Webcam Recorder2.0.1 "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3 "{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{EF3E420F-2DCF-4C24-8E37-896801901033}" = Nero 7 Essentials "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Advanced RAR Password Recovery" = Advanced RAR Password Recovery (remove only) "ATI Display Driver" = ATI Display Driver "CAL" = Canon Camera Access Library "CameraUserGuide-PSA1100IS" = Canon PowerShot A1100 IS Camera User Guide "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "Canon MP560 series User Registration" = Canon MP560 series User Registration "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "Creative PD0620" = Creative WebCam Instant Driver (1.01.02.0729) "Creative WebCam Center" = Creative WebCam Center "Creative WebCam Instant User's Guide English" = Creative WebCam Instant User's Guide (English) "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Download Manager" = Download Manager 2.3.10 "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "ft_Transport Tycoon Deluxe" = Transport Tycoon Deluxe "Get Yahoo! Messenger" = Get Yahoo! Messenger "GetRight_is1" = GetRight "Google Chrome" = Google Chrome "Google Updater" = Google Updater "HDMI" = Intel(R) Graphics Media Accelerator Driver "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Client" = Microsoft Security Essentials "Money2006b" = Microsoft Money 2006 "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9) "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MyCamera" = Canon Utilities MyCamera "MyCameraDC" = Canon Utilities MyCamera DC "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Personal Printing Guide" = Canon Personal Printing Guide "PhotoStitch" = Canon Utilities PhotoStitch "PictureItPrem_v11" = Microsoft Digital Image Standard 2006 "PROSet" = Intel(R) Network Connections Drivers "RAR Password Cracker" = RAR Password Cracker 4.12 "RealPlayer 15.0" = RealPlayer "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide "Steam App 10" = Counter-Strike "Steam App 211" = Source SDK "Steam App 215" = Source SDK Base "Steam App 220" = Half-Life 2 "Steam App 320" = Half-Life 2: Deathmatch "Steam App 380" = Half-Life 2: Episode One "Steam App 400" = Portal "Steam App 420" = Half-Life 2: Episode Two "Steam App 440" = Team Fortress 2 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Xvid_is1" = Xvid 1.2.2 final uninstall "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "VirtuaGirl_is1" = VirtuaGirl version 1.0.6.99 [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 12/7/2011 12:54:54 AM | Computer Name = XPHOMEPC | Source = Application Error | ID = 1000 Description = Faulting application acrord32.exe, version 9.4.6.252, faulting module msvcr80.dll, version 8.0.50727.6195, fault address 0x000046b4. Error - 12/9/2011 12:24:10 AM | Computer Name = XPHOMEPC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x03a953d2. Error - 12/9/2011 12:24:50 AM | Computer Name = XPHOMEPC | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/9/2011 8:15:03 PM | Computer Name = XPHOMEPC | Source = Application Error | ID = 1000 Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x6034a064. Error - 12/11/2011 3:57:04 AM | Computer Name = XPHOMEPC | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 3.0.8402.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 12/11/2011 1:44:12 PM | Computer Name = XPHOMEPC | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module divxdech264.ax, version 8.2.0.26, fault address 0x00036163. Error - 12/11/2011 1:46:29 PM | Computer Name = XPHOMEPC | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module divxdech264.ax, version 8.2.0.26, fault address 0x00036163. Error - 12/11/2011 1:46:56 PM | Computer Name = XPHOMEPC | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module divxdech264.ax, version 8.2.0.26, fault address 0x00036163. Error - 12/11/2011 7:47:37 PM | Computer Name = XPHOMEPC | Source = Application Error | ID = 1000 Description = Faulting application acrord32.exe, version 9.4.6.252, faulting module msvcr80.dll, version 8.0.50727.6195, fault address 0x000046b4. Error - 12/11/2011 8:03:57 PM | Computer Name = XPHOMEPC | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module divxdech264.ax, version 8.2.0.26, fault address 0x00036163. [ System Events ] Error - 12/11/2011 1:19:46 PM | Computer Name = XPHOMEPC | Source = DCOM | ID = 10010 Description = The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register with DCOM within the required timeout. Error - 12/11/2011 1:44:42 PM | Computer Name = XPHOMEPC | Source = DCOM | ID = 10010 Description = The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register with DCOM within the required timeout. Error - 12/11/2011 8:02:26 PM | Computer Name = XPHOMEPC | Source = DCOM | ID = 10010 Description = The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register with DCOM within the required timeout. Error - 12/11/2011 9:41:35 PM | Computer Name = XPHOMEPC | Source = Service Control Manager | ID = 7031 Description = The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 12/11/2011 9:41:43 PM | Computer Name = XPHOMEPC | Source = Service Control Manager | ID = 7034 Description = The iPod Service service terminated unexpectedly. It has done this 1 time(s). Error - 12/11/2011 9:47:14 PM | Computer Name = XPHOMEPC | Source = Service Control Manager | ID = 7031 Description = The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 12/11/2011 10:02:57 PM | Computer Name = XPHOMEPC | Source = DCOM | ID = 10010 Description = The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register with DCOM within the required timeout. Error - 12/11/2011 10:09:00 PM | Computer Name = XPHOMEPC | Source = Service Control Manager | ID = 7031 Description = The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 12/12/2011 9:16:40 AM | Computer Name = XPHOMEPC | Source = DCOM | ID = 10010 Description = The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register with DCOM within the required timeout. Error - 12/13/2011 2:31:32 AM | Computer Name = XPHOMEPC | Source = Microsoft Antimalware | ID = 1014 Description = %%860 has encountered an error trying to remove history of malware and other potentially unwanted software. Time: ?11/?13/?2011 1:31:32 AM User: NT AUTHORITY\SYSTEM Error Code: 0x80070005 Error description: Access is denied. < End of report >
  11. The OTL Log: OTL logfile created on: 12/13/2011 3:53:54 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 71.16% Memory free 4.25 Gb Paging File | 3.65 Gb Available in Paging File | 85.94% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.76 Gb Total Space | 25.16 Gb Free Space | 5.40% Space Free | Partition Type: NTFS Drive E: | 232.88 Gb Total Space | 32.93 Gb Free Space | 14.14% Space Free | Partition Type: NTFS Drive F: | 931.51 Gb Total Space | 579.18 Gb Free Space | 62.18% Space Free | Partition Type: NTFS Computer Name: XPHOMEPC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) PRC - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Real\realplayer\Update\realsched.exe (RealNetworks, Inc.) PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll () MOD - C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll () MOD - C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\WINDOWS\system32\devenum.dll () [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (AppMgmt) -- File not found SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.) SRV - (brmfrmps) -- C:\WINDOWS\System32\Brmfrmps.exe (Brother Industries, Ltd.) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (MpKsl02585e95) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1894C3C0-CB99-4CBF-857A-D5FA9B8250C6}\MpKsl02585e95.sys (Microsoft Corporation) DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.) DRV - (e1kexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1k5132.sys (Intel Corporation) DRV - (tpm) -- C:\WINDOWS\system32\drivers\tpm.sys (Intel Corporation) DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (sfng32) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc) DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (PD0620VID) -- C:\WINDOWS\system32\drivers\P0620Vid.sys (Creative Technology Ltd.) DRV - (SMBios) Intel (R) -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.com/"]http://www.google.com/[/url] IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Secure Search" FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..keyword.URL: "[url="http://search.yahoo.com/search?fr=mcafee&p"]http://search.yahoo.com/search?fr=mcafee&p[/url]=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 50370 FF - prefs.js..network.proxy.type: 1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/23 14:49:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/10 15:01:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/10 15:01:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/10 15:01:35 | 000,000,000 | ---D | M] [2009/10/24 05:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions [2011/11/19 16:47:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eyycxugt.default\extensions [2010/01/07 15:35:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eyycxugt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/11/19 16:47:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/11/08 21:19:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011/12/10 15:01:19 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011/11/23 14:49:39 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2011/11/25 23:36:09 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [color=#E56717]========== Chrome ==========[/color] CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\ O1 HOSTS File: ([2011/11/28 06:26:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe (Brother Industories, Ltd.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\sttray.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm () O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} [url="http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab"]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab[/url] (CDownloadCtrl Object) O16 - DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} [url="http://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB"]http://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB[/url] (CTAdjust Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab"]http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[/url] (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab"]http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[/url] (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab"]http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[/url] (Java Plug-in 1.5.0_06) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url] (Shockwave Flash Object) O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} [url="http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab"]http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab[/url] (CTAdjust Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url] (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7D8B73F-953C-4EA5-88F0-F60B146891A1}: DhcpNameServer = 64.71.255.198 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/02/01 12:45:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005/12/18 12:26:53 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/12/11 12:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Skypehist [2011/12/11 01:32:10 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2011/12/11 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2011/12/11 01:30:15 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2011/12/11 01:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2011/12/11 01:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft [2011/12/11 01:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2011/12/11 01:27:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe [2011/12/10 15:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2011/12/10 15:01:10 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2011/12/10 15:01:03 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2011/12/10 15:01:03 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2011/12/10 15:01:02 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2011/12/10 15:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real [2011/12/10 14:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Real [2011/12/10 14:41:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel [2011/11/29 01:06:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011/11/28 06:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\New Folder [2011/11/28 06:28:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2011/11/28 06:18:19 | 000,000,000 | RHSD | C] -- C:\cmdcons [2011/11/28 06:16:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011/11/28 06:16:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011/11/28 06:16:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011/11/28 06:16:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011/11/28 06:16:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/11/28 06:15:36 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/11/28 06:15:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Administrative Tools [2011/11/28 06:14:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/12/13 15:53:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011/12/13 15:50:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/12/13 14:50:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/12/12 00:33:18 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011/12/11 21:40:26 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2011/12/11 21:04:07 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011/12/11 12:46:25 | 000,142,336 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/11 08:17:02 | 000,000,672 | -H-- | M] () -- C:\aaw7boot.cmd [2011/12/11 02:08:04 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/12/11 01:51:47 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2011/12/11 01:32:10 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2011/12/11 01:32:09 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2011/12/11 01:30:18 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2011/12/11 01:27:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe [2011/12/11 01:21:09 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3848946577-2371322978-3439528459-1004.job [2011/12/11 01:20:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/12/11 01:20:58 | 000,167,952 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2011/12/10 15:01:31 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2011/12/10 15:01:10 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2011/12/10 15:01:03 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2011/12/10 15:01:03 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2011/12/10 15:01:02 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2011/12/10 14:41:39 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3848946577-2371322978-3439528459-1004.job [2011/12/10 14:40:35 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/12/10 14:34:43 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/12/08 21:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/12/02 21:57:02 | 000,016,958 | ---- | M] () -- C:\Documents and Settings\User\Desktop\303065_980052305768_60715446_40881510_669875230_n.jpg [2011/12/02 07:49:14 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2011/11/28 06:26:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/11/28 06:18:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2011/11/28 06:08:22 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkM [2011/11/28 06:08:22 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkMr [2011/11/28 06:04:30 | 000,000,408 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\qUSTcS5IHSLWkM [2011/11/21 05:45:29 | 000,001,104 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2011/11/21 05:43:38 | 000,000,007 | ---- | M] () -- C:\WINDOWS\treeskp.sys [2011/11/21 05:43:38 | 000,000,007 | ---- | M] () -- C:\WINDOWS\sbacknt.bin [2011/11/14 14:53:33 | 000,199,680 | R--- | M] () -- C:\Documents and Settings\User\Desktop\Backup of paul667UpgradeResume.wbk [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/12/11 08:17:02 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2011/12/11 08:17:02 | 000,000,672 | -H-- | C] () -- C:\aaw7boot.cmd [2011/12/11 01:30:24 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011/12/11 01:30:18 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2011/12/10 15:01:31 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2011/12/10 14:40:35 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/12/02 21:57:08 | 000,016,958 | ---- | C] () -- C:\Documents and Settings\User\Desktop\303065_980052305768_60715446_40881510_669875230_n.jpg [2011/11/28 06:23:44 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk [2011/11/28 06:23:44 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk [2011/11/28 06:23:44 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2011/11/28 06:23:32 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk [2011/11/28 06:23:31 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk [2011/11/28 06:23:31 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk [2011/11/28 06:23:31 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk [2011/11/28 06:23:31 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk [2011/11/28 06:23:31 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk [2011/11/28 06:23:31 | 000,001,004 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money 2006.lnk [2011/11/28 06:23:30 | 000,002,379 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk [2011/11/28 06:23:30 | 000,002,361 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk [2011/11/28 06:23:30 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2011/11/28 06:23:30 | 000,002,030 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZIP RAR ACE Password Recovery.lnk [2011/11/28 06:23:30 | 000,001,620 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/11/28 06:23:30 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2011/11/28 06:23:30 | 000,001,083 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Command & Conquer 3 Kane's Wrath.lnk [2011/11/28 06:23:30 | 000,000,981 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2011/11/28 06:23:30 | 000,000,975 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Command & Conquer 3 Tiberium Wars.lnk [2011/11/28 06:23:30 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk [2011/11/28 06:23:30 | 000,000,815 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/11/28 06:23:30 | 000,000,800 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2011/11/28 06:23:30 | 000,000,079 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2011/11/28 06:23:29 | 000,002,010 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative WebCam Center.lnk [2011/11/28 06:23:29 | 000,001,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative Product Registration.lnk [2011/11/28 06:23:29 | 000,001,967 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP560 series On-screen Manual.lnk [2011/11/28 06:23:29 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2011/11/28 06:23:29 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Medal of Honor Pacific Assault(tm).lnk [2011/11/28 06:23:29 | 000,001,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Command & Conquer™ Red Alert™ 3.lnk [2011/11/28 06:23:29 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 3.0.lnk [2011/11/28 06:23:29 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk [2011/11/28 06:23:29 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2011/11/28 06:23:29 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Works.lnk [2011/11/28 06:23:29 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP560 series User Registration.LNK [2011/11/28 06:23:29 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk [2011/11/28 06:23:29 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon My Printer.lnk [2011/11/28 06:23:29 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk [2011/11/28 06:23:29 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2011/11/28 06:23:29 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Medal of Honor Allied Assault.lnk [2011/11/28 06:23:29 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2011/11/28 06:23:29 | 000,001,496 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GetRight.lnk [2011/11/28 06:23:29 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk [2011/11/28 06:23:29 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk [2011/11/28 06:23:29 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Download Manager.lnk [2011/11/28 06:18:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2011/11/28 06:18:22 | 000,260,272 | RHS- | C] () -- C:\cmldr [2011/11/28 06:16:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/11/28 06:16:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/11/28 06:16:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/11/28 06:16:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/11/28 06:16:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/11/28 06:08:22 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkMr [2011/11/28 06:08:21 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkM [2011/11/28 06:04:09 | 000,000,408 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\qUSTcS5IHSLWkM [2011/08/01 15:47:27 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2011/08/01 15:47:27 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini [2010/09/15 03:44:49 | 000,000,007 | ---- | C] () -- C:\WINDOWS\treeskp.sys [2010/09/15 03:44:49 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin [2010/02/09 04:19:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\UniFISH.exe [2009/12/18 04:47:54 | 000,000,898 | ---- | C] () -- C:\WINDOWS\ARPR.INI [2009/11/18 18:04:18 | 000,000,078 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009/10/29 04:27:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini [2009/10/27 04:40:53 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2009/10/27 04:40:28 | 000,000,419 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2009/10/27 04:40:28 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2009/10/27 04:40:28 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2009/10/27 04:40:28 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009/10/27 04:40:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat [2009/10/27 04:40:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2009/10/24 05:29:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/10/23 17:18:36 | 000,071,760 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009/10/20 01:44:58 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/10/20 01:44:58 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/10/20 01:42:45 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009/10/20 01:03:42 | 000,142,336 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/19 18:57:27 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\User\Application Data\wklnhst.dat [2009/10/19 14:41:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2009/10/19 14:41:16 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2009/10/19 14:41:15 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2009/10/08 23:57:57 | 000,417,344 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin [2009/10/08 23:57:56 | 000,982,192 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin [2009/10/08 23:54:54 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2009/04/03 14:09:26 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll [2009/02/18 12:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe [2009/02/03 15:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe [2006/02/01 15:04:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/02/01 14:29:45 | 000,000,526 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006/02/01 14:28:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/02/01 14:15:41 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe [2006/02/01 13:25:05 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2006/02/01 13:22:44 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2006/02/01 13:22:39 | 000,188,348 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2006/02/01 12:48:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006/02/01 12:42:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006/02/01 04:32:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006/02/01 04:29:29 | 000,332,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/04 07:00:00 | 000,444,794 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/04 07:00:00 | 000,072,544 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [color=#E56717]========== LOP Check ==========[/color] [2011/01/04 17:22:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2011/08/01 15:47:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV [2011/03/16 21:49:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan [2010/08/07 14:13:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/10/19 16:21:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2011/03/16 21:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon [2011/01/04 17:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon Easy-WebPrint EX [2009/11/25 18:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Command & Conquer 3 Kane's Wrath [2009/11/04 20:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Command & Conquer 3 Tiberium Wars [2011/01/28 04:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GetRight [2010/04/17 03:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Red Alert 3 [2010/04/04 13:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Red Alert 3 Demo [2009/11/05 00:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Template [2009/12/19 07:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ZIP RAR ACE Password Recovery [2011/12/12 00:33:18 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2011/12/11 02:08:04 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2011/01/25 09:20:52 | 000,021,504 | ---- | M] ()(C:\Documents and Settings\User\My Documents\???? ??????.doc) -- C:\Documents and Settings\User\My Documents\День ангела.doc [2011/01/19 14:57:07 | 000,025,600 | ---- | M] ()(C:\Documents and Settings\User\My Documents\??.doc) -- C:\Documents and Settings\User\My Documents\мы.doc [2011/01/15 18:12:54 | 000,021,504 | ---- | C] ()(C:\Documents and Settings\User\My Documents\???? ??????.doc) -- C:\Documents and Settings\User\My Documents\День ангела.doc [2010/12/28 23:23:49 | 000,025,600 | ---- | C] ()(C:\Documents and Settings\User\My Documents\??.doc) -- C:\Documents and Settings\User\My Documents\мы.doc [2010/07/12 12:22:55 | 000,022,528 | ---- | M] ()(C:\Documents and Settings\User\My Documents\??????????? ????.doc) -- C:\Documents and Settings\User\My Documents\могократная виза.doc [2010/07/09 19:41:26 | 000,022,528 | ---- | C] ()(C:\Documents and Settings\User\My Documents\??????????? ????.doc) -- C:\Documents and Settings\User\My Documents\могократная виза.doc < End of report >
  12. Sorry, here is the Ad-Aware log: Logfile created: 12/11/2011 01:33:06 Ad-Aware version: 9.6.0 Extended engine: 3 Extended engine version: 3.1.2770 User performing scan: User *********************** Definitions database information *********************** Lavasoft definition file: 150.646 Genotype definition file version: 2011/09/21 13:56:01 Extended engine definition file: 11233.0 ******************************** Scan results: ********************************* Scan profile name: Full Scan (ID: full) Objects scanned: 437230 Objects detected: 42 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 3 Folders.........: 0 LSPs............: 0 Cookies.........: 39 Browser hijacks.: 0 MRU objects.....: 0 Removed items: Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0 Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0 Description: *adbureau* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409027 Family ID: 0 Description: *insightexpressai* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409259 Family ID: 0 Description: *pointroll* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408826 Family ID: 0 Description: *gator* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408861 Family ID: 0 Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0 Description: *ads.pointroll* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408927 Family ID: 0 Description: *mrskin* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409189 Family ID: 0 Description: *pro-market* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408823 Family ID: 0 Description: *247realmedia* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408945 Family ID: 0 Description: *realmedia* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409139 Family ID: 0 Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0 Description: *adbrite* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409218 Family ID: 0 Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0 Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0 Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0 Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0 Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0 Description: *.bridgetrack* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409095 Family ID: 0 Description: *clickz* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408888 Family ID: 0 Description: *kontera* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409363 Family ID: 0 Description: *partypoker* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409141 Family ID: 0 Description: *questionmarket* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408819 Family ID: 0 Description: *rambler* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408818 Family ID: 0 Description: *rotator.adjuggler* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409135 Family ID: 0 Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0 Description: *tacoda* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409123 Family ID: 0 Description: *tribalfusion* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408785 Family ID: 0 Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0 Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0 Description: *adbureau* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409027 Family ID: 0 Description: *partypoker* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409141 Family ID: 0 Description: *kontera* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409363 Family ID: 0 Description: *webpower* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409354 Family ID: 0 Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0 Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0 Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0 Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0 Quarantined items: Description: c:\documents and settings\user\application data\sun\java\deployment\cache\javapi\v1.0\jar\field.jar-4b7a49e1-3494cc85.zip::json/parser.class Family Name: Trojan.Java.Blacole.a (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: Description: e:\documents and settings\paul\local settings\temporary internet files\content.ie5\jrvpjnec\animated_favicon1[1].htm Family Name: Trojan-Downloader.JS.Gumblar.w (v) Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5: 9f2ff1ebba941a78fe09f5fe4c230afa Description: e:\system volume information\_restore{9c35f2cb-3c94-4996-b38e-d25671c88286}\rp258\a0083238.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 3 Family ID: 0 MD5: 334ee328da36cc99e4e6fac69dc62a8f Scan and cleaning complete: Finished correctly after 24224 seconds *********************************** Settings *********************************** Scan profile: ID: full, enabled:1, value: Full Scan ID: folderstoscan, enabled:1, value: C:\,E:\,F:\ ID: useantivirus, enabled:1, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: true ID: scanhostsfile, enabled:1, value: true ID: scanmru, enabled:1, value: true ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: true ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: true Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: N/A Scheduled scan settings: <Empty> Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:1, value: Daily 1 ID: time, enabled:1, value: Sun Dec 11 01:30:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily2, enabled:1, value: Daily 2 ID: time, enabled:1, value: Sun Dec 11 07:30:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily3, enabled:1, value: Daily 3 ID: time, enabled:1, value: Sun Dec 11 13:30:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily4, enabled:1, value: Daily 4 ID: time, enabled:1, value: Sun Dec 11 19:30:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Sun Dec 11 01:30:00 2011 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: true ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: true ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: autoentertainmentmode, enabled:1, value: true ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language Realtime protection settings: ID: realtime, enabled:1 ID: layers, enabled:1 ID: useantivirus, enabled:1, value: true ID: usespywareheuristics, enabled:1, value: true ID: maintainbackup, enabled:1, value: true ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ID: modules, enabled:1 ID: processprotection, enabled:1, value: true ID: onaccessprotection, enabled:1, value: true ID: registryprotection, enabled:1, value: true ID: networkprotection, enabled:1, value: true ****************************** System information ****************************** Computer name: XPHOMEPC Processor name: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz Processor identifier: x86 Family 6 Model 23 Stepping 10 Processor speed: ~2500MHZ Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 5898, number of processors 2, processor features: [MMX,SSE,SSE2] Physical memory available: 2123194368 bytes Physical memory total: 3216564224 bytes Virtual memory available: 1899130880 bytes Virtual memory total: 2147352576 bytes Memory load: 33% Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Windows startup mode: Running processes: PID: 600 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 672 name: C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 704 name: C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 748 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 760 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 932 name: C:\WINDOWS\system32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY PID: 952 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1016 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1120 name: C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe owner: SYSTEM domain: NT AUTHORITY PID: 1156 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1276 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1364 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1496 name: C:\WINDOWS\system32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY PID: 1620 name: C:\WINDOWS\system32\brsvc01a.exe owner: SYSTEM domain: NT AUTHORITY PID: 1636 name: C:\WINDOWS\system32\brss01a.exe owner: SYSTEM domain: NT AUTHORITY PID: 1644 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY PID: 1108 name: C:\WINDOWS\Explorer.EXE owner: User domain: XPHOMEPC PID: 804 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1716 name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1780 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY PID: 1820 name: C:\WINDOWS\system32\Brmfrmps.exe owner: SYSTEM domain: NT AUTHORITY PID: 388 name: c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe owner: SYSTEM domain: NT AUTHORITY PID: 1388 name: C:\Program Files\CyberLink\Shared Files\RichVideo.exe owner: SYSTEM domain: NT AUTHORITY PID: 1732 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 144 name: C:\Program Files\Analog Devices\Core\smax4pnp.exe owner: User domain: XPHOMEPC PID: 164 name: C:\Program Files\Microsoft Security Client\msseces.exe owner: User domain: XPHOMEPC PID: 660 name: C:\Program Files\iTunes\iTunesHelper.exe owner: User domain: XPHOMEPC PID: 364 name: C:\Program Files\Real\RealPlayer\update\realsched.exe owner: User domain: XPHOMEPC PID: 968 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: User domain: XPHOMEPC PID: 1832 name: C:\Program Files\Canon\CAL\CALMAIN.exe owner: SYSTEM domain: NT AUTHORITY PID: 2060 name: C:\Program Files\Windows Live\Messenger\msnmsgr.exe owner: User domain: XPHOMEPC PID: 2284 name: C:\WINDOWS\system32\ctfmon.exe owner: User domain: XPHOMEPC PID: 2692 name: C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe owner: User domain: XPHOMEPC PID: 3368 name: C:\WINDOWS\system32\rundll32.exe owner: User domain: XPHOMEPC PID: 3412 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY PID: 3756 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1720 name: C:\Program Files\Windows Live\Contacts\wlcomm.exe owner: User domain: XPHOMEPC PID: 128 name: C:\Program Files\Internet Explorer\IEXPLORE.EXE owner: User domain: XPHOMEPC PID: 664 name: C:\Program Files\Internet Explorer\IEXPLORE.EXE owner: User domain: XPHOMEPC PID: 580 name: C:\Program Files\Internet Explorer\IEXPLORE.EXE owner: User domain: XPHOMEPC PID: 3008 name: C:\Program Files\Internet Explorer\IEXPLORE.EXE owner: User domain: XPHOMEPC PID: 2688 name: C:\WINDOWS\system32\msiexec.exe owner: SYSTEM domain: NT AUTHORITY PID: 4064 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY PID: 2196 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 640 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: User domain: XPHOMEPC PID: 3348 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 3768 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY PID: 2672 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: User domain: XPHOMEPC PID: 1392 name: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe owner: SYSTEM domain: NT AUTHORITY Startup items: Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Browseui preloader Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: DWQueuedReporting imagepath: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} Name: WPDShServiceObj imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Name: SigmatelSysTrayApp imagepath: sttray.exe Name: NeroFilterCheck imagepath: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe Name: RTHDCPL imagepath: RTHDCPL.EXE Name: IgfxTray imagepath: C:\WINDOWS\system32\igfxtray.exe Name: HotKeysCmds imagepath: C:\WINDOWS\system32\hkcmd.exe Name: Persistence imagepath: C:\WINDOWS\system32\igfxpers.exe Name: SoundMAXPnP imagepath: C:\Program Files\Analog Devices\Core\smax4pnp.exe Name: SetDefPrt imagepath: C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe Name: Adobe Reader Speed Launcher imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" Name: Adobe ARM imagepath: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Name: CanonMyPrinter imagepath: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon Name: CanonSolutionMenu imagepath: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon Name: MSC imagepath: "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey Name: AppleSyncNotifier imagepath: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe Name: APSDaemon imagepath: "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" Name: QuickTime Task imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime Name: iTunesHelper imagepath: "C:\Program Files\iTunes\iTunesHelper.exe" Name: TkBellExe imagepath: "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk imagepath: C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk imagepath: C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk imagepath: C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe Name: imagepath: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini Bootexecute items: Name: imagepath: autocheck autochk * Running services: Name: Alerter displayname: Alerter Name: ALG displayname: Application Layer Gateway Service Name: Apple Mobile Device displayname: Apple Mobile Device Name: Ati HotKey Poller displayname: Ati HotKey Poller Name: AudioSrv displayname: Windows Audio Name: BITS displayname: Background Intelligent Transfer Service Name: Bonjour Service displayname: Bonjour Service Name: brmfrmps displayname: Brother Popup Suspend service for Resource manager Name: Brother XP spl Service displayname: BrSplService Name: CCALib8 displayname: Canon Camera Access Library 8 Name: CryptSvc displayname: CryptSvc Name: DcomLaunch displayname: DCOM Server Process Launcher Name: Dhcp displayname: DHCP Client Name: Dnscache displayname: DNS Client Name: ERSvc displayname: Error Reporting Service Name: Eventlog displayname: Event Log Name: EventSystem displayname: COM+ Event System Name: FastUserSwitchingCompatibility displayname: Fast User Switching Compatibility Name: gusvc displayname: Google Software Updater Name: helpsvc displayname: Help and Support Name: HidServ displayname: HID Input Service Name: iPod Service displayname: iPod Service Name: lanmanserver displayname: Server Name: lanmanworkstation displayname: Workstation Name: LmHosts displayname: TCP/IP NetBIOS Helper Name: McAfee SiteAdvisor Service displayname: McAfee SiteAdvisor Service Name: MSIServer displayname: Windows Installer Name: MsMpSvc displayname: Microsoft Antimalware Service Name: Netman displayname: Network Connections Name: Nla displayname: Network Location Awareness (NLA) Name: PlugPlay displayname: Plug and Play Name: PolicyAgent displayname: IPSEC Services Name: ProtectedStorage displayname: Protected Storage Name: RasMan displayname: Remote Access Connection Manager Name: RichVideo displayname: Cyberlink RichVideo Service(CRVS) Name: RpcSs displayname: Remote Procedure Call (RPC) Name: SamSs displayname: Security Accounts Manager Name: Schedule displayname: Task Scheduler Name: seclogon displayname: Secondary Logon Name: SENS displayname: System Event Notification Name: SharedAccess displayname: Windows Firewall/Internet Connection Sharing (ICS) Name: ShellHWDetection displayname: Shell Hardware Detection Name: Spooler displayname: Print Spooler Name: srservice displayname: System Restore Service Name: SSDPSRV displayname: SSDP Discovery Service Name: stisvc displayname: Windows Image Acquisition (WIA) Name: TapiSrv displayname: Telephony Name: TermService displayname: Terminal Services Name: Themes displayname: Themes Name: TrkWks displayname: Distributed Link Tracking Client Name: W32Time displayname: Windows Time Name: WebClient displayname: WebClient Name: winmgmt displayname: Windows Management Instrumentation Name: wscsvc displayname: Security Center Name: wuauserv displayname: Automatic Updates Name: WZCSVC displayname: Wireless Zero Configuration Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service
  13. I got hit with the system fix virus and after trying everything I could think of I threw ComboFix at it(I know, risky, but I was desperate). ComboFix managed to restore my PC, but I ran Ad-Aware and it still found lots of objects. I can't run Real Player or Skype(everytime I try I get a Fatal Error or Disk I/O error), I've tried reinstalling Real Player but that didn't work. Everytime I open up INternet Explorer a message pops up telling me a program tried to change my default search engine. I don't know what to do to regain control and get some of my programs back up and running again...Help...
  14. Posting New HijackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:58:17 PM, on 12/20/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\Brmfrmps.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.beijing2008.cn/en_index.shtml R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://62.231.186.33/activex/AMC.cab O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 7543 bytes
  15. New HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:11:16 PM, on 12/19/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\Brmfrmps.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dllhost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.beijing2008.cn/en_index.shtml R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {113F2B42-FD88-45F6-9DEB-2D3463A8FC71} - (no file) O2 - BHO: (no name) - {35DE6FDE-4889-4B24-BE45-EC88FCA60EC8} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O2 - BHO: (no name) - {E65CF5EE-0566-4E71-AA01-635BE50D61D0} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://62.231.186.33/activex/AMC.cab O20 - Winlogon Notify: khfFVLBU - C:\WINDOWS\ O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 8566 bytes